valid_user = FALSE; $this->settings = array(); $this->db = $db; $this->secKey = NULL; $this->pubKey = NULL; $this->ldap = NULL; } public function login($uid, $pwd) { $con = Persistens::getInstance($this->db); if ($this->useLDAP() && $uid != 'admin') { if ($this->authLDAP($uid, $pwd)) { // check user exists. Internal password sha1 hash of uid $pwd = sha1($uid); //echo "$uid:$pwd
"; //exit; $settings = array_change_key_case( $con->authenticate($uid, $pwd)); //print_r($settings); //exit; if (is_array($settings) && count($settings) > 0) { // user found $this->valid_user = TRUE; } else if (is_array($settings) && count($settings) == 0) { // User not found if ($con->getRole($uid)) { // A user with this uid exists. We cannot create $this->valid_user = FALSE; if (session_id()) session_destroy(); header('Location: ' . WEB_ROOT . 'user_exist_error.php'); exit; } else { // User does not exist so create a normal user $data = create_user_data($uid, $pwd, 2); if ($con->newUser($data) === FALSE) { $this->valid_user = FALSE; if (session_id()) session_destroy(); header('Location: ' . WEB_ROOT . 'error.html'); exit; } $settings = array_change_key_case( $con->authenticate($uid, $pwd)); if (count($settings) == 0) { $this->valid_user = FALSE; } else { $this->valid_user = TRUE; } } } else { $this->valid_user = FALSE; if (session_id()) session_destroy(); header('Location: ' . WEB_ROOT . 'error.html'); exit; } } else { $this->valid_user = FALSE; } } else { $settings = array_change_key_case( $con->authenticate($uid, $pwd)); if (count($settings) == 0) { $this->valid_user = FALSE; } else { $this->valid_user = TRUE; } } if ($this->valid_user == TRUE) { $setting = array(); $this->settings = array(); foreach ($settings as $row) { $this->secKey = $row['seckey']; $this->pubKey = $row['pubkey']; foreach ($row as $key => $val) { if ($key != 'seckey' || $key != 'pubkey') $setting[$key] = $val; } array_push($this->settings, $setting); } } } public function logout() { $this->valid_user = false; $this->key = NULL; } public function validUser() { return $this->valid_user; } public function getSettings() { return $this->settings; } public function getSecretKey() { return $this->secKey; } public function getPublicKey() { return $this->pubKey; } private function useLDAP() { $con = Persistens::getInstance($this->db); $version = $con->getVersion(); $version = string2int($version['version']); //print_r($version); if ($version < 175) { // no LDAP before 0.7.5 return FALSE; } $this->ldap = $con->getLdapConfig(); if (! is_array($this->ldap) && $this->ldap) { $this->ldap = NULL; if (session_id()) session_destroy(); header('Location: ' . WEB_ROOT . 'error.html'); exit; } return ($this->ldap && $this->ldap['enable'] !== 0); } private function authLDAP($uid, $pwd) { $res = false; $ver = 3; // ldap_bind always accepts login if password is empty since and // empty password will be considered a try to make an anonymous login if ($this->ldap && $uid && $pwd && !empty($pwd)) { $dns = $this->ldap['dns']; $dn = $this->ldap['user_attr'] . "=$uid," . $this->ldap['base_dn']; $lc = ldap_connect($dns); if ($lc) { if (ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, 3) === false) { if (ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, 2) === FALSE) return $res; $ver = 2; } if ($this->ldap['tls']) { if ($ver < 3) return $res; if (ldap_start_tls($lc) === false) return $res; } //echo "$ver: $dn\n"; if (@ldap_bind($lc, $dn, $pwd)) $res = true; ldap_close($lc); } } return $res; } }