[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] phpgwapi/inc/class.auth_ldap.inc.php, 1.20
|
From: |
nomail |
|
Subject: |
[Phpgroupware-cvs] phpgwapi/inc/class.auth_ldap.inc.php, 1.20 |
|
Date: |
Thu, 30 Dec 2004 07:47:30 +0100 |
Update of /phpgwapi/inc
Added Files:
Branch:
class.auth_ldap.inc.php
date: 2004/12/30 06:47:30; author: skwashd; state: Exp; lines: +77 -88
Log Message:
new HEAD
=====================================================================
<?php
/**
* Authentication based on LDAP Server
* @author Lars Kneschke <address@hidden>
* @author Joseph Engo <address@hidden>
* @copyright Copyright (C) 2000,2001 Lars Kneschke, Joseph Engo
* @copyright Portions Copyright (C) 2000-2004 Free Software Foundation,
Inc. http://www.fsf.org/
* @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General
Public License
* @package phpgwapi
* @subpackage accounts
* @version $Id: class.auth_ldap.inc.php,v 1.20 2004/12/30 06:47:30
skwashd Exp $
*/
/**
* Authentication based on LDAP Server
*
* @package phpgwapi
* @subpackage accounts
* @ignore
*/
class auth
{
var $previous_login = -1;
function authenticate($username, $passwd)
{
//Connect as Admin with v3 or v2 in LDAP server
if ( !$ldap = $GLOBALS['phpgw']->common->ldapConnect() )
{
$GLOBALS['phpgw']->log->message('F-Abort,
Failed connecting to LDAP server for authenication, execution stopped');
$GLOBALS['phpgw']->log->commit();
return false;
}
//Search for the dn
$attributes = array( 'uid', 'dn', 'phpgwaccountstatus'
);
$sri = ldap_search($ldap,
$GLOBALS['phpgw_info']['server']['ldap_context'], "uid=$username", $attributes);
$allValues = ldap_get_entries($ldap, $sri);
error_reporting(0); // this avoid waring with ldap_bind
when user / password are not correct
if ($allValues['count'] > 0)
{
// let's check if its an inactive account
if($allValues[0]['phpgwaccountstatus'][0] !=
'I')
{
/* we only care about the first dn */
$userDN = $allValues[0]['dn'];
/*
generate a bogus password to pass if
the user doesn't give us one
this gets around systems that are
anonymous search enabled
*/
if (empty($passwd))
{
$passwd = crypt(microtime());
}
/* try to bind as the user with user
suplied password */
if (@ldap_bind($ldap, $userDN, $passwd))
{
@ldap_unbind($ldap); // we
don't need this connection anymore, so avoid a leak.
error_reporting(7);
return true;
}
}
}
else
{
}
@ldap_unbind($ldap);
/* Turn error reporting back to normal */
error_reporting(7);
/* dn not found or password wrong */
return False;
}
function change_password($old_passwd, $new_passwd,
$_account_id='')
{
if ('' == $_account_id)
{
$_account_id =
$GLOBALS['phpgw_info']['user']['account_id'];
}
$ds = $GLOBALS['phpgw']->common->ldapConnect();
$sri = ldap_search($ds,
$GLOBALS['phpgw_info']['server']['ldap_context'], 'uidnumber='.$_account_id);
$allValues = ldap_get_entries($ds, $sri);
$dn = $allValues[0]['dn'];
$entry['userpassword'] =
$GLOBALS['phpgw']->common->encrypt_password($new_passwd);
if (is_array($allValues[0]['objectclass']) &&
( in_array('phpgwAccount',
$allValues[0]['objectclass']) ||
in_array('phpgwaccount',
$allValues[0]['objectclass'])
)
)
{
$entry['phpgwlastpasswordchange'] = time();
}
if (@ldap_modify($ds, $dn, $entry))
{
$GLOBALS['phpgw']->session->appsession('password','phpgwapi',$new_passwd);
return $entry['userpassword'];
}
else
{
return false;
}
}
function update_lastlogin($account_id, $ip)
{
$entry['phpgwlastlogin'] = time();
$entry['phpgwlastloginfrom'] = $ip;
$ds = $GLOBALS['phpgw']->common->ldapConnect();
$sri = ldap_search($ds,
$GLOBALS['phpgw_info']['server']['ldap_context'], '(&(uidnumber=' .
$account_id.')(objectclass=phpgwaccount))');
$allValues = ldap_get_entries($ds, $sri);
if ($dn = $allValues[0]['dn'])
{
$this->previous_login =
$allValues[0]['phpgwlastlogin'][0];
ldap_modify($ds, $dn, $entry);
}
}
}
?>