Added LDAP auth
This commit is contained in:
@@ -30,6 +30,36 @@
|
||||
}
|
||||
}
|
||||
|
||||
function check_ldap_bind($user_name, $user_pass) {
|
||||
global $config_ldap_host;
|
||||
global $config_ldap_port;
|
||||
global $config_ldap_base_dn;
|
||||
global $config_ldap_bind_dn;
|
||||
global $config_ldap_bind_pass;
|
||||
global $config_ldap_login_attr;
|
||||
$ldap_conn = NULL;
|
||||
foreach ($config_ldap_host as $server) {
|
||||
if ($ldap_conn = ldap_connect($server, $config_ldap_port)) {
|
||||
if ($res = ldap_bind($ldap_conn, $config_ldap_bind_dn, $config_ldap_bind_pass)) {
|
||||
ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);
|
||||
ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
$filter = "(&(objectClass=user)($config_ldap_login_attr=$user_name))";
|
||||
$res = ldap_search($ldap_conn, $config_ldap_base_dn, $filter, ['dn']);
|
||||
if ($res) {
|
||||
$info = ldap_get_entries($ldap_conn, $res);
|
||||
$user_dn = $info[0]['dn'];
|
||||
$res = ldap_bind($ldap_conn, $user_dn, $user_pass);
|
||||
if ($res) {
|
||||
return TRUE;
|
||||
}
|
||||
}
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
function user_login($user_name, $user_pass) {
|
||||
global $dblink;
|
||||
// check user_name length
|
||||
@@ -50,6 +80,7 @@
|
||||
$query = "SELECT
|
||||
user.user_id,
|
||||
user.user_pass,
|
||||
user.user_realm,
|
||||
user.user_displayname,
|
||||
user.user_language,
|
||||
user.user_imagesize,
|
||||
@@ -81,19 +112,27 @@
|
||||
|
||||
// any users?
|
||||
if ($user_counter>0) {
|
||||
// compare passwords
|
||||
if(!strcmp(md5($user_pass), rtrim($users[0]['user_pass']))) {
|
||||
// all ok: user is logged in
|
||||
|
||||
// md5 match but outdated. rewrite with new algo
|
||||
$newhash = password_hash($user_pass, PASSWORD_BCRYPT);
|
||||
$query = "UPDATE user SET user_pass='" . $newhash. "' WHERE user_id=" . $users[0]['user_id'];
|
||||
$db->db_update($query);
|
||||
|
||||
} else {
|
||||
if (! password_verify($user_pass, $users[0]['user_pass'])) {
|
||||
if ($users[0]['user_realm'] == 'ldap') {
|
||||
// check LDAP auth
|
||||
if (! $this->check_ldap_bind($user_name, $user_pass)) {
|
||||
return FALSE;
|
||||
}
|
||||
// TODO sync LDAP data to local
|
||||
} else {
|
||||
// compare local passwords
|
||||
if(!strcmp(md5($user_pass), rtrim($users[0]['user_pass']))) {
|
||||
// all ok: user is logged in
|
||||
|
||||
// md5 match but outdated. rewrite with new algo
|
||||
$newhash = password_hash($user_pass, PASSWORD_BCRYPT);
|
||||
$query = "UPDATE user SET user_pass='" . $newhash. "' WHERE user_id=" . $users[0]['user_id'];
|
||||
$db->db_update($query);
|
||||
|
||||
} else {
|
||||
if (! password_verify($user_pass, $users[0]['user_pass'])) {
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
return FALSE;
|
||||
|
||||
Reference in New Issue
Block a user