Loading .gitmodules 0 → 100644 +3 −0 Original line number Diff line number Diff line [submodule "ldap-auth"] path = ldap-auth url = git@projects.sucs.org:imranh/ldap-auth.git controll_2.php +1 −1 Original line number Diff line number Diff line Loading @@ -23,7 +23,7 @@ Then destroys the session logging them out fully */ include('ldap-auth.php'); include('./ldap-auth/ldap-auth.php'); error_reporting(E_ERROR); session_start(); Loading ldap-auth @ 9c8e7ad0 Original line number Diff line number Diff line Subproject commit 9c8e7ad06d05ad49f592ae52219d7b46cc8f31bf ldap-auth.phpdeleted 100755 → 0 +0 −104 Original line number Diff line number Diff line <?php /* Written by Imran Hussain ~imranh Used to auth people, will check SUCS then the uni ldap, will only check students on the uni ldap. will return "sucs" if the username/password passed is a sucs member will return "uni" if the user/pass passed has a student swan uni account will return "nope" if the user/pass passed is inavlid Example usage: include_once("ldap-auth.php"); isAuthd = ldapAuth("usaername", "password"); if (isAuthd == "sucs"){ //do stuff for sucs auth }elseif (isAuthd == "uni"){ //do stuff for uni auth }else{ //do stuff for not authd peeps } */ // we don't care about warnings, we write our own error_reporting(E_ERROR | E_PARSE); function ldapAuth($username, $password) { if ($username != "" && $password != ""){ // people like to use emails to login so lets detect and strip if(filter_var($username, FILTER_VALIDATE_EMAIL)){ //valid email, lets strip // split the email into a string array "@" as a delim $s = explode("@",$username); // remove the last element (domain) array_pop($s); // put the array back togther using "@" as a seperator $username = implode("@",$s); } // ldap servers $sucsLDAPServer = 'silver.sucs.swan.ac.uk'; $lisLDAPServer = 'ccs-suld1.swan.ac.uk'; // lis auth stuffs $lisUsernameOu = substr($username, -1); $lisOtherOu = "Moved"; // how to bind $sucsBindDn = "uid=$username,ou=People,dc=sucs,dc=org"; $lisBindDn1 = "cn=$username,ou=$lisUsernameOu,ou=Students,ou=SWANSEA,o=SWANUNI"; $lisBindDn2 = "cn=$username,ou=$lisOtherOu,ou=Students,ou=SWANSEA,o=SWANUNI"; // Main auth // Try and connect to silver $ldapconnSUCS = ldap_connect($sucsLDAPServer) or die("Could not connect to SUCS LDAP server."); if ($ldapconnSUCS) { //echo "Connected to $sucsLDAPServer <br>"; // try and bind to sucs ldap $ldapbindSUCS = ldap_bind($ldapconnSUCS, $sucsBindDn, $password); if ($ldapbindSUCS) { //echo "Auth'd as $username using SUCS LDAP<br>"; return "sucs"; // turns out they didn't give us valid sucs creds, lets try lis now } else { // try and connect to the lis ldap server $ldapconnLIS = ldap_connect($lisLDAPServer) or die("Could not connect to uni LDAP server."); //echo "Connected to $lisLDAPServer <br>"; // lets try and bind to the uni ldap $ldapbindLIS1 = ldap_bind($ldapconnLIS, $lisBindDn1, $password); if ($ldapbindLIS1) { //echo "Auth'd as $username using uni LDAP using ou=$lisUsernameOu<br>"; return "uni"; } else { $ldapbindLIS2 = ldap_bind($ldapconnLIS, $lisBindDn2, $password); if ($ldapbindLIS2) { //echo "Auth'd as $username using uni LDAP using ou=moved<br>"; return "uni"; // shit, couldn't bind to anything } else { //exit("Invalid Username or Password"); return "nope"; } } } } }else { return "nope"; } } ?> No newline at end of file Loading
.gitmodules 0 → 100644 +3 −0 Original line number Diff line number Diff line [submodule "ldap-auth"] path = ldap-auth url = git@projects.sucs.org:imranh/ldap-auth.git
controll_2.php +1 −1 Original line number Diff line number Diff line Loading @@ -23,7 +23,7 @@ Then destroys the session logging them out fully */ include('ldap-auth.php'); include('./ldap-auth/ldap-auth.php'); error_reporting(E_ERROR); session_start(); Loading
ldap-auth @ 9c8e7ad0 Original line number Diff line number Diff line Subproject commit 9c8e7ad06d05ad49f592ae52219d7b46cc8f31bf
ldap-auth.phpdeleted 100755 → 0 +0 −104 Original line number Diff line number Diff line <?php /* Written by Imran Hussain ~imranh Used to auth people, will check SUCS then the uni ldap, will only check students on the uni ldap. will return "sucs" if the username/password passed is a sucs member will return "uni" if the user/pass passed has a student swan uni account will return "nope" if the user/pass passed is inavlid Example usage: include_once("ldap-auth.php"); isAuthd = ldapAuth("usaername", "password"); if (isAuthd == "sucs"){ //do stuff for sucs auth }elseif (isAuthd == "uni"){ //do stuff for uni auth }else{ //do stuff for not authd peeps } */ // we don't care about warnings, we write our own error_reporting(E_ERROR | E_PARSE); function ldapAuth($username, $password) { if ($username != "" && $password != ""){ // people like to use emails to login so lets detect and strip if(filter_var($username, FILTER_VALIDATE_EMAIL)){ //valid email, lets strip // split the email into a string array "@" as a delim $s = explode("@",$username); // remove the last element (domain) array_pop($s); // put the array back togther using "@" as a seperator $username = implode("@",$s); } // ldap servers $sucsLDAPServer = 'silver.sucs.swan.ac.uk'; $lisLDAPServer = 'ccs-suld1.swan.ac.uk'; // lis auth stuffs $lisUsernameOu = substr($username, -1); $lisOtherOu = "Moved"; // how to bind $sucsBindDn = "uid=$username,ou=People,dc=sucs,dc=org"; $lisBindDn1 = "cn=$username,ou=$lisUsernameOu,ou=Students,ou=SWANSEA,o=SWANUNI"; $lisBindDn2 = "cn=$username,ou=$lisOtherOu,ou=Students,ou=SWANSEA,o=SWANUNI"; // Main auth // Try and connect to silver $ldapconnSUCS = ldap_connect($sucsLDAPServer) or die("Could not connect to SUCS LDAP server."); if ($ldapconnSUCS) { //echo "Connected to $sucsLDAPServer <br>"; // try and bind to sucs ldap $ldapbindSUCS = ldap_bind($ldapconnSUCS, $sucsBindDn, $password); if ($ldapbindSUCS) { //echo "Auth'd as $username using SUCS LDAP<br>"; return "sucs"; // turns out they didn't give us valid sucs creds, lets try lis now } else { // try and connect to the lis ldap server $ldapconnLIS = ldap_connect($lisLDAPServer) or die("Could not connect to uni LDAP server."); //echo "Connected to $lisLDAPServer <br>"; // lets try and bind to the uni ldap $ldapbindLIS1 = ldap_bind($ldapconnLIS, $lisBindDn1, $password); if ($ldapbindLIS1) { //echo "Auth'd as $username using uni LDAP using ou=$lisUsernameOu<br>"; return "uni"; } else { $ldapbindLIS2 = ldap_bind($ldapconnLIS, $lisBindDn2, $password); if ($ldapbindLIS2) { //echo "Auth'd as $username using uni LDAP using ou=moved<br>"; return "uni"; // shit, couldn't bind to anything } else { //exit("Invalid Username or Password"); return "nope"; } } } } }else { return "nope"; } } ?> No newline at end of file
