add my ldap auth php to the project

d26c7a0a · Imran Hussain · 113face8 · d26c7a0a
Commit d26c7a0a authored 6 years ago by Imran Hussain
--- a/ldap-auth.php
+++ b/ldap-auth.php
+<?php
+/*
+Written by Imran Hussain ~imranh
+Used to auth people, will check SUCS then the uni ldap, will only check
+students on the uni ldap.
+will return "sucs" if the username/password passed is a sucs member
+will return "uni" if the user/pass passed has a student swan uni account
+will return "nope" if the user/pass passed is inavlid
+Example usage:
+include_once("ldap-auth.php");
+isAuthd = ldapAuth("usaername", "password");
+if (isAuthd == "sucs"){
+	//do stuff for sucs auth
+}elseif (isAuthd == "uni"){
+	//do stuff for uni auth
+}else{
+	//do stuff for not authd peeps
+}
+*/
+// we don't care about warnings, we write our own
+error_reporting(E_ERROR | E_PARSE);
+function ldapAuth($username, $password)
+{
+    if ($username != "" && $password != "") {
+        // people like to use emails to login so lets detect and strip
+        if (filter_var($username, FILTER_VALIDATE_EMAIL)) {
+            //valid email, lets strip
+            // split the email into a string array "@" as a delim
+            $s = explode("@", $username);
+            // remove the last element (domain)
+            array_pop($s);
+            // put the array back togther using "@" as a seperator
+            $username = implode("@", $s);
+        }
+        // ldap servers
+        $sucsLDAPServer = 'silver.sucs.swan.ac.uk';
+        $lisLDAPServer = 'ccs-suld1.swan.ac.uk';
+        // lis auth stuffs
+        $lisUsernameOu = substr($username, -1);
+        $lisOtherOu = "Moved";
+        // how to bind
+        $sucsBindDn = "uid=$username,ou=People,dc=sucs,dc=org";
+        $lisBindDn1 = "cn=$username,ou=$lisUsernameOu,ou=Students,ou=SWANSEA,o=SWANUNI";
+        $lisBindDn2 = "cn=$username,ou=$lisOtherOu,ou=Students,ou=SWANSEA,o=SWANUNI";
+        // Main auth
+        // Try and connect to silver
+        $ldapconnSUCS = ldap_connect($sucsLDAPServer) or die("Could not connect to SUCS LDAP server.");
+        if ($ldapconnSUCS) {
+            //echo "Connected to $sucsLDAPServer <br>";
+            // try and bind to sucs ldap
+            $ldapbindSUCS = ldap_bind($ldapconnSUCS, $sucsBindDn, $password);
+            if ($ldapbindSUCS) {
+                //echo "Auth'd as $username using SUCS LDAP<br>";
+                return "sucs";
+                // turns out they didn't give us valid sucs creds, lets try lis now
+            } else {
+                // try and connect to the lis ldap server
+                $ldapconnLIS = ldap_connect($lisLDAPServer) or die("Could not connect to uni LDAP server.");
+                //echo "Connected to $lisLDAPServer <br>";
+                // lets try and bind to the uni ldap
+                $ldapbindLIS1 = ldap_bind($ldapconnLIS, $lisBindDn1, $password);
+                if ($ldapbindLIS1) {
+                    //echo "Auth'd as $username using uni LDAP using ou=$lisUsernameOu<br>";
+                    return "uni";
+                } else {
+                    $ldapbindLIS2 = ldap_bind($ldapconnLIS, $lisBindDn2, $password);
+                    if ($ldapbindLIS2) {
+                        //echo "Auth'd as $username using uni LDAP using ou=moved<br>";
+                        return "uni";
+                        // shit, couldn't bind to anything
+                    } else {
+                        //exit("Invalid Username or Password");
+                        return "nope";
+                    }
+                }
+            }
+        }
+    } else {
+        return "nope";
+    }
+}