[19261] | 1 | <?php |
---|
| 2 | /* |
---|
| 3 | Plugin Name: Ldap_Login |
---|
[28534] | 4 | Version: 1.2 |
---|
[27036] | 5 | Description: Allow piwigo authentication along an ldap |
---|
[27286] | 6 | Plugin URI: http://www.22decembre.eu/2014/02/09/piwigo-ldap-login-v1-1/ |
---|
[19261] | 7 | Author: 22decembre |
---|
[27036] | 8 | Author URI: http://www.22decembre.eu |
---|
[19261] | 9 | */ |
---|
| 10 | if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!'); |
---|
| 11 | |
---|
[27036] | 12 | // +-----------------------------------------------------------------------+ |
---|
| 13 | // | Define plugin constants | |
---|
| 14 | // +-----------------------------------------------------------------------+ |
---|
| 15 | define('LDAP_LOGIN_ID', basename(dirname(__FILE__))); |
---|
[28534] | 16 | define('LDAP_LOGIN_PATH' , __DIR__ . '/'); |
---|
[27036] | 17 | define('LDAP_LOGIN_ADMIN', get_root_url() . 'admin.php?page=plugin-' . LDAP_LOGIN_ID); |
---|
[28534] | 18 | define('LDAP_LOGIN_VERSION', '1.2'); |
---|
[19261] | 19 | |
---|
[27036] | 20 | include_once(LDAP_LOGIN_PATH.'/class.ldap.php'); |
---|
[19261] | 21 | |
---|
[27036] | 22 | // +-----------------------------------------------------------------------+ |
---|
| 23 | // | Event handlers | |
---|
| 24 | // +-----------------------------------------------------------------------+ |
---|
[19261] | 25 | |
---|
[27036] | 26 | add_event_handler('init', 'ld_init'); |
---|
[19261] | 27 | |
---|
[27036] | 28 | add_event_handler('try_log_user','login', 0, 4); |
---|
[19261] | 29 | |
---|
[27036] | 30 | add_event_handler('get_admin_plugin_menu_links', array(&$ldap, 'ldap_admin_menu')); |
---|
| 31 | |
---|
| 32 | // +-----------------------------------------------------------------------+ |
---|
| 33 | // | Admin menu loading | |
---|
| 34 | // +-----------------------------------------------------------------------+ |
---|
| 35 | |
---|
| 36 | $ldap = new Ldap(); |
---|
| 37 | $ldap->load_config(); |
---|
| 38 | set_plugin_data($plugin['id'], $ldap); |
---|
| 39 | unset($ldap); |
---|
| 40 | |
---|
| 41 | // +-----------------------------------------------------------------------+ |
---|
| 42 | // | functions | |
---|
| 43 | // +-----------------------------------------------------------------------+ |
---|
| 44 | |
---|
| 45 | function random_password( $length = 8 ) { |
---|
| 46 | $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_-=+;:,.?"; |
---|
| 47 | $password = substr( str_shuffle( $chars ), 0, $length ); |
---|
| 48 | return $password; |
---|
[19261] | 49 | } |
---|
| 50 | |
---|
[27036] | 51 | function ld_init(){ |
---|
| 52 | load_language('plugin.lang', LDAP_LOGIN_PATH); |
---|
[28534] | 53 | global $conf; |
---|
[27036] | 54 | } |
---|
[19261] | 55 | |
---|
[28534] | 56 | function fail($username) { |
---|
| 57 | trigger_action('login_failure', stripslashes($username)); |
---|
| 58 | return false; |
---|
| 59 | } |
---|
[19261] | 60 | |
---|
[28534] | 61 | function update_user($username,$id) { |
---|
| 62 | $up = new Ldap(); |
---|
| 63 | $up->load_config(); |
---|
| 64 | $up->ldap_conn() or error_log("Unable to connect LDAP server : ".$up->getErrorString()); |
---|
| 65 | |
---|
| 66 | // update user piwigo rights / access according to ldap. Only if it's webmaster / admin, so no normal ! |
---|
| 67 | if($up->ldap_status($username) !='normal') { |
---|
| 68 | single_update(USER_INFOS_TABLE,array('status' => $up->ldap_status($username)),array('user_id' => $id)); |
---|
| 69 | } |
---|
| 70 | |
---|
| 71 | // search groups |
---|
| 72 | $group_query = 'SELECT name, id FROM '.GROUPS_TABLE.';'; |
---|
| 73 | |
---|
| 74 | $result = pwg_query($group_query); |
---|
| 75 | $inserts = array(); |
---|
| 76 | while ($row = pwg_db_fetch_assoc($result)) |
---|
| 77 | { |
---|
| 78 | if($up->user_membership($username, $up->ldap_group($row['name']))) { |
---|
| 79 | $inserts[] = array('user_id' => $id,'group_id' => $row['id']); |
---|
| 80 | } |
---|
| 81 | } |
---|
| 82 | |
---|
| 83 | if (count($inserts) > 0) |
---|
| 84 | { |
---|
| 85 | mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $inserts,array('ignore'=>true)); |
---|
| 86 | } |
---|
| 87 | } |
---|
| 88 | |
---|
[27036] | 89 | function login($success, $username, $password, $remember_me){ |
---|
[19261] | 90 | |
---|
[27036] | 91 | global $conf; |
---|
[28534] | 92 | $allow_auth = False; |
---|
[27036] | 93 | |
---|
| 94 | $obj = new Ldap(); |
---|
| 95 | $obj->load_config(); |
---|
[28534] | 96 | $obj->ldap_conn() or error_log("Unable to connect LDAP server : ".$obj->getErrorString()); |
---|
| 97 | |
---|
| 98 | // if there's a users group... |
---|
| 99 | if ($obj->config['users_group']) { |
---|
| 100 | // and the user is in |
---|
| 101 | if ($obj->user_membership($username,$obj->ldap_group($obj->config['users_group']))) { |
---|
| 102 | // it can continue |
---|
| 103 | $allow_auth = True; |
---|
| 104 | } |
---|
| 105 | else |
---|
| 106 | { // otherwise it means the user is not allowed to enter ! |
---|
| 107 | fail($username); |
---|
| 108 | } |
---|
[27036] | 109 | } |
---|
[28534] | 110 | else { |
---|
| 111 | // if there's no user group, we can continue. |
---|
| 112 | $allow_auth = True; |
---|
| 113 | } |
---|
| 114 | |
---|
| 115 | if ($allow_auth) { |
---|
| 116 | if ($obj->ldap_bind_as($username,$password)){ // bind with userdn |
---|
| 117 | // search user in piwigo database |
---|
| 118 | $query = ' |
---|
| 119 | SELECT '.$conf['user_fields']['id'].' AS id |
---|
| 120 | FROM '.USERS_TABLE.' |
---|
| 121 | WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\';'; |
---|
| 122 | $row = pwg_db_fetch_assoc(pwg_query($query)); |
---|
[19261] | 123 | |
---|
[28534] | 124 | // if query is not empty, it means everything is ok and we can continue, auth is done ! |
---|
| 125 | if (!empty($row['id'])) { |
---|
| 126 | update_user($username,$row['id']); |
---|
| 127 | |
---|
| 128 | log_user($row['id'], $remember_me); |
---|
| 129 | trigger_action('login_success', stripslashes($username)); |
---|
| 130 | |
---|
| 131 | return True; |
---|
| 132 | } |
---|
[27036] | 133 | |
---|
[28534] | 134 | // if query is empty but ldap auth is done we can create a piwigo user if it's said so ! |
---|
[27036] | 135 | else { |
---|
[28534] | 136 | // this is where we check we are allowed to create new users upon that. |
---|
| 137 | if ($obj->config['allow_newusers']) { |
---|
[27036] | 138 | |
---|
[28534] | 139 | // we got the email address |
---|
| 140 | if ($obj->ldap_mail($username)) { |
---|
| 141 | $mail = $obj->ldap_mail($username); |
---|
| 142 | } |
---|
| 143 | else { |
---|
| 144 | $mail = NULL; |
---|
| 145 | } |
---|
| 146 | |
---|
| 147 | // we actually register the new user |
---|
| 148 | $new_id = register_user($username,random_password(8),$mail); |
---|
| 149 | update_user($username,$new_id); |
---|
[27036] | 150 | |
---|
[28534] | 151 | // now we fetch again his id in the piwigo db, and we get them, as we just created him ! |
---|
| 152 | log_user($new_id, False); |
---|
| 153 | |
---|
| 154 | trigger_action('login_success', stripslashes($username)); |
---|
| 155 | |
---|
| 156 | redirect('profile.php'); |
---|
| 157 | return true; |
---|
| 158 | } |
---|
| 159 | // else : this is the normal behavior ! user is not created. |
---|
| 160 | else { fail($username); } |
---|
| 161 | } |
---|
[27036] | 162 | } |
---|
[28534] | 163 | // ldap_bind_as was not successful |
---|
| 164 | else { fail($username); } |
---|
| 165 | } |
---|
| 166 | // user is not allowed to auth or auth is wrong ! |
---|
| 167 | else { fail($username); } |
---|
[19261] | 168 | } |
---|
[27036] | 169 | ?> |
---|