thexerteproject · adrianfish · Mar 23, 2016
diff --git a/auth_config.php b/auth_config.php
@@ -27,6 +27,9 @@
  * See code in library/Xerte/Authentication/*.php - where each file should match up to the value used below.
  */
 
+global $container_auth;
+$container_auth = false;
+
 // set authentication method to guest if not set in db via management area
 if (!isset($xerte_toolkits_site->authentication_method) || $xerte_toolkits_site->authentication_method=="") {
     $xerte_toolkits_site->authentication_method = 'Guest';  

diff --git a/library/Xerte/Authentication/Abstract.php b/library/Xerte/Authentication/Abstract.php
@@ -26,6 +26,11 @@ abstract class Xerte_Authentication_Abstract
      */
     protected $_errors = array();
 
+    /**
+     * @var boolean - see auth_config.php.
+     */
+    protected $container_auth = false;
+
     /**
      * @var StdClass - see config.php.
      */
@@ -72,10 +77,12 @@ abstract public function getSurname();
     abstract public function getEmail();
 
     /**
+     * @param boolean  $container_auth
      * @param StdClass $xerte_toolkits_site
      */
-    public function __construct($xerte_toolkits_site)
+    public function __construct($container_auth, $xerte_toolkits_site)
     {
+        $this->container_auth = $container_auth;
         $this->xerte_toolkits_site = $xerte_toolkits_site;
     }
 

diff --git a/library/Xerte/Authentication/Factory.php b/library/Xerte/Authentication/Factory.php
@@ -39,15 +39,16 @@ class Xerte_Authentication_Factory
      */
     public static function create($method)
     {
+        global $container_auth;
         global $xerte_toolkits_site;
 
         $method = ucfirst(strtolower($method));
         if (is_file(dirname(__FILE__) . DIRECTORY_SEPARATOR . $method . ".php")) {
             $class_name = "Xerte_Authentication_$method";
 
-            $auth_mech = new $class_name($xerte_toolkits_site);
+            $auth_mech = new $class_name($container_auth, $xerte_toolkits_site);
             return $auth_mech;
         }
         //throw new InvalidArgumentException("Authentication mechanism defined in xerte_site_details is not valid");
     }
-}
+}
diff --git a/library/Xerte/Authentication/Ldap.php b/library/Xerte/Authentication/Ldap.php
@@ -193,14 +193,22 @@ private function _authenticate_to_host($host, $port, $bind_pwd, $bind_dn, $based
                     $this->addError("Issue connecting to ldap server (#4) : No entries found ");
                     return false;
                 } else {
-                    if (@ldap_bind($ds, $entry[0]['dn'], $password)) {
+                    $user_record = array('firstname' => $entry[0]['givenname'][0], 'surname' => $entry[0]['sn'][0], 'username' => $xot_username);
+                    if ($this->container_auth) {
+                        _debug("Container auth ok " . print_r($entry, true));
+                        $this->_record = $user_record;
+                        return true;
+                    } else if (@ldap_bind($ds, $entry[0]['dn'], $password)) {
                         _debug("Login ok " . print_r($entry, true));
                         /*
                          * valid login, so return true
                          */
 
                         $this->_record = array('firstname' => $entry[0]['givenname'][0], 'surname' => $entry[0]['sn'][0], 'username' => $xot_username);
                         return true;
+                    } else {
+                        _debug("Failed to authenticate " . print_r($entry, true));
+                        return false;
                     }
                 }
             }

diff --git a/website_code/php/login_library.php b/website_code/php/login_library.php
@@ -293,14 +293,29 @@ function login_form($messages, $xerte_toolkits_site)
 }
 
 function login_processing($exit = true) {
-  global $errors, $authmech, $xerte_toolkits_site;
+  global $errors, $authmech, $xerte_toolkits_site, $container_auth;
 
   /**
    *  Check to see if anything has been posted to distinguish between log in attempts
    */
 
   $authmech = Xerte_Authentication_Factory::create($xerte_toolkits_site->authentication_method);
 
+  if ($_SERVER['REQUEST_METHOD'] !== "POST") {
+    if ($container_auth) {
+      if (isset($_SERVER['REMOTE_USER'])) {
+        _debug("REMOTE_USER: " . $_SERVER['REMOTE_USER']);
+        $success = $authmech->login($_SERVER['REMOTE_USER'], '');
+        return(array($success, $errors));
+      } else {
+        _debug("container_auth is true but REMOTE_USER has not been set");
+      }
+    }
+    if ($authmech->needsLogin() && $exit) { 
+      login_form($errors, $xerte_toolkits_site);
+      exit(0);
+    }
+  }
   if ($authmech->needsLogin()) {
    /**
     *  Check if we are logged in