diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000000000000000000000000000000000000..b2dfb54cae46a5008844e5254d0ae4aaa65c92b4 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "ldap-auth"] + path = ldap-auth + url = git@projects.sucs.org:imranh/ldap-auth.git diff --git a/controll_2.php b/controll_2.php index 6adbd10b34988c9582d01abe5b02cf9b2fba0643..12adec9d2788a0667aa1dd29792fc2d5bd17c79d 100644 --- a/controll_2.php +++ b/controll_2.php @@ -23,7 +23,7 @@ Then destroys the session logging them out fully */ - include('ldap-auth.php'); + include('./ldap-auth/ldap-auth.php'); error_reporting(E_ERROR); session_start(); diff --git a/ldap-auth b/ldap-auth new file mode 160000 index 0000000000000000000000000000000000000000..9c8e7ad06d05ad49f592ae52219d7b46cc8f31bf --- /dev/null +++ b/ldap-auth @@ -0,0 +1 @@ +Subproject commit 9c8e7ad06d05ad49f592ae52219d7b46cc8f31bf diff --git a/ldap-auth.php b/ldap-auth.php deleted file mode 100755 index cf8f90cfff68e5864fe860da1efaf5fc7cf8f441..0000000000000000000000000000000000000000 --- a/ldap-auth.php +++ /dev/null @@ -1,104 +0,0 @@ -<?php - -/* -Written by Imran Hussain ~imranh - -Used to auth people, will check SUCS then the uni ldap, will only check -students on the uni ldap. - -will return "sucs" if the username/password passed is a sucs member -will return "uni" if the user/pass passed has a student swan uni account -will return "nope" if the user/pass passed is inavlid - -Example usage: - -include_once("ldap-auth.php"); - -isAuthd = ldapAuth("usaername", "password"); - -if (isAuthd == "sucs"){ - //do stuff for sucs auth -}elseif (isAuthd == "uni"){ - //do stuff for uni auth -}else{ - //do stuff for not authd peeps -} - -*/ - -// we don't care about warnings, we write our own -error_reporting(E_ERROR | E_PARSE); - -function ldapAuth($username, $password) { - - if ($username != "" && $password != ""){ - - // people like to use emails to login so lets detect and strip - if(filter_var($username, FILTER_VALIDATE_EMAIL)){ - //valid email, lets strip - // split the email into a string array "@" as a delim - $s = explode("@",$username); - // remove the last element (domain) - array_pop($s); - // put the array back togther using "@" as a seperator - $username = implode("@",$s); - } - - // ldap servers - $sucsLDAPServer = 'silver.sucs.swan.ac.uk'; - $lisLDAPServer = 'ccs-suld1.swan.ac.uk'; - - // lis auth stuffs - $lisUsernameOu = substr($username, -1); - $lisOtherOu = "Moved"; - - // how to bind - $sucsBindDn = "uid=$username,ou=People,dc=sucs,dc=org"; - $lisBindDn1 = "cn=$username,ou=$lisUsernameOu,ou=Students,ou=SWANSEA,o=SWANUNI"; - $lisBindDn2 = "cn=$username,ou=$lisOtherOu,ou=Students,ou=SWANSEA,o=SWANUNI"; - - // Main auth - - // Try and connect to silver - $ldapconnSUCS = ldap_connect($sucsLDAPServer) or die("Could not connect to SUCS LDAP server."); - - if ($ldapconnSUCS) { - - //echo "Connected to $sucsLDAPServer <br>"; - - // try and bind to sucs ldap - $ldapbindSUCS = ldap_bind($ldapconnSUCS, $sucsBindDn, $password); - - if ($ldapbindSUCS) { - //echo "Auth'd as $username using SUCS LDAP<br>"; - return "sucs"; - // turns out they didn't give us valid sucs creds, lets try lis now - } else { - - // try and connect to the lis ldap server - $ldapconnLIS = ldap_connect($lisLDAPServer) or die("Could not connect to uni LDAP server."); - //echo "Connected to $lisLDAPServer <br>"; - - // lets try and bind to the uni ldap - $ldapbindLIS1 = ldap_bind($ldapconnLIS, $lisBindDn1, $password); - if ($ldapbindLIS1) { - //echo "Auth'd as $username using uni LDAP using ou=$lisUsernameOu<br>"; - return "uni"; - } else { - $ldapbindLIS2 = ldap_bind($ldapconnLIS, $lisBindDn2, $password); - if ($ldapbindLIS2) { - //echo "Auth'd as $username using uni LDAP using ou=moved<br>"; - return "uni"; - // shit, couldn't bind to anything - } else { - //exit("Invalid Username or Password"); - return "nope"; - } - } - } - } - }else { - return "nope"; - } -} -?> \ No newline at end of file