|
|
@@ -0,0 +1,176 @@
|
|
|
+<?php
|
|
|
+
|
|
|
+/**
|
|
|
+ * plugin_ldap
|
|
|
+ *
|
|
|
+ * @method dap checks a local or remove ldap database to authenticate the user
|
|
|
+ */
|
|
|
+class plugin_ldap {
|
|
|
+
|
|
|
+ /**
|
|
|
+ * Define variables and their scope
|
|
|
+ */
|
|
|
+ public $debug;
|
|
|
+ public $domain_name;
|
|
|
+ public $username;
|
|
|
+ public $password;
|
|
|
+ public $user_uuid;
|
|
|
+ public $contact_uuid;
|
|
|
+
|
|
|
+ /**
|
|
|
+ * ldap checks a local or remove ldap database to authenticate the user
|
|
|
+ * @return array [authorized] => true or false
|
|
|
+ */
|
|
|
+ function ldap() {
|
|
|
+
|
|
|
+ //save the database connection to a local variable
|
|
|
+ include "root.php";
|
|
|
+ require_once "resources/classes/database.php";
|
|
|
+ $database = new database;
|
|
|
+ $database->connect();
|
|
|
+ $db = $database->db;
|
|
|
+
|
|
|
+ //use ldap to validate the user credentials
|
|
|
+ if (isset($_SESSION["ldap"]["certpath"])) {
|
|
|
+ $s = "LDAPTLS_CERT=" . $_SESSION["ldap"]["certpath"]["text"];
|
|
|
+ putenv($s);
|
|
|
+ }
|
|
|
+ if (isset($_SESSION["ldap"]["certkey"])) {
|
|
|
+ $s = "LDAPTLS_KEY=" . $_SESSION["ldap"]["certkey"]["text"];
|
|
|
+ putenv($s);
|
|
|
+ }
|
|
|
+ $host = $_SESSION["ldap"]["server_host"]["text"];
|
|
|
+ $port = $_SESSION["ldap"]["server_port"]["numeric"];
|
|
|
+ $connect = ldap_connect($host)
|
|
|
+ or die("Could not connect to the LDAP server.");
|
|
|
+ //ldap_set_option($connect, LDAP_OPT_NETWORK_TIMEOUT, 10);
|
|
|
+ ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
|
|
|
+ //ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
|
|
|
+ $bind_dn = $_SESSION["ldap"]["user_attribute"]["text"]."=".$this->username.",".$_SESSION["ldap"]["user_dn"]["text"];
|
|
|
+ $bind_pw = $this->password;
|
|
|
+ //Note: As of 4/16, the call below will fail randomly. PHP debug reports ldap_bind
|
|
|
+ //called below with all arguments '*uninitialized*'. However, the debugger
|
|
|
+ //single-stepping just before the failing call correctly displays all the values.
|
|
|
+ $bind = ldap_bind($connect, $bind_dn, $bind_pw);
|
|
|
+ if ($bind) {
|
|
|
+ $user_authorized = true;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ $user_authorized = false;
|
|
|
+ }
|
|
|
+
|
|
|
+ //check to see if the user exists
|
|
|
+ if ($user_authorized) {
|
|
|
+ $sql = "select * from v_users ";
|
|
|
+ $sql .= "where username=:username ";
|
|
|
+ if ($_SESSION["user"]["unique"]["text"] == "global") {
|
|
|
+ //unique username - global (example: email address)
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ //unique username - per domain
|
|
|
+ $sql .= "and domain_uuid=:domain_uuid ";
|
|
|
+ }
|
|
|
+ $prep_statement = $db->prepare(check_sql($sql));
|
|
|
+ if ($_SESSION["user"]["unique"]["text"] != "global") {
|
|
|
+ $prep_statement->bindParam(':domain_uuid', $this->domain_uuid);
|
|
|
+ }
|
|
|
+ $prep_statement->bindParam(':username', $this->username);
|
|
|
+ $prep_statement->execute();
|
|
|
+ $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
|
|
|
+ if (count($result) > 0) {
|
|
|
+ foreach ($result as &$row) {
|
|
|
+ if ($_SESSION["user"]["unique"]["text"] == "global" && $row["domain_uuid"] != $this->domain_uuid) {
|
|
|
+ //get the domain uuid
|
|
|
+ $this->domain_uuid = $row["domain_uuid"];
|
|
|
+ $this->domain_name = $_SESSION['domains'][$this->domain_uuid]['domain_name'];
|
|
|
+
|
|
|
+ //set the domain session variables
|
|
|
+ $_SESSION["domain_uuid"] = $this->domain_uuid;
|
|
|
+ $_SESSION["domain_name"] = $this->domain_name;
|
|
|
+
|
|
|
+ //set the setting arrays
|
|
|
+ $domain = new domains();
|
|
|
+ $domain->db = $db;
|
|
|
+ $domain->set();
|
|
|
+ }
|
|
|
+ $this->user_uuid = $row["user_uuid"];
|
|
|
+ }
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ //salt used with the password to create a one way hash
|
|
|
+ $salt = generate_password('32', '4');
|
|
|
+ $password = generate_password('32', '4');
|
|
|
+
|
|
|
+ //prepare the uuids
|
|
|
+ $this->user_uuid = uuid();
|
|
|
+ $this->contact_uuid = uuid();
|
|
|
+
|
|
|
+ //add the user
|
|
|
+ $sql = "insert into v_users ";
|
|
|
+ $sql .= "(";
|
|
|
+ $sql .= "domain_uuid, ";
|
|
|
+ $sql .= "user_uuid, ";
|
|
|
+ $sql .= "contact_uuid, ";
|
|
|
+ $sql .= "username, ";
|
|
|
+ $sql .= "password, ";
|
|
|
+ $sql .= "salt, ";
|
|
|
+ $sql .= "add_date, ";
|
|
|
+ $sql .= "add_user, ";
|
|
|
+ $sql .= "user_enabled ";
|
|
|
+ $sql .= ") ";
|
|
|
+ $sql .= "values ";
|
|
|
+ $sql .= "(";
|
|
|
+ $sql .= "'".$this->domain_uuid."', ";
|
|
|
+ $sql .= "'".$this->user_uuid."', ";
|
|
|
+ $sql .= "'".$this->contact_uuid."', ";
|
|
|
+ $sql .= "'".strtolower($this->username)."', ";
|
|
|
+ $sql .= "'".md5($salt.$password)."', ";
|
|
|
+ $sql .= "'".$salt."', ";
|
|
|
+ $sql .= "now(), ";
|
|
|
+ $sql .= "'".strtolower($this->username)."', ";
|
|
|
+ $sql .= "'true' ";
|
|
|
+ $sql .= ")";
|
|
|
+ $db->exec(check_sql($sql));
|
|
|
+ unset($sql);
|
|
|
+
|
|
|
+ //add the user to group user
|
|
|
+ $group_name = 'user';
|
|
|
+ $sql = "insert into v_group_users ";
|
|
|
+ $sql .= "(";
|
|
|
+ $sql .= "group_user_uuid, ";
|
|
|
+ $sql .= "domain_uuid, ";
|
|
|
+ $sql .= "group_name, ";
|
|
|
+ $sql .= "user_uuid ";
|
|
|
+ $sql .= ")";
|
|
|
+ $sql .= "values ";
|
|
|
+ $sql .= "(";
|
|
|
+ $sql .= "'".uuid()."', ";
|
|
|
+ $sql .= "'".$this->domain_uuid."', ";
|
|
|
+ $sql .= "'".$group_name."', ";
|
|
|
+ $sql .= "'".$this->user_uuid."' ";
|
|
|
+ $sql .= ")";
|
|
|
+ $db->exec(check_sql($sql));
|
|
|
+ unset($sql);
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ //result array
|
|
|
+ $result["plugin"] = "ldap";
|
|
|
+ $result["domain_name"] = $this->domain_name;
|
|
|
+ $result["username"] = $this->username;
|
|
|
+ if ($this->debug) {
|
|
|
+ $result["password"] = $this->password;
|
|
|
+ }
|
|
|
+ $result["user_uuid"] = $this->user_uuid;
|
|
|
+ $result["domain_uuid"] = $this->domain_uuid;
|
|
|
+ if ($user_authorized) {
|
|
|
+ $result["authorized"] = "true";
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ $result["authorized"] = "false";
|
|
|
+ }
|
|
|
+ return $result;
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+?>
|
FusionPBX