forked from 22decembre/ldap_login
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.inc.php
executable file
·146 lines (107 loc) · 3.78 KB
/
main.inc.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
<?php
/*
Plugin Name: Ldap Login
Version: auto
Description: Allow piwigo authentication using LDAP
Plugin URI:
Author: cccraig
Original Author: 22decembre
Original Author URI: http://www.22decembre.eu
*/
if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
// +-----------------------------------------------------------------------+
// | Define plugin constants |
// +-----------------------------------------------------------------------+
define('LDAP_LOGIN_ID', basename(dirname(__FILE__)));
define('LDAP_LOGIN_PATH' , PHPWG_PLUGINS_PATH . LDAP_LOGIN_ID . '/');
define('LDAP_LOGIN_ADMIN', get_root_url() . 'admin.php?page=plugin-' . LDAP_LOGIN_ID);
define('LDAP_LOGIN_VERSION', '1.3.1');
include_once(LDAP_LOGIN_PATH.'/class.ldap.php');
// +-----------------------------------------------------------------------+
// | Event handlers |
// +-----------------------------------------------------------------------+
add_event_handler('init', 'ld_init');
add_event_handler('try_log_user','login', 0, 4);
add_event_handler('get_admin_plugin_menu_links', array(&$ldap, 'ldap_admin_menu'));
// +-----------------------------------------------------------------------+
// | Admin menu loading |
// +-----------------------------------------------------------------------+
// Add ldap class to plugin
$ldap = new Ldap();
$ldap->load_config();
set_plugin_data($plugin['id'], $ldap);
unset($ldap);
// +-----------------------------------------------------------------------+
// | functions |
// +-----------------------------------------------------------------------+
function ld_init(){
load_language('plugin.lang', LDAP_LOGIN_PATH);
}
/*
* Check user login
*
* @var bool
* @var string
* @var string
* @var bool
*
*/
function login($success, $username, $password, $remember_me){
global $conf;
/*
* Initialize the LDAP Class
*/
$ldap = new Ldap();
// Don't continue if LDAP cannot connect
if(!$ldap -> connect()) {
trigger_notify('login_failure', stripslashes($username));
return false;
}
/* Check if using cn or mail to log in.
* Reason is two-fold. One is for cases where
* cn is not properly mapped to mail or vice versa.
* second is to make sure nobody gets duplicated
* by logging in with cn and then later with mail.
*/
$path = rtrim(LDAP_LOGIN_PATH, '/') . '/include/check_cn_or_mail.php';
include_once($path);
list($username, $mail, $login_attr, $info, $found) = test_for_cn_or_mail($ldap, $username);
if(!$found) {
trigger_notify('login_failure', stripslashes($username));
return false;
}
// Try to authenticate the user through LDAP
$auth = $ldap -> authenticate2($login_attr, $password);
if ($auth) {
// SQL query to find user in piwigo database
$query = 'SELECT '.$conf['user_fields']['id'].' AS id FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\' ;';
// Query the user id
$row = pwg_db_fetch_assoc(pwg_query($query));
// Create new user if not exist and allow new users is specified
if($row == null && $ldap->config['allow_newusers']) {
// Now actually create the user
$id = register_user(
$username,
$password,
$mail,
true
);
log_user($id, False);
} else {
$id = $row['id'];
log_user($id, False);
}
/*
* Do role mapping
*/
$path = rtrim(LDAP_LOGIN_PATH, '/') . '/include/ldap_group_mapping.php';
include_once($path);
map_ldap_groups($ldap, $info, $id);
trigger_notify('login_success', stripslashes($username));
return true;
} else {
trigger_notify('login_failure', stripslashes($username));
return false;
}
}
?>