Add missing LDAP code to login
This commit is contained in:
parent
1c8021c325
commit
5e605692dd
2
lib.php
2
lib.php
|
|
@ -168,6 +168,8 @@ function db_load_enum($table, $column) {
|
||||||
WHERE table_name=? AND column_name=?";
|
WHERE table_name=? AND column_name=?";
|
||||||
$sth = $dbh->prepare($sql);
|
$sth = $dbh->prepare($sql);
|
||||||
$sth->execute([$table, $column]);
|
$sth->execute([$table, $column]);
|
||||||
|
// Für PHP < 7.4
|
||||||
|
// return array_map(function($x) { return trim($x, "'"); }, explode(',', $sth->fetchColumn()));
|
||||||
return array_map(fn($x) => trim($x, "'"), explode(',', $sth->fetchColumn()));
|
return array_map(fn($x) => trim($x, "'"), explode(',', $sth->fetchColumn()));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
40
login.php
40
login.php
|
|
@ -22,6 +22,36 @@ $dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
|
||||||
|
|
||||||
include("lib.php"); // only for get_language from browser. TODO: simplify
|
include("lib.php"); // only for get_language from browser. TODO: simplify
|
||||||
|
|
||||||
|
function check_ldap_bind($user_name, $user_pass) {
|
||||||
|
global $config_ldap_host;
|
||||||
|
global $config_ldap_port;
|
||||||
|
global $config_ldap_base_dn;
|
||||||
|
global $config_ldap_bind_dn;
|
||||||
|
global $config_ldap_bind_pass;
|
||||||
|
global $config_ldap_login_attr;
|
||||||
|
$ldap_conn = NULL;
|
||||||
|
foreach ($config_ldap_host as $server) {
|
||||||
|
if ($ldap_conn = ldap_connect($server, $config_ldap_port)) {
|
||||||
|
if ($res = ldap_bind($ldap_conn, $config_ldap_bind_dn, $config_ldap_bind_pass)) {
|
||||||
|
ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);
|
||||||
|
ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||||
|
$filter = "(&(objectClass=user)($config_ldap_login_attr=$user_name))";
|
||||||
|
$res = ldap_search($ldap_conn, $config_ldap_base_dn, $filter, ['dn']);
|
||||||
|
if ($res) {
|
||||||
|
$info = ldap_get_entries($ldap_conn, $res);
|
||||||
|
$user_dn = $info[0]['dn'];
|
||||||
|
$res = ldap_bind($ldap_conn, $user_dn, $user_pass);
|
||||||
|
if ($res) {
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
function user_login ($user_name, $user_pass) {
|
function user_login ($user_name, $user_pass) {
|
||||||
global $dbh;
|
global $dbh;
|
||||||
|
|
||||||
|
|
@ -47,6 +77,14 @@ function user_login ($user_name, $user_pass) {
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($user->user_realm == 'ldap') {
|
||||||
|
// check LDAP auth
|
||||||
|
if (! check_ldap_bind($user_name, $user_pass)) {
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
// TODO sync LDAP data to local
|
||||||
|
{ else {
|
||||||
|
// compare local passwords
|
||||||
if (strcmp(md5($user_pass), rtrim($user->user_pass)) != 0) {
|
if (strcmp(md5($user_pass), rtrim($user->user_pass)) != 0) {
|
||||||
// password does not match with md5, check if new hash matches
|
// password does not match with md5, check if new hash matches
|
||||||
// For future expansion: $pwd_peppered = hash_hmac('sha256', $user_pass, $config_pepper);
|
// For future expansion: $pwd_peppered = hash_hmac('sha256', $user_pass, $config_pepper);
|
||||||
|
|
@ -59,7 +97,7 @@ function user_login ($user_name, $user_pass) {
|
||||||
$newhash = password_hash($user_pass, PASSWORD_BCRYPT);
|
$newhash = password_hash($user_pass, PASSWORD_BCRYPT);
|
||||||
$sth->execute([$newhash, $user->user_id]);
|
$sth->execute([$newhash, $user->user_id]);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// all ok: user is logged in, register session data
|
// all ok: user is logged in, register session data
|
||||||
$_SESSION['suser_id'] = $user->user_id;
|
$_SESSION['suser_id'] = $user->user_id;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue