[19261] | 1 | <?php |
---|
| 2 | /* |
---|
| 3 | Plugin Name: Ldap_Login |
---|
[27036] | 4 | Version: 1.0.1 |
---|
| 5 | Description: Allow piwigo authentication along an ldap |
---|
| 6 | Plugin URI: |
---|
[19261] | 7 | Author: 22decembre |
---|
[27036] | 8 | Author URI: http://www.22decembre.eu |
---|
[19261] | 9 | */ |
---|
| 10 | if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!'); |
---|
| 11 | |
---|
[27036] | 12 | // +-----------------------------------------------------------------------+ |
---|
| 13 | // | Define plugin constants | |
---|
| 14 | // +-----------------------------------------------------------------------+ |
---|
| 15 | define('LDAP_LOGIN_ID', basename(dirname(__FILE__))); |
---|
| 16 | define('LDAP_LOGIN_PATH' , PHPWG_PLUGINS_PATH . LDAP_LOGIN_ID . '/'); |
---|
| 17 | define('LDAP_LOGIN_ADMIN', get_root_url() . 'admin.php?page=plugin-' . LDAP_LOGIN_ID); |
---|
| 18 | define('LDAP_LOGIN_VERSION', '1.0.1'); |
---|
[19261] | 19 | |
---|
[27036] | 20 | include_once(LDAP_LOGIN_PATH.'/class.ldap.php'); |
---|
[19261] | 21 | |
---|
[27036] | 22 | // +-----------------------------------------------------------------------+ |
---|
| 23 | // | Event handlers | |
---|
| 24 | // +-----------------------------------------------------------------------+ |
---|
[19261] | 25 | |
---|
[27036] | 26 | add_event_handler('init', 'ld_init'); |
---|
[19261] | 27 | |
---|
[27036] | 28 | add_event_handler('try_log_user','login', 0, 4); |
---|
[19261] | 29 | |
---|
[27036] | 30 | add_event_handler('get_admin_plugin_menu_links', array(&$ldap, 'ldap_admin_menu')); |
---|
| 31 | |
---|
| 32 | // +-----------------------------------------------------------------------+ |
---|
| 33 | // | Admin menu loading | |
---|
| 34 | // +-----------------------------------------------------------------------+ |
---|
| 35 | |
---|
| 36 | $ldap = new Ldap(); |
---|
| 37 | $ldap->load_config(); |
---|
| 38 | set_plugin_data($plugin['id'], $ldap); |
---|
| 39 | unset($ldap); |
---|
| 40 | |
---|
| 41 | // +-----------------------------------------------------------------------+ |
---|
| 42 | // | functions | |
---|
| 43 | // +-----------------------------------------------------------------------+ |
---|
| 44 | |
---|
| 45 | function random_password( $length = 8 ) { |
---|
| 46 | $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_-=+;:,.?"; |
---|
| 47 | $password = substr( str_shuffle( $chars ), 0, $length ); |
---|
| 48 | return $password; |
---|
[19261] | 49 | } |
---|
| 50 | |
---|
[27036] | 51 | function ld_init(){ |
---|
| 52 | load_language('plugin.lang', LDAP_LOGIN_PATH); |
---|
| 53 | } |
---|
[19261] | 54 | |
---|
| 55 | |
---|
[27036] | 56 | function login($success, $username, $password, $remember_me){ |
---|
[19261] | 57 | |
---|
[27036] | 58 | global $conf; |
---|
| 59 | |
---|
| 60 | $obj = new Ldap(); |
---|
| 61 | $obj->load_config(); |
---|
| 62 | $obj->ldap_conn() or die("Unable to connect LDAP server : ".$ldap->getErrorString()); |
---|
[19261] | 63 | |
---|
[27036] | 64 | if (!$obj->ldap_bind_as($username,$password)){ // bind with userdn |
---|
| 65 | trigger_action('login_failure', stripslashes($username)); |
---|
| 66 | return false; // wrong password |
---|
| 67 | } |
---|
[19261] | 68 | |
---|
[27036] | 69 | // search user in piwigo database |
---|
| 70 | $query = 'SELECT '.$conf['user_fields']['id'].' AS id FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\' ;'; |
---|
[19261] | 71 | |
---|
[27036] | 72 | $row = pwg_db_fetch_assoc(pwg_query($query)); |
---|
[19261] | 73 | |
---|
[27036] | 74 | // if query is not empty, it means everything is ok and we can continue, auth is done ! |
---|
| 75 | if (!empty($row['id'])) { |
---|
| 76 | log_user($row['id'], $remember_me); |
---|
| 77 | trigger_action('login_success', stripslashes($username)); |
---|
| 78 | return true; |
---|
| 79 | } |
---|
| 80 | |
---|
| 81 | // if query is empty but ldap auth is done we can create a piwigo user if it's said so ! |
---|
| 82 | else { |
---|
| 83 | // this is where we check we are allowed to create new users upon that. |
---|
| 84 | if ($obj->config['allow_newusers']) { |
---|
| 85 | |
---|
| 86 | // we got the email address |
---|
| 87 | if ($obj->ldap_mail($username)) { |
---|
| 88 | $mail = $obj->ldap_mail($username); |
---|
| 89 | } |
---|
| 90 | else { |
---|
| 91 | $mail = NULL; |
---|
| 92 | } |
---|
| 93 | |
---|
| 94 | // we actually register the new user |
---|
| 95 | $new_id = register_user($username,random_password(8),$mail); |
---|
| 96 | |
---|
| 97 | // now we fetch again his id in the piwigo db, and we get them, as we just created him ! |
---|
| 98 | //$query = 'SELECT '.$conf['user_fields']['id'].' AS id FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\' ;'; |
---|
| 99 | //$row = pwg_db_fetch_assoc(pwg_query($query)); |
---|
| 100 | |
---|
| 101 | log_user($new_id, False); |
---|
| 102 | trigger_action('login_success', stripslashes($username)); |
---|
| 103 | redirect('profile.php'); |
---|
| 104 | return true; |
---|
| 105 | } |
---|
| 106 | // else : this is the normal behavior ! user is not created. |
---|
| 107 | else { |
---|
| 108 | trigger_action('login_failure', stripslashes($username)); |
---|
| 109 | return false; |
---|
| 110 | } |
---|
| 111 | } |
---|
[19261] | 112 | } |
---|
| 113 | |
---|
[27036] | 114 | ?> |
---|