1: <?php
2: /**
3: * XOOPS Authentification base class
4: *
5: * You may not change or alter any portion of this comment or credits
6: * of supporting developers from this source code or any supporting source code
7: * which is considered copyrighted (c) material of the original comment or credit authors.
8: * This program is distributed in the hope that it will be useful,
9: * but WITHOUT ANY WARRANTY; without even the implied warranty of
10: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
11: *
12: * @copyright (c) 2000-2016 XOOPS Project (www.xoops.org)
13: * @license GNU GPL 2 (http://www.gnu.org/licenses/gpl-2.0.html)
14: * @package kernel
15: * @subpackage auth
16: * @since 2.0
17: * @author Pierre-Eric MENUET <pemphp@free.fr>
18: */
19:
20: defined('XOOPS_ROOT_PATH') || exit('Restricted access');
21:
22: /**
23: *
24: * @package kernel
25: * @subpackage auth
26: * @description Authentification class for Active Directory
27: * @author Pierre-Eric MENUET <pemphp@free.fr>
28: * @copyright (c) 2000-2016 XOOPS Project (www.xoops.org)
29: */
30: include_once $GLOBALS['xoops']->path('class/auth/auth_ldap.php');
31:
32: /**
33: * XoopsAuthAds
34: *
35: * @package
36: * @author John
37: * @copyright (c) 2000-2016 XOOPS Project (www.xoops.org)
38: * @access public
39: */
40: class XoopsAuthAds extends XoopsAuthLdap
41: {
42: /**
43: * Authentication Service constructor
44: * @param XoopsDatabase $dao
45: */
46: public function __construct(XoopsDatabase $dao = null)
47: {
48: parent::__construct($dao);
49: }
50:
51: /**
52: * Authenticate user again LDAP directory (Bind)
53: * 2 options :
54: * Authenticate directly with uname in the DN
55: * Authenticate with manager, search the dn
56: *
57: * @param string $uname Username
58: * @param string $pwd Password
59: * @return bool
60: */
61: public function authenticate($uname, $pwd = null)
62: {
63: $authenticated = false;
64: if (!extension_loaded('ldap')) {
65: $this->setErrors(0, _AUTH_LDAP_EXTENSION_NOT_LOAD);
66:
67: return $authenticated;
68: }
69: $this->_ds = ldap_connect($this->ldap_server, $this->ldap_port);
70: if ($this->_ds) {
71: ldap_set_option($this->_ds, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version);
72: ldap_set_option($this->_ds, LDAP_OPT_REFERRALS, 0);
73: if ($this->ldap_use_TLS) { // We use TLS secure connection
74: if (!ldap_start_tls($this->_ds)) {
75: $this->setErrors(0, _AUTH_LDAP_START_TLS_FAILED);
76: }
77: }
78: // If the uid is not in the DN we proceed to a search
79: // The uid is not always in the dn
80: $userUPN = $this->getUPN($uname);
81: if (!$userUPN) {
82: return false;
83: }
84: // We bind as user to test the credentials
85: $authenticated = ldap_bind($this->_ds, $userUPN, $this->cp1252_to_utf8(stripslashes($pwd)));
86: if ($authenticated) {
87: // We load the Xoops User database
88: $dn = $this->getUserDN($uname);
89: if ($dn) {
90: return $this->loadXoopsUser($dn, $uname, $pwd);
91: } else {
92: return false;
93: }
94: } else {
95: $this->setErrors(ldap_errno($this->_ds), ldap_err2str(ldap_errno($this->_ds)) . '(' . $userUPN . ')');
96: }
97: } else {
98: $this->setErrors(0, _AUTH_LDAP_SERVER_NOT_FOUND);
99: }
100: @ldap_close($this->_ds);
101:
102: return $authenticated;
103: }
104:
105: /**
106: * Return the UPN = userPrincipalName (Active Directory)
107: * userPrincipalName = guyt@CP.com Often abbreviated to UPN, and
108: * looks like an email address. Very useful for logging on especially in
109: * a large Forest. Note UPN must be unique in the forest.
110: *
111: * @param $uname
112: *
113: * @return userDN or false
114: */
115: public function getUPN($uname)
116: {
117: $userDN = $uname . '@' . $this->ldap_domain_name;
118:
119: return $userDN;
120: }
121: } // end class
122:
123: