Changeset 27036 for extensions/Ldap_Login/main.inc.php

Timestamp:

Jan 29, 2014, 10:52:57 AM (10 years ago)

Author:

22decembre

Message:

version 1.0.1

add main function : ability to add new piwigo users when ldap is successful.
add danish language, must be reviewed

this version is not yet considered stable, as needed to be reviewed and commented by beta-testers

File:

• extensions/Ldap_Login/main.inc.php (modified) (1 diff)

extensions/Ldap_Login/main.inc.php

@@ -2 +2 @@
 /*
 Plugin Name: Ldap_Login
-Version: 0.1
-Description: Permet de se logger via une authentification ldap
-Plugin URI: http://www.22decembre.eu
+Version: 1.0.1
+Description: Allow piwigo authentication along an ldap
+Plugin URI: 
 Author: 22decembre
-Author URI:http://www.22decembre.eu
+Author URI: http://www.22decembre.eu
 */
-
 if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
 
-add_event_handler('try_login','ldap_login', 0, 4);
+// +-----------------------------------------------------------------------+
+// | Define plugin constants                                               |
+// +-----------------------------------------------------------------------+
+define('LDAP_LOGIN_ID',      basename(dirname(__FILE__)));
+define('LDAP_LOGIN_PATH' ,   PHPWG_PLUGINS_PATH . LDAP_LOGIN_ID . '/');
+define('LDAP_LOGIN_ADMIN',   get_root_url() . 'admin.php?page=plugin-' . LDAP_LOGIN_ID);
+define('LDAP_LOGIN_VERSION', '1.0.1');
 
-function ldap_login($username, $password, $remember_me, $success)
-{
-  #pwg_session_gc();
+include_once(LDAP_LOGIN_PATH.'/class.ldap.php');
 
-  global $conf;
-    $query = '
-SELECT '.$conf['user_fields']['id'].' AS id FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\'
-;';
+// +-----------------------------------------------------------------------+
+// | Event handlers                                                        |
+// +-----------------------------------------------------------------------+
+
+add_event_handler('init', 'ld_init');
+
+add_event_handler('try_log_user','login', 0, 4);
+
+add_event_handler('get_admin_plugin_menu_links', array(&$ldap, 'ldap_admin_menu'));
+
+// +-----------------------------------------------------------------------+
+// | Admin menu loading                                                    |
+// +-----------------------------------------------------------------------+
+
+$ldap = new Ldap();
+$ldap->load_config();
+set_plugin_data($plugin['id'], $ldap);
+unset($ldap);
+
+// +-----------------------------------------------------------------------+
+// | functions                                                             |
+// +-----------------------------------------------------------------------+
+
+function random_password( $length = 8 ) {
+    $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_-=+;:,.?";
+    $password = substr( str_shuffle( $chars ), 0, $length );
+    return $password;
+}
+
+function ld_init(){
+        load_language('plugin.lang', LDAP_LOGIN_PATH);
+}
+
+
+function login($success, $username, $password, $remember_me){
+
+        global $conf;
+        
+        $obj = new Ldap();
+        $obj->load_config();
+        $obj->ldap_conn() or die("Unable to connect LDAP server : ".$ldap->getErrorString());
+
+        if (!$obj->ldap_bind_as($username,$password)){ // bind with userdn
+                trigger_action('login_failure', stripslashes($username));
+                return false; // wrong password
+        }
+
+        // search user in piwigo database
+$query = 'SELECT '.$conf['user_fields']['id'].' AS id FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\' ;';
 
   $row = pwg_db_fetch_assoc(pwg_query($query));
 
-    // Vérification de l'authentification
-    if (ldap_log($username,$password)) {
+  // if query is not empty, it means everything is ok and we can continue, auth is done !
+        if (!empty($row['id'])) {
+                log_user($row['id'], $remember_me);
+                trigger_action('login_success', stripslashes($username));
+                return true;
+        }
+        
+        // if query is empty but ldap auth is done we can create a piwigo user if it's said so !
+        else {
+                // this is where we check we are allowed to create new users upon that.
+                if ($obj->config['allow_newusers']) {
+                        
+                        // we got the email address
+                        if ($obj->ldap_mail($username)) {
+                                $mail = $obj->ldap_mail($username);
+                        }
+                        else {
+                                $mail = NULL;
+                        }
+                        
+                        // we actually register the new user
+                        $new_id = register_user($username,random_password(8),$mail);
+                        
+                        // now we fetch again his id in the piwigo db, and we get them, as we just created him !
+                        //$query = 'SELECT '.$conf['user_fields']['id'].' AS id FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\' ;';
+                        //$row = pwg_db_fetch_assoc(pwg_query($query));
 
-        log_user($row['id'], $remember_me);
-        trigger_action('login_success', stripslashes($username));
-        return true;
-        }
-    else
-    {
-    trigger_action('login_failure', stripslashes($username));
-    return false;
-    }
+                        log_user($new_id, False);
+                        trigger_action('login_success', stripslashes($username));
+                        redirect('profile.php');
+                        return true;
+                }
+                // else : this is the normal behavior ! user is not created.
+                else {
+                trigger_action('login_failure', stripslashes($username));
+                return false;
+                }
+        }
 }
 
-function ldap_log($user,$pass)
-{
-$obj = new Ldap();
-$obj->load_config();
-
-// Eléments d'authentification LDAP
-$ldaprdn  = $obj->config['pref'].$user.$obj->config['basedn'];     // DN ou RDN LDAP
-//$ldappass = 'password';  // Mot de passe associé
-
-// Connexion au serveur LDAP
-$ldapconn = ldap_connect($obj->config['host'])
-    or die("Impossible de se connecter au serveur LDAP.");
-    
-ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
-
-if ($ldapconn) {
-
-    // Connexion au serveur LDAP
-    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $pass);
-    
-    // Vérification de l'authentification
-    if ($ldapbind) {
-       // echo "Connexion LDAP réussie...";
-        return true;
-    } else {
-       // echo "Connexion LDAP échouée...";
-      return false;
-    }
-
-}
-}
-
-class Ldap
-{
-    var $config;
-    function load_config()
-    {
-        $x = @file_get_contents( dirname(__FILE__).'/data.dat' );
-        if ($x!==false)
-        {
-            $c = unserialize($x);
-            // do some more tests here
-            $this->config = $c;
-        }
- 
-        if ( !isset($this->config)
-            or empty($this->config['Test']) )
-        {
-            $this->config['host']       = 'localhost';
-            $this->config['basedn']     = ',ou=utilisateurs,dc=22decembre,dc=eu';
-            $this->config['pref']       = 'uid=';
-            $this->save_config();
-        }
-    }
-    function save_config()
-    {
-        $file = fopen( dirname(__FILE__).'/data.dat', 'w' );
-        fwrite($file, serialize($this->config) );
-        fclose( $file );
-    }
-
-    function ldap_admin_menu($menu)
-    {
-    array_push($menu,
-        array(
-        'NAME' => 'Ldap Login',
-        'URL' => get_admin_plugin_menu_link(dirname(__FILE__).'/admin/ldap_login_plugin_admin.php') )
-        );
-      
-    return $menu;
-    }
-}
-
-$ldap = new Ldap();
-$ldap->load_config();
-add_event_handler('get_admin_plugin_menu_links', array(&$ldap, 'ldap_admin_menu'));
-set_plugin_data($plugin['id'], $ldap);
-
 ?>