diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000000000000000000000000000000000000..b2dfb54cae46a5008844e5254d0ae4aaa65c92b4
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "ldap-auth"]
+ path = ldap-auth
+ url = git@projects.sucs.org:imranh/ldap-auth.git
diff --git a/controll_2.php b/controll_2.php
index 6adbd10b34988c9582d01abe5b02cf9b2fba0643..12adec9d2788a0667aa1dd29792fc2d5bd17c79d 100644
--- a/controll_2.php
+++ b/controll_2.php
@@ -23,7 +23,7 @@
Then destroys the session logging them out fully
*/
- include('ldap-auth.php');
+ include('./ldap-auth/ldap-auth.php');
error_reporting(E_ERROR);
session_start();
diff --git a/ldap-auth b/ldap-auth
new file mode 160000
index 0000000000000000000000000000000000000000..9c8e7ad06d05ad49f592ae52219d7b46cc8f31bf
--- /dev/null
+++ b/ldap-auth
@@ -0,0 +1 @@
+Subproject commit 9c8e7ad06d05ad49f592ae52219d7b46cc8f31bf
diff --git a/ldap-auth.php b/ldap-auth.php
deleted file mode 100755
index cf8f90cfff68e5864fe860da1efaf5fc7cf8f441..0000000000000000000000000000000000000000
--- a/ldap-auth.php
+++ /dev/null
@@ -1,104 +0,0 @@
-<?php
-
-/*
-Written by Imran Hussain ~imranh
-
-Used to auth people, will check SUCS then the uni ldap, will only check
-students on the uni ldap.
-
-will return "sucs" if the username/password passed is a sucs member
-will return "uni" if the user/pass passed has a student swan uni account
-will return "nope" if the user/pass passed is inavlid
-
-Example usage:
-
-include_once("ldap-auth.php");
-
-isAuthd = ldapAuth("usaername", "password");
-
-if (isAuthd == "sucs"){
- //do stuff for sucs auth
-}elseif (isAuthd == "uni"){
- //do stuff for uni auth
-}else{
- //do stuff for not authd peeps
-}
-
-*/
-
-// we don't care about warnings, we write our own
-error_reporting(E_ERROR | E_PARSE);
-
-function ldapAuth($username, $password) {
-
- if ($username != "" && $password != ""){
-
- // people like to use emails to login so lets detect and strip
- if(filter_var($username, FILTER_VALIDATE_EMAIL)){
- //valid email, lets strip
- // split the email into a string array "@" as a delim
- $s = explode("@",$username);
- // remove the last element (domain)
- array_pop($s);
- // put the array back togther using "@" as a seperator
- $username = implode("@",$s);
- }
-
- // ldap servers
- $sucsLDAPServer = 'silver.sucs.swan.ac.uk';
- $lisLDAPServer = 'ccs-suld1.swan.ac.uk';
-
- // lis auth stuffs
- $lisUsernameOu = substr($username, -1);
- $lisOtherOu = "Moved";
-
- // how to bind
- $sucsBindDn = "uid=$username,ou=People,dc=sucs,dc=org";
- $lisBindDn1 = "cn=$username,ou=$lisUsernameOu,ou=Students,ou=SWANSEA,o=SWANUNI";
- $lisBindDn2 = "cn=$username,ou=$lisOtherOu,ou=Students,ou=SWANSEA,o=SWANUNI";
-
- // Main auth
-
- // Try and connect to silver
- $ldapconnSUCS = ldap_connect($sucsLDAPServer) or die("Could not connect to SUCS LDAP server.");
-
- if ($ldapconnSUCS) {
-
- //echo "Connected to $sucsLDAPServer <br>";
-
- // try and bind to sucs ldap
- $ldapbindSUCS = ldap_bind($ldapconnSUCS, $sucsBindDn, $password);
-
- if ($ldapbindSUCS) {
- //echo "Auth'd as $username using SUCS LDAP<br>";
- return "sucs";
- // turns out they didn't give us valid sucs creds, lets try lis now
- } else {
-
- // try and connect to the lis ldap server
- $ldapconnLIS = ldap_connect($lisLDAPServer) or die("Could not connect to uni LDAP server.");
- //echo "Connected to $lisLDAPServer <br>";
-
- // lets try and bind to the uni ldap
- $ldapbindLIS1 = ldap_bind($ldapconnLIS, $lisBindDn1, $password);
- if ($ldapbindLIS1) {
- //echo "Auth'd as $username using uni LDAP using ou=$lisUsernameOu<br>";
- return "uni";
- } else {
- $ldapbindLIS2 = ldap_bind($ldapconnLIS, $lisBindDn2, $password);
- if ($ldapbindLIS2) {
- //echo "Auth'd as $username using uni LDAP using ou=moved<br>";
- return "uni";
- // shit, couldn't bind to anything
- } else {
- //exit("Invalid Username or Password");
- return "nope";
- }
- }
- }
- }
- }else {
- return "nope";
- }
-}
-?>
\ No newline at end of file