Create ldap.php

Add a the authentication ldap plugin.

core/authentication/resources/classes/plugins/ldap.php

@@ -0,0 +1,176 @@
+<?php
+
+/**
+ * plugin_ldap 
+ *
+ * @method dap checks a local or remove ldap database to authenticate the user
+ */
+class plugin_ldap {
+
+	/**
+	 * Define variables and their scope
+	 */
+	public $debug;
+	public $domain_name;
+	public $username;
+	public $password;
+	public $user_uuid;
+	public $contact_uuid;
+
+	/**
+	 * ldap checks a local or remove ldap database to authenticate the user
+	 * @return array [authorized] => true or false
+	 */
+	function ldap() {
+
+		//save the database connection to a local variable
+			include "root.php";
+			require_once "resources/classes/database.php";
+			$database = new database;
+			$database->connect();
+			$db = $database->db;
+
+		//use ldap to validate the user credentials
+			if (isset($_SESSION["ldap"]["certpath"])) {
+				$s = "LDAPTLS_CERT=" . $_SESSION["ldap"]["certpath"]["text"];
+				putenv($s);
+			}
+			if (isset($_SESSION["ldap"]["certkey"])) {
+				$s = "LDAPTLS_KEY=" . $_SESSION["ldap"]["certkey"]["text"];
+				 putenv($s);
+			}
+			$host = $_SESSION["ldap"]["server_host"]["text"];
+			$port = $_SESSION["ldap"]["server_port"]["numeric"];
+			$connect = ldap_connect($host)
+				or die("Could not connect to the LDAP server.");
+			//ldap_set_option($connect, LDAP_OPT_NETWORK_TIMEOUT, 10);
+			ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
+			//ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
+			$bind_dn = $_SESSION["ldap"]["user_attribute"]["text"]."=".$this->username.",".$_SESSION["ldap"]["user_dn"]["text"];
+			$bind_pw = $this->password;
+			//Note: As of 4/16, the call below will fail randomly.  PHP debug reports ldap_bind
+			//called below with all arguments '*uninitialized*'.  However, the debugger
+			//single-stepping just before the failing call correctly displays all the values.
+			$bind = ldap_bind($connect, $bind_dn, $bind_pw);
+			if ($bind) {
+				$user_authorized = true;
+			}
+			else {
+				$user_authorized = false;
+			}
+
+		//check to see if the user exists
+			 if ($user_authorized) {
+				$sql = "select * from v_users ";
+				$sql .= "where username=:username ";
+				if ($_SESSION["user"]["unique"]["text"] == "global") {
+					//unique username - global (example: email address)
+				}
+				else {
+					//unique username - per domain
+					$sql .= "and domain_uuid=:domain_uuid ";
+				}
+				$prep_statement = $db->prepare(check_sql($sql));
+				if ($_SESSION["user"]["unique"]["text"] != "global") {
+					$prep_statement->bindParam(':domain_uuid', $this->domain_uuid);
+				}
+				$prep_statement->bindParam(':username', $this->username);
+				$prep_statement->execute();
+				$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+				if (count($result) > 0) {
+					foreach ($result as &$row) {
+							if ($_SESSION["user"]["unique"]["text"] == "global" && $row["domain_uuid"] != $this->domain_uuid) {
+								//get the domain uuid
+									$this->domain_uuid = $row["domain_uuid"];
+									$this->domain_name = $_SESSION['domains'][$this->domain_uuid]['domain_name'];
+
+								//set the domain session variables
+									$_SESSION["domain_uuid"] = $this->domain_uuid;
+									$_SESSION["domain_name"] = $this->domain_name;
+
+								//set the setting arrays
+									$domain = new domains();
+									$domain->db = $db;
+									$domain->set();
+							}
+							$this->user_uuid = $row["user_uuid"];
+					}
+				}
+				else {
+					//salt used with the password to create a one way hash
+						$salt = generate_password('32', '4');
+						$password = generate_password('32', '4');
+
+					//prepare the uuids
+						$this->user_uuid = uuid();
+						$this->contact_uuid = uuid();
+
+					//add the user
+						$sql = "insert into v_users ";
+						$sql .= "(";
+						$sql .= "domain_uuid, ";
+						$sql .= "user_uuid, ";
+						$sql .= "contact_uuid, ";
+						$sql .= "username, ";
+						$sql .= "password, ";
+						$sql .= "salt, ";
+						$sql .= "add_date, ";
+						$sql .= "add_user, ";
+						$sql .= "user_enabled ";
+						$sql .= ") ";
+						$sql .= "values ";
+						$sql .= "(";
+						$sql .= "'".$this->domain_uuid."', ";
+						$sql .= "'".$this->user_uuid."', ";
+						$sql .= "'".$this->contact_uuid."', ";
+						$sql .= "'".strtolower($this->username)."', ";
+						$sql .= "'".md5($salt.$password)."', ";
+						$sql .= "'".$salt."', ";
+						$sql .= "now(), ";
+						$sql .= "'".strtolower($this->username)."', ";
+						$sql .= "'true' ";
+						$sql .= ")";
+						$db->exec(check_sql($sql));
+						unset($sql);
+
+					//add the user to group user
+						$group_name = 'user';
+						$sql = "insert into v_group_users ";
+						$sql .= "(";
+						$sql .= "group_user_uuid, ";
+						$sql .= "domain_uuid, ";
+						$sql .= "group_name, ";
+						$sql .= "user_uuid ";
+						$sql .= ")";
+						$sql .= "values ";
+						$sql .= "(";
+						$sql .= "'".uuid()."', ";
+						$sql .= "'".$this->domain_uuid."', ";
+						$sql .= "'".$group_name."', ";
+						$sql .= "'".$this->user_uuid."' ";
+						$sql .= ")";
+						$db->exec(check_sql($sql));
+						unset($sql);
+				}
+			}
+
+		//result array
+			$result["plugin"] = "ldap";
+			$result["domain_name"] = $this->domain_name;
+			$result["username"] = $this->username;
+			if ($this->debug) {
+				$result["password"] = $this->password;
+			}
+			$result["user_uuid"] = $this->user_uuid;
+			$result["domain_uuid"] = $this->domain_uuid;
+			if ($user_authorized) {
+				$result["authorized"] = "true";
+			}
+			else {
+				$result["authorized"] = "false";
+			}
+			return $result;
+	}
+}
+
+?>