Commit d9019ebf authored by Imran Hussain's avatar Imran Hussain

Use the new ldap auth lib from a git repo for easy updating

parent 279cf2d1
[submodule "ldap-auth"]
path = ldap-auth
url = git@projects.sucs.org:imranh/ldap-auth.git
......@@ -23,7 +23,7 @@
Then destroys the session logging them out fully
*/
include('ldap-auth.php');
include('./ldap-auth/ldap-auth.php');
error_reporting(E_ERROR);
session_start();
......
Subproject commit 9c8e7ad06d05ad49f592ae52219d7b46cc8f31bf
<?php
/*
Written by Imran Hussain ~imranh
Used to auth people, will check SUCS then the uni ldap, will only check
students on the uni ldap.
will return "sucs" if the username/password passed is a sucs member
will return "uni" if the user/pass passed has a student swan uni account
will return "nope" if the user/pass passed is inavlid
Example usage:
include_once("ldap-auth.php");
isAuthd = ldapAuth("usaername", "password");
if (isAuthd == "sucs"){
//do stuff for sucs auth
}elseif (isAuthd == "uni"){
//do stuff for uni auth
}else{
//do stuff for not authd peeps
}
*/
// we don't care about warnings, we write our own
error_reporting(E_ERROR | E_PARSE);
function ldapAuth($username, $password) {
if ($username != "" && $password != ""){
// people like to use emails to login so lets detect and strip
if(filter_var($username, FILTER_VALIDATE_EMAIL)){
//valid email, lets strip
// split the email into a string array "@" as a delim
$s = explode("@",$username);
// remove the last element (domain)
array_pop($s);
// put the array back togther using "@" as a seperator
$username = implode("@",$s);
}
// ldap servers
$sucsLDAPServer = 'silver.sucs.swan.ac.uk';
$lisLDAPServer = 'ccs-suld1.swan.ac.uk';
// lis auth stuffs
$lisUsernameOu = substr($username, -1);
$lisOtherOu = "Moved";
// how to bind
$sucsBindDn = "uid=$username,ou=People,dc=sucs,dc=org";
$lisBindDn1 = "cn=$username,ou=$lisUsernameOu,ou=Students,ou=SWANSEA,o=SWANUNI";
$lisBindDn2 = "cn=$username,ou=$lisOtherOu,ou=Students,ou=SWANSEA,o=SWANUNI";
// Main auth
// Try and connect to silver
$ldapconnSUCS = ldap_connect($sucsLDAPServer) or die("Could not connect to SUCS LDAP server.");
if ($ldapconnSUCS) {
//echo "Connected to $sucsLDAPServer <br>";
// try and bind to sucs ldap
$ldapbindSUCS = ldap_bind($ldapconnSUCS, $sucsBindDn, $password);
if ($ldapbindSUCS) {
//echo "Auth'd as $username using SUCS LDAP<br>";
return "sucs";
// turns out they didn't give us valid sucs creds, lets try lis now
} else {
// try and connect to the lis ldap server
$ldapconnLIS = ldap_connect($lisLDAPServer) or die("Could not connect to uni LDAP server.");
//echo "Connected to $lisLDAPServer <br>";
// lets try and bind to the uni ldap
$ldapbindLIS1 = ldap_bind($ldapconnLIS, $lisBindDn1, $password);
if ($ldapbindLIS1) {
//echo "Auth'd as $username using uni LDAP using ou=$lisUsernameOu<br>";
return "uni";
} else {
$ldapbindLIS2 = ldap_bind($ldapconnLIS, $lisBindDn2, $password);
if ($ldapbindLIS2) {
//echo "Auth'd as $username using uni LDAP using ou=moved<br>";
return "uni";
// shit, couldn't bind to anything
} else {
//exit("Invalid Username or Password");
return "nope";
}
}
}
}
}else {
return "nope";
}
}
?>
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment