Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

main.inc.php

Last change on this file was 28534, checked in by 22decembre, 10 years ago
add function to sync ldap and piwigo groups ldap groups correspond to webmasters and admin roles
File size: 5.3 KB

Line
1	<?php
2	/*
3	Plugin Name: Ldap_Login
4	Version: 1.2
5	Description: Allow piwigo authentication along an ldap
6	Plugin URI: http://www.22decembre.eu/2014/02/09/piwigo-ldap-login-v1-1/
7	Author: 22decembre
8	Author URI: http://www.22decembre.eu
9	*/
10	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
11
12	// +-----------------------------------------------------------------------+
13	// \| Define plugin constants \|
14	// +-----------------------------------------------------------------------+
15	define('LDAP_LOGIN_ID', basename(dirname(__FILE__)));
16	define('LDAP_LOGIN_PATH' , __DIR__ . '/');
17	define('LDAP_LOGIN_ADMIN', get_root_url() . 'admin.php?page=plugin-' . LDAP_LOGIN_ID);
18	define('LDAP_LOGIN_VERSION', '1.2');
19
20	include_once(LDAP_LOGIN_PATH.'/class.ldap.php');
21
22	// +-----------------------------------------------------------------------+
23	// \| Event handlers \|
24	// +-----------------------------------------------------------------------+
25
26	add_event_handler('init', 'ld_init');
27
28	add_event_handler('try_log_user','login', 0, 4);
29
30	add_event_handler('get_admin_plugin_menu_links', array(&$ldap, 'ldap_admin_menu'));
31
32	// +-----------------------------------------------------------------------+
33	// \| Admin menu loading \|
34	// +-----------------------------------------------------------------------+
35
36	$ldap = new Ldap();
37	$ldap->load_config();
38	set_plugin_data($plugin['id'], $ldap);
39	unset($ldap);
40
41	// +-----------------------------------------------------------------------+
42	// \| functions \|
43	// +-----------------------------------------------------------------------+
44
45	function random_password( $length = 8 ) {
46	$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_-=+;:,.?";
47	$password = substr( str_shuffle( $chars ), 0, $length );
48	return $password;
49	}
50
51	function ld_init(){
52	load_language('plugin.lang', LDAP_LOGIN_PATH);
53	global $conf;
54	}
55
56	function fail($username) {
57	trigger_action('login_failure', stripslashes($username));
58	return false;
59	}
60
61	function update_user($username,$id) {
62	$up = new Ldap();
63	$up->load_config();
64	$up->ldap_conn() or error_log("Unable to connect LDAP server : ".$up->getErrorString());
65
66	// update user piwigo rights / access according to ldap. Only if it's webmaster / admin, so no normal !
67	if($up->ldap_status($username) !='normal') {
68	single_update(USER_INFOS_TABLE,array('status' => $up->ldap_status($username)),array('user_id' => $id));
69	}
70
71	// search groups
72	$group_query = 'SELECT name, id FROM '.GROUPS_TABLE.';';
73
74	$result = pwg_query($group_query);
75	$inserts = array();
76	while ($row = pwg_db_fetch_assoc($result))
77	{
78	if($up->user_membership($username, $up->ldap_group($row['name']))) {
79	$inserts[] = array('user_id' => $id,'group_id' => $row['id']);
80	}
81	}
82
83	if (count($inserts) > 0)
84	{
85	mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $inserts,array('ignore'=>true));
86	}
87	}
88
89	function login($success, $username, $password, $remember_me){
90
91	global $conf;
92	$allow_auth = False;
93
94	$obj = new Ldap();
95	$obj->load_config();
96	$obj->ldap_conn() or error_log("Unable to connect LDAP server : ".$obj->getErrorString());
97
98	// if there's a users group...
99	if ($obj->config['users_group']) {
100	// and the user is in
101	if ($obj->user_membership($username,$obj->ldap_group($obj->config['users_group']))) {
102	// it can continue
103	$allow_auth = True;
104	}
105	else
106	{ // otherwise it means the user is not allowed to enter !
107	fail($username);
108	}
109	}
110	else {
111	// if there's no user group, we can continue.
112	$allow_auth = True;
113	}
114
115	if ($allow_auth) {
116	if ($obj->ldap_bind_as($username,$password)){ // bind with userdn
117	// search user in piwigo database
118	$query = '
119	SELECT '.$conf['user_fields']['id'].' AS id
120	FROM '.USERS_TABLE.'
121	WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\';';
122	$row = pwg_db_fetch_assoc(pwg_query($query));
123
124	// if query is not empty, it means everything is ok and we can continue, auth is done !
125	if (!empty($row['id'])) {
126	update_user($username,$row['id']);
127
128	log_user($row['id'], $remember_me);
129	trigger_action('login_success', stripslashes($username));
130
131	return True;
132	}
133
134	// if query is empty but ldap auth is done we can create a piwigo user if it's said so !
135	else {
136	// this is where we check we are allowed to create new users upon that.
137	if ($obj->config['allow_newusers']) {
138
139	// we got the email address
140	if ($obj->ldap_mail($username)) {
141	$mail = $obj->ldap_mail($username);
142	}
143	else {
144	$mail = NULL;
145	}
146
147	// we actually register the new user
148	$new_id = register_user($username,random_password(8),$mail);
149	update_user($username,$new_id);
150
151	// now we fetch again his id in the piwigo db, and we get them, as we just created him !
152	log_user($new_id, False);
153
154	trigger_action('login_success', stripslashes($username));
155
156	redirect('profile.php');
157	return true;
158	}
159	// else : this is the normal behavior ! user is not created.
160	else { fail($username); }
161	}
162	}
163	// ldap_bind_as was not successful
164	else { fail($username); }
165	}
166	// user is not allowed to auth or auth is wrong !
167	else { fail($username); }
168	}
169	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: extensions/Ldap_Login/main.inc.php

Download in other formats: