Hi,
I am currently using DL 0.8 . It is time to change the DL version 0.12.
My DL 0.8 source code was modified to allow user authentication directly with
AD (with the help of Yuri). My auth.php (DL 0.8) file below works for users AD
authentification and show all the change we need.
Now I have to make the same changes to the new version of DL. The auth.php file
no longer exists, the parameters of the new file sessauth.php have changed.
Everything need to reproduce and again modify the source code.
I think the ideal solution would be to use users AD authentification without
having to modify the source code.
Is someone use user AD authentification ? and how he do it ?
Regards.
Below my auth.php (DL 0.8)
<?php
// initialize the session and authorization
function authenticate()
{
global $db, $authRealm;
// external authentication (built-in methods)
foreach(Array('PHP_AUTH_USER', 'REMOTE_USER', 'REDIRECT_REMOTE_USER') as $key)
{
if(isset($_SERVER[$key]))
{
$remoteUser = $_SERVER[$key];
break;
}
}
// authentication attempt
if(!isset($remoteUser))
{
if(empty($_REQUEST['u']) || !isset($_POST['p']))
{
// simple logout
return false;
}
$user = $_REQUEST['u'];
$pass = md5($_POST['p']);
}
else
{
if(isset($_REQUEST['u']) && empty($_REQUEST['u']))
{
// remote logout
Header('HTTP/1.0 401 Unauthorized');
Header('WWW-Authenticate: Basic realm="' . $authRealm . '"');
includeTemplate('style/include/rmtlogout.php');
return null;
}
$user = $remoteUser;
}
if(!isset($remoteUser) && !empty($_REQUEST['p']))
{
$dc = "YYYYYYYYYY";
$domain = "XXXXXXXXX";
$ldap = ldap_connect("ldap://".$dc, 389);
$mbpass = mb_convert_encoding($_REQUEST['p'], "ISO-8859-1");
$okpass = (@ldap_bind($ldap, $domain . '\\' . $user, $mbpass)? true: false);
// $okpass = (@ldap_bind($ldap, $domain . '\\' . $user, $_REQUEST['p'])?
true: false);
if($okpass) $remoteUser = $user;
// RECOVER email adress in AD
$filter = "(&(objectClass=user)(samaccountname=".$user.")(cn=*))";
$sr=ldap_search($ldap, "OU=XXXXXXX,DC=XXXXX,DC=XXXXX", "$filter");
$info = ldap_get_entries($ldap, $sr);
$_SESSION['mail'] = $info[0]["mail"][0];
$mailutilisateur = $info[0]["mail"][0];
// BEGIN add email if no exist
if(empty($_SESSION['mail']))
{
$_SESSION['mail'] = "nore...@xxx.xx";
}
// END : add email
}
// verify if we have administration rights
$sql = "SELECT u.id, u.name, pass_md5, admin FROM user u"
. " LEFT JOIN role r ON r.id = u.role_id"
. " WHERE u.name = " . $db->quote($user);
$DATA = $db->query($sql)->fetch();
if($DATA !== false)
$okpass = (isset($remoteUser) || ($pass === $DATA['pass_md5']));
else
{
$okpass = isset($remoteUser);
if($okpass)
{
// create a stub user and get the id
$sql = "INSERT INTO user (name, role_id) VALUES (";
$sql .= $db->quote($user);
$sql .= ", (SELECT id FROM role WHERE name = 'user')";
$sql .= ")";
if($db->exec($sql) != 1) return false;
// fetch defaults
$sql = "SELECT u.id, u.name, admin FROM user u";
$sql .= " LEFT JOIN role r ON r.id = u.role_id";
$sql .= " WHERE u.name = " . $db->quote($user);
$DATA = $db->query($sql)->fetch();
}
}
if(!$okpass) return false;
// ADD USER IN LOG FILE
logEvent("Connexion de : $user - $mailutilisateur" );
// END
return $DATA;
}
if(!isset($_SESSION["auth"]) || isset($_REQUEST['u']))
{
$_SESSION["auth"] = authenticate();
if($_SESSION["auth"] === null)
{
session_destroy();
exit();
}
}
?>
__________________________
Avant d'imprimer, pensez à l'environnement ! Please consider the environment
before printing !
Ce message et toutes ses pièces jointes sont confidentiels et établis à
l'intention exclusive de ses destinataires. Toute utilisation non conforme à sa
destination, toute diffusion ou toute publication, totale ou partielle, est
interdite, sauf autorisation expresse. IFP Energies nouvelles décline toute
responsabilité au titre de ce message. This message and any attachments are
confidential and intended solely for the addressees. Any unauthorised use or
dissemination is prohibited. IFP Energies nouvelles should not be liable for
this message.
__________________________
