Open bohnelang opened 7 years ago
I add a q&d authentification against our AD. First time users had to check-in twice. Would be nice to have a hook for other authentification targets.
function log_user($login_donne,$pass_donne){ function check_user_in_ad($username, $password, $domain, $base_dn=""){ $options_ad["domain_controllers"] = gethostbynamel($domain)[0]; $options_ad["account_suffix"] = "@$domain"; $options_ad["base_dn"] = ""; if( empty( $base_dn)){ foreach(explode(".",$domain) as $val){ $options_ad["base_dn"] .= "dc=$val,";} $options_ad["base_dn"]= substr($options_ad["base_dn"],0,-1); } else { $options_ad["base_dn"] = $base_dn; } $ad_rec=array(); $ds=ldap_connect($options_ad["domain_controllers"]); if($ds) { ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); $bind=ldap_bind($ds, $username . $options_ad["account_suffix"], $password); if($bind){ $result = ldap_search($ds,$options_ad["base_dn"],"(SAMAccountName=$username)"); $data = ldap_get_entries($ds, $result); ldap_close($ds); return true; } else { ldap_close($ds); // Verbindung schließen return false; } } } # create session vars $save=false; global $auto_restrict,$default_language; if (empty($default_language)){$default_language='en';} if(check_user_in_ad($login_donne,$pass_donne,"med.ad.uni-heaven.de") ){ $usernew = true; foreach ($auto_restrict['users'] as $key=>$user){ if ( $user['login']===$login_donne){ $auto_restrict['users'][$key]['pass'] = hash('sha512', $user["salt"].$pass_donne); save_users(); $usernew = false; } } if( $usernew ) { $auto_restrict['users'][$login_donne]['login'] = $login_donne; $auto_restrict['users'][$login_donne]['encryption_key'] = md5(uniqid('', true)); $auto_restrict['users'][$login_donne]['salt'] = generate_salt(512); $auto_restrict['users'][$login_donne]['lang'] = conf('language'); $auto_restrict['users'][$login_donne]['status'] = 'user'; $auto_restrict['users'][$login_donne]['pass'] = hash('sha512', $auto_restrict['users'][$login_donne]['salt'].$pass_donne); save_users(); } } foreach ($auto_restrict['users'] as $key=>$user){ if ($user['login']===$login_donne && $user['pass']===hash('sha512', $user["salt"].$pass_donne)){ $_SESSION['id_user']=chiffre(id_user(),$user['encryption_key']); $_SESSION['login']=$user['login']; $_SESSION['expire']=time()+(60*$auto_restrict['session_expiration_delay']); $admin=first($auto_restrict['users']); $_SESSION['status']=$user['status']; conf('language',$user['lang']); if ($save){save_users();} return true; } } if ($login_donne=='dis'&&$pass_donne=='connect'){ exit_redirect();} return false; }
I add a q&d authentification against our AD. First time users had to check-in twice. Would be nice to have a hook for other authentification targets.