| [ Index ] |
|
Code source de dotProject 2.1 RC1 |
1 <?php 2 // $Id: authenticator.class.php,v 1.13.2.2 2007/02/17 01:44:39 ajdonnison Exp $ 3 if (!defined('DP_BASE_DIR')){ 4 die('You should not access this file directly'); 5 } 6 7 /* 8 * Authenticator Class 9 * 10 */ 11 12 13 function &getAuth($auth_mode) 14 { 15 switch($auth_mode) 16 { 17 case "ldap": 18 $auth = new LDAPAuthenticator(); 19 return $auth; 20 break; 21 case "pn": 22 $auth = new PostNukeAuthenticator(); 23 return $auth; 24 break; 25 default: 26 $auth = new SQLAuthenticator(); 27 return $auth; 28 break; 29 } 30 } 31 32 /** 33 * PostNuke authentication has encoded information 34 * passed in on the login request. This needs to 35 * be extracted and verified. 36 */ 37 class PostNukeAuthenticator extends SQLAuthenticator 38 { 39 40 function PostNukeAuthenticator() 41 { 42 global $dPconfig; 43 $this->fallback = isset($dPconfig['postnuke_allow_login']) ? $dPconfig['postnuke_allow_login'] : false; 44 } 45 46 function authenticate($username, $password) 47 { 48 global $db, $AppUI; 49 if (!isset($_REQUEST['userdata'])) { // fallback to SQL Authentication if PostNuke fails. 50 if ($this->fallback) 51 return parent::authenticate($username, $password); 52 else { 53 die($AppUI->_('You have not configured your PostNuke site correctly')); 54 } 55 } 56 57 if (! $compressed_data = base64_decode(urldecode($_REQUEST['userdata']))) { 58 die($AppUI->_('The credentials supplied were missing or corrupted') . ' (1)'); 59 } 60 if (! $userdata = gzuncompress($compressed_data)) { 61 die($AppUI->_('The credentials supplied were missing or corrupted') . ' (2)'); 62 } 63 if (! $_REQUEST['check'] = md5($userdata)) { 64 die ($AppUI->_('The credentials supplied were issing or corrupted') . ' (3)'); 65 } 66 $user_data = unserialize($userdata); 67 68 // Now we need to check if the user already exists, if so we just 69 // update. If not we need to create a new user and add a default 70 // role. 71 $username = trim($user_data['login']); 72 $this->username = $username; 73 $names = explode(' ', trim($user_data['name'])); 74 $last_name = array_pop($names); 75 $first_name = implode(' ', $names); 76 $passwd = trim($user_data['passwd']); 77 $email = trim($user_data['email']); 78 79 $q = new DBQuery; 80 $q->addTable('users'); 81 $q->addQuery('user_id, user_password, user_contact'); 82 $q->addWhere("user_username = '$username'"); 83 if (! $rs = $q->exec()) { 84 die($AppUI->_('Failed to get user details') . ' - error was ' . $db->ErrorMsg()); 85 } 86 if ( $rs->RecordCount() < 1) { 87 $q->clear(); 88 $this->createsqluser($username, $passwd, $email, $first_name, $last_name); 89 } else { 90 if (! $row = $rs->FetchRow()) 91 die($AppUI->_('Failed to retrieve user detail')); 92 // User exists, update the user details. 93 $this->user_id = $row['user_id']; 94 $q->clear(); 95 $q->addTable('users'); 96 $q->addUpdate('user_password', $passwd); 97 $q->addWhere("user_id = {$this->user_id}"); 98 if (! $q->exec()) { 99 die($AppUI->_('Could not update user credentials')); 100 } 101 $q->clear(); 102 $q->addTable('contacts'); 103 $q->addUpdate('contact_first_name', $first_name); 104 $q->addUpdate('contact_last_name', $last_name); 105 $q->addUpdate('contact_email', $email); 106 $q->addWhere("contact_id = {$row['user_contact']}"); 107 if (! $q->exec()) { 108 die($AppUI->_('Could not update user details')); 109 } 110 $q->clear(); 111 } 112 return true; 113 } 114 115 function createsqluser($username, $password, $email, $first, $last) 116 { 117 GLOBAL $db, $AppUI; 118 119 require_once($AppUI->getModuleClass("contacts")); 120 121 $c = New CContact(); 122 $c->contact_first_name = $first; 123 $c->contact_last_name = $last; 124 $c->contact_email = $email; 125 $c->contact_order_by = "$last, $first"; 126 127 db_insertObject('contacts', $c, 'contact_id'); 128 $contact_id = ($c->contact_id == NULL) ? "NULL" : $c->contact_id; 129 if (! $c->contact_id) 130 die($AppUI->_('Failed to create user details')); 131 132 $q = new DBQuery; 133 $q->addTable('users'); 134 $q->addInsert('user_username',$username ); 135 $q->addInsert('user_password', $password); 136 $q->addInsert('user_type', '1'); 137 $q->addInsert('user_contact', $c->contact_id); 138 if (! $q->exec()) 139 die($AppUI->_('Failed to create user credentials')); 140 $user_id = $db->Insert_ID(); 141 $this->user_id = $user_id; 142 $q->clear(); 143 144 $acl =& $AppUI->acl(); 145 $acl->insertUserRole($acl->get_group_id('anon'), $this->user_id); 146 } 147 } 148 149 class SQLAuthenticator 150 { 151 var $user_id; 152 var $username; 153 154 function authenticate($username, $password) 155 { 156 GLOBAL $db, $AppUI; 157 158 $this->username = $username; 159 160 $q = new DBQuery; 161 $q->addTable('users'); 162 $q->addQuery('user_id, user_password'); 163 $q->addWhere("user_username = '$username'"); 164 if (!$rs = $q->exec()) { 165 $q->clear(); 166 return false; 167 } 168 if (!$row = $q->fetchRow()) { 169 $q->clear(); 170 return false; 171 } 172 173 $this->user_id = $row["user_id"]; 174 $q->clear(); 175 if (MD5($password) == $row["user_password"]) return true; 176 return false; 177 } 178 179 function userId() 180 { 181 return $this->user_id; 182 } 183 } 184 185 class LDAPAuthenticator extends SQLAuthenticator 186 { 187 var $ldap_host; 188 var $ldap_port; 189 var $ldap_version; 190 var $base_dn; 191 var $ldap_search_user; 192 var $ldap_search_pass; 193 var $filter; 194 195 var $user_id; 196 var $username; 197 198 function LDAPAuthenticator() 199 { 200 GLOBAL $dPconfig; 201 202 $this->fallback = isset($dPconfig['ldap_allow_login']) ? $dPconfig['ldap_allow_login'] : false; 203 204 $this->ldap_host = $dPconfig["ldap_host"]; 205 $this->ldap_port = $dPconfig["ldap_port"]; 206 $this->ldap_version = $dPconfig["ldap_version"]; 207 $this->base_dn = $dPconfig["ldap_base_dn"]; 208 $this->ldap_search_user = $dPconfig["ldap_search_user"]; 209 $this->ldap_search_pass = $dPconfig["ldap_search_pass"]; 210 $this->filter = $dPconfig["ldap_user_filter"]; 211 } 212 213 function authenticate($username, $password) 214 { 215 GLOBAL $dPconfig; 216 $this->username = $username; 217 218 if (strlen($password) == 0) return false; // LDAP will succeed binding with no password on AD (defaults to anon bind) 219 if ($this->fallback == true) 220 { 221 if (parent::authenticate($username, $password)) return true; 222 } 223 // Fallback SQL authentication fails, proceed with LDAP 224 225 if (!$rs = @ldap_connect($this->ldap_host, $this->ldap_port)) 226 { 227 return false; 228 } 229 @ldap_set_option($rs, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version); 230 @ldap_set_option($rs, LDAP_OPT_REFERRALS, 0); 231 232 //$ldap_bind_dn = "cn=".$this->ldap_search_user.",".$this->base_dn; 233 $ldap_bind_dn = empty($this->ldap_search_user) ? NULL : $this->ldap_search_user; 234 $ldap_bind_pw = empty($this->ldap_search_pass) ? NULL : $this->ldap_search_pass; 235 236 if (!$bindok = @ldap_bind($rs, $ldap_bind_dn, $this->ldap_search_pass)) 237 { 238 // Uncomment for LDAP debugging 239 /* 240 $error_msg = ldap_error($rs); 241 die("Couldnt Bind Using ".$ldap_bind_dn."@".$this->ldap_host.":".$this->ldap_port." Because:".$error_msg); 242 */ 243 return false; 244 } 245 else 246 { 247 $filter_r = str_replace("%USERNAME%", $username, $this->filter); 248 $result = @ldap_search($rs, $this->base_dn, $filter_r); 249 if (!$result) return false; // ldap search returned nothing or error 250 251 $result_user = ldap_get_entries($rs, $result); 252 if ($result_user["count"] == 0) return false; // No users match the filter 253 254 $first_user = $result_user[0]; 255 $ldap_user_dn = $first_user["dn"]; 256 257 // Bind with the dn of the user that matched our filter (only one user should match sAMAccountName or uid etc..) 258 259 if (!$bind_user = @ldap_bind($rs, $ldap_user_dn, $password)) 260 { 261 /* 262 $error_msg = ldap_error($rs); 263 die("Couldnt Bind Using ".$ldap_user_dn."@".$this->ldap_host.":".$this->ldap_port." Because:".$error_msg); 264 */ 265 return false; 266 } 267 else 268 { 269 if ($this->userExists($username)) 270 { 271 return true; 272 } 273 else 274 { 275 $this->createsqluser($username, $password, $first_user); 276 } 277 return true; 278 } 279 } 280 } 281 282 function userExists($username) 283 { 284 GLOBAL $db; 285 $q = new DBQuery; 286 $result = false; 287 $q->addTable('users'); 288 $q->addWhere("user_username = '$username'"); 289 $rs = $q->exec(); 290 if ($rs->RecordCount() > 0) 291 $result = true; 292 $q->clear(); 293 return $result; 294 } 295 296 function userId($username) 297 { 298 GLOBAL $db; 299 $q = new DBQuery; 300 $q->addTable('users'); 301 $q->addWhere("user_username = '$username'"); 302 $rs = $q->exec(); 303 $row = $rs->FetchRow(); 304 $q->clear(); 305 return $row["user_id"]; 306 } 307 308 function createsqluser($username, $password, $ldap_attribs = Array()) 309 { 310 GLOBAL $db, $AppUI; 311 $hash_pass = MD5($password); 312 313 require_once($AppUI->getModuleClass("contacts")); 314 315 if (!count($ldap_attribs) == 0) 316 { 317 // Contact information based on the inetOrgPerson class schema 318 $c = New CContact(); 319 $c->contact_first_name = $ldap_attribs["givenname"][0]; 320 $c->contact_last_name = $ldap_attribs["sn"][0]; 321 $c->contact_email = $ldap_attribs["mail"][0]; 322 $c->contact_phone = $ldap_attribs["telephonenumber"][0]; 323 $c->contact_mobile = $ldap_attribs["mobile"][0]; 324 $c->contact_city = $ldap_attribs["l"][0]; 325 $c->contact_country = $ldap_attribs["country"][0]; 326 $c->contact_state = $ldap_attribs["st"][0]; 327 $c->contact_zip = $ldap_attribs["postalcode"][0]; 328 $c->contact_job = $ldap_attribs["title"][0]; 329 330 //print_r($c); die(); 331 db_insertObject('contacts', $c, 'contact_id'); 332 } 333 $contact_id = ($c->contact_id == NULL) ? "NULL" : $c->contact_id; 334 335 $q = new DBQuery; 336 $q->addTable('users'); 337 $q->addInsert('user_username',$username ); 338 $q->addInsert('user_password', $hash_pass); 339 $q->addInsert('user_type', '1'); 340 $q->addInsert('user_contact', $c->contact_id); 341 $q->exec(); 342 $user_id = $db->Insert_ID(); 343 $this->user_id = $user_id; 344 $q->clear(); 345 346 $acl =& $AppUI->acl(); 347 $acl->insertUserRole($acl->get_group_id('anon'), $this->user_id); 348 } 349 350 } 351 352 353 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 18 19:46:52 2007 | par Balluche grâce à PHPXref 0.7 |