thooge
/
ipreg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added LDAP auth

This commit is contained in:
Thomas Hooge 2023-02-24 09:29:18 +01:00
parent 7d6450706f
commit b144555e46
11 changed files with 89 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lang/de.php
View File

@ -144,6 +144,7 @@ $lang = array(
'lang_user_name' => 'Benutzername',
'lang_user_password' => 'Kennwort',
'lang_user_language' => 'Sprache',
'lang_user_realm' => 'Realm',
'lang_zone_add' => 'Zone hinzufügen',
'lang_zone_del' => 'Zone löschen',

1
lang/en.php
View File

@ -143,6 +143,7 @@ $lang = array(
'lang_user_edit' => 'Mofidy user',
'lang_user_name' => 'Username',
'lang_user_password' => 'Password',
'lang_user_realm' => 'Realm',
'lang_zone_add' => 'Add zone',
'lang_zone_del' => 'Delete zone',

1
lib/db.class.php
View File

@ -35,7 +35,6 @@
function db_insert($query) {
// run query
echo "<pre>$query</pre>";
$sql = mysqli_query($this->dblink, $query) or die(mysqli_error($this->dblink));
// return result

61
lib/user.class.php
View File

@ -30,6 +30,36 @@
}
}
function check_ldap_bind($user_name, $user_pass) {
global $config_ldap_host;
global $config_ldap_port;
global $config_ldap_base_dn;
global $config_ldap_bind_dn;
global $config_ldap_bind_pass;
global $config_ldap_login_attr;
$ldap_conn = NULL;
foreach ($config_ldap_host as $server) {
if ($ldap_conn = ldap_connect($server, $config_ldap_port)) {
if ($res = ldap_bind($ldap_conn, $config_ldap_bind_dn, $config_ldap_bind_pass)) {
ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
$filter = "(&(objectClass=user)($config_ldap_login_attr=$user_name))";
$res = ldap_search($ldap_conn, $config_ldap_base_dn, $filter, ['dn']);
if ($res) {
$info = ldap_get_entries($ldap_conn, $res);
$user_dn = $info[0]['dn'];
$res = ldap_bind($ldap_conn, $user_dn, $user_pass);
if ($res) {
return TRUE;
}
}
}
return FALSE;
}
}
return FALSE;
}
function user_login($user_name, $user_pass) {
global $dblink;
// check user_name length
@ -50,6 +80,7 @@
$query = "SELECT
user.user_id,
user.user_pass,
user.user_realm,
user.user_displayname,
user.user_language,
user.user_imagesize,
@ -81,19 +112,27 @@
// any users?
if ($user_counter>0) {
// compare passwords
if(!strcmp(md5($user_pass), rtrim($users[0]['user_pass']))) {
// all ok: user is logged in
// md5 match but outdated. rewrite with new algo
$newhash = password_hash($user_pass, PASSWORD_BCRYPT);
$query = "UPDATE user SET user_pass='" . $newhash. "' WHERE user_id=" . $users[0]['user_id'];
$db->db_update($query);
} else {
if (! password_verify($user_pass, $users[0]['user_pass'])) {
if ($users[0]['user_realm'] == 'ldap') {
// check LDAP auth
if (! $this->check_ldap_bind($user_name, $user_pass)) {
return FALSE;
}
// TODO sync LDAP data to local
} else {
// compare local passwords
if(!strcmp(md5($user_pass), rtrim($users[0]['user_pass']))) {
// all ok: user is logged in
// md5 match but outdated. rewrite with new algo
$newhash = password_hash($user_pass, PASSWORD_BCRYPT);
$query = "UPDATE user SET user_pass='" . $newhash. "' WHERE user_id=" . $users[0]['user_id'];
$db->db_update($query);
} else {
if (! password_verify($user_pass, $users[0]['user_pass'])) {
return FALSE;
}
}
}
} else {
return FALSE;

4
submit.php
View File

@ -1000,12 +1000,14 @@ if (isset($_POST['edit'])) {
$user_id = sanitize($_POST['user_id']);
$user_name = sanitize($_POST['user_name']);
$user_displayname = sanitize($_POST['user_displayname']);
$user_realm = sanitize($_POST['user_realm']);
$query = "UPDATE
user
SET
user_name='" . $user_name . "',
user_displayname='" . $user_displayname . "'
user_displayname='" . $user_displayname . "',
user_realm='" . $user_realm . "'
WHERE
user_id=" . $user_id;

6
tpl/user.tpl
View File

@ -15,6 +15,9 @@
<td class="header">
{$lang_user_name}
</td>
<td class="header">
{$lang_user_realm}
</td>
<td class="header">
{$lang_user_displayname}
</td>
@ -24,6 +27,9 @@
<td class="label">
<a href="userview.php?user_id={$user.user_id}">{$user.user_name}</a>
</td>
<td class="value">
{$user.user_realm}
</td>
<td class="value">
{$user.user_displayname}
</td>

8
tpl/useredit.tpl
View File

@ -40,6 +40,14 @@
<input type="text" name="user_displayname" value="{$user_displayname}">
</td>
</tr>
<tr>
<td class="label">
{$lang_user_realm}
</td>
<td class="value">
{html_radios name=user_realm values=$realm_ids output=$realm_names selected=$realm_selected}
</td>
</tr>
</table>
</form>

8
tpl/userview.tpl
View File

@ -36,4 +36,12 @@
{$user_displayname}
</td>
</tr>
<tr>
<td class="label">
{$lang_user_realm}
</td>
<td class="value">
{$user_realm}
</td>
</tr>
</table>

3
user.php
View File

@ -13,7 +13,8 @@ include("header.php");
$query = "SELECT
user_id,
user_name,
user_displayname
user_displayname,
user_realm
FROM
user
ORDER BY

8
useredit.php
View File

@ -15,7 +15,8 @@ include("header.php");
$query = "SELECT
user_name,
user_displayname
user_displayname,
user_realm
FROM
user
WHERE
@ -26,6 +27,11 @@ $user = $db->db_select($query);
$smarty->assign("user_id", $user_id);
$smarty->assign("user_name", $user[0]['user_name']);
$smarty->assign("user_displayname", $user[0]['user_displayname']);
// auth realms
$smarty->assign("realm_ids", ['local', 'ldap']);
$smarty->assign("realm_names", ['Local', 'LDAP']);
$smarty->assign("realm_selected", $user[0]['user_realm']);
$smarty->display("useredit.tpl");

4
userview.php
View File

@ -15,7 +15,8 @@ include("header.php");
$query = "SELECT
user_name,
user_displayname
user_displayname,
user_realm
FROM
user
WHERE
@ -28,6 +29,7 @@ $user = $db->db_select($query);
$smarty->assign("user_id", $user_id);
$smarty->assign("user_name", $user[0]['user_name']);
$smarty->assign("user_displayname", $user[0]['user_displayname']);
$smarty->assign("user_realm", $user[0]['user_realm']);
$smarty->display("userview.tpl");