Add a script that checks a username and password combination to see if it's a...

Add a script that checks a username and password combination to see if it's a valid sucs or uni ldap account

Add a script that checks a username and password combination to see if it's a...
bf526d1d · Imran Hussain · b939e380 · bf526d1d
Commit bf526d1d authored 10 years ago by Imran Hussain
--- a/lib/ldap-auth.php
+++ b/lib/ldap-auth.php
+<?php
+
+/*
+Written by Imran Hussain ~imranh
+
+Used to auth people, will check SUCS then the uni ldap, will only check
+students on the uni ldap.
+
+will return "sucs" if the username/password passed is a sucs member
+will return "uni" if the user/pass passed has a student swan uni account
+will return "nope" if the user/pass passed is inavlid
+
+Example usage:
+
+include_once("ldap-auth.php");
+
+isAuthd = ldapauth("usaername", "password");
+
+if (isAuthd == "sucs"){
+	//do stuff for sucs auth
+}elseif (isAuthd == "uni"){
+	//do stuff for uni auth
+}else{
+	//do stuff for not authd peeps
+}
+
+*/
+
+// we don't care about warnings, we write our own
+error_reporting(E_ERROR | E_PARSE);
+
+// how to bind
+$sucsBindDn = 'uid=$username,ou=People,dc=sucs,dc=org';
+$lisBindDn1 = 'cn=$username,ou=$lisUsernameOu,ou=students,ou=Swansea,o=swanuni';
+$lisBindDn2 = 'cn=$username,ou=$lisOtherOu,ou=students,ou=Swansea,o=swanuni';
+
+// ldap servers
+$sucsLDAPServer = 'silver.sucs.swan.ac.uk';
+$lisLDAPServer = 'ccs-suld1.swan.ac.uk';
+
+function ldapAuth($username, $password) {
+
+	// lis auth stuffs
+	$lisUsernameOu = substr($username, -1);
+	$lisOtherOu = 'moved';
+
+	// Main auth
+
+	// Try and connect to silver
+	$ldapconnSUCS = ldap_connect($sucsLDAPServer) or die("Could not connect to SUCS LDAP server.");
+
+	if ($ldapconnSUCS) {
+
+		//echo "Connected to $sucsServer <br>";
+
+		// try and bind to sucs ldap
+		$ldapbindSUCS = ldap_bind($ldapconnSUCS, $sucsBindDn, $password);
+		if ($ldapbindSUCS) {
+			//echo "Auth'd as $username using SUCS LDAP<br>";
+			return "sucs";
+		// turns out they didn't give us valid sucs creds, lets try lis now
+		} else {
+
+			// try and connect to the lis ldap server
+			$ldapconnLIS = ldap_connect($lisLDAPServer) or die("Could not connect to uni LDAP server.");
+			//echo "Connected to $lisServer <br>";
+
+			// lets try and bind to the uni ldap
+			$ldapbindLIS1 = ldap_bind($ldapconnLIS, $lisBindDn1, $password);
+			if ($ldapbindLIS1) {
+				//echo "Auth'd as $username using uni LDAP using ou=$lisUsernameOu<br>";
+				return "uni";
+			} else {
+				$ldapbindLIS2 = ldap_bind($ldapconnLIS, $lisBindDn2, $password);
+				if ($ldapbindLIS2) {
+					//echo "Auth'd as $username using uni LDAP using ou=moved<br>";
+					return "uni";
+				// shit, couldn't bind to anything
+				} else {
+					//exit("Invalid Username or Password");
+					return "nope";
+				}
+			}
+		}
+	}
+}
+?>
\ No newline at end of file