Skip to content
Snippets Groups Projects
Normal view Permalink
ldap-auth.php 2.31 KiB
Newer Older
  • Learn to ignore specific revisions
    • Imran Hussain's avatar
    Add a script that checks a username and password combination to see if it's a...
    Imran Hussain committed
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 
    <?php

/*
Written by Imran Hussain ~imranh

Used to auth people, will check SUCS then the uni ldap, will only check
students on the uni ldap.

will return "sucs" if the username/password passed is a sucs member
will return "uni" if the user/pass passed has a student swan uni account
will return "nope" if the user/pass passed is inavlid

Example usage:

include_once("ldap-auth.php");

isAuthd = ldapauth("usaername", "password");

if (isAuthd == "sucs"){
	//do stuff for sucs auth
}elseif (isAuthd == "uni"){
	//do stuff for uni auth
}else{
	//do stuff for not authd peeps
}

*/

// we don't care about warnings, we write our own
error_reporting(E_ERROR | E_PARSE);

function ldapAuth($username, $password) {
    Imran Hussain's avatar
    Moved the variables inside the function  
    Imran Hussain committed
    34 35 36 37 
    	// ldap servers
	$sucsLDAPServer = 'silver.sucs.swan.ac.uk';
	$lisLDAPServer = 'ccs-suld1.swan.ac.uk';
    Imran Hussain's avatar
    Add a script that checks a username and password combination to see if it's a...
    Imran Hussain committed
    38 39 40 41 
    	// lis auth stuffs
	$lisUsernameOu = substr($username, -1);
	$lisOtherOu = 'moved';
    Imran Hussain's avatar
    Moved the variables inside the function  
    Imran Hussain committed
    42 43 44 45 46 
    	// how to bind
	$sucsBindDn = 'uid=$username,ou=People,dc=sucs,dc=org';
	$lisBindDn1 = 'cn=$username,ou=$lisUsernameOu,ou=students,ou=Swansea,o=swanuni';
	$lisBindDn2 = 'cn=$username,ou=$lisOtherOu,ou=students,ou=Swansea,o=swanuni';
    Imran Hussain's avatar
    Add a script that checks a username and password combination to see if it's a...
    Imran Hussain committed
    47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 
    	// Main auth

	// Try and connect to silver
	$ldapconnSUCS = ldap_connect($sucsLDAPServer) or die("Could not connect to SUCS LDAP server.");

	if ($ldapconnSUCS) {

		//echo "Connected to $sucsServer <br>";

		// try and bind to sucs ldap
		$ldapbindSUCS = ldap_bind($ldapconnSUCS, $sucsBindDn, $password);
		if ($ldapbindSUCS) {
			//echo "Auth'd as $username using SUCS LDAP<br>";
			return "sucs";
		// turns out they didn't give us valid sucs creds, lets try lis now
		} else {

			// try and connect to the lis ldap server
			$ldapconnLIS = ldap_connect($lisLDAPServer) or die("Could not connect to uni LDAP server.");
			//echo "Connected to $lisServer <br>";

			// lets try and bind to the uni ldap
			$ldapbindLIS1 = ldap_bind($ldapconnLIS, $lisBindDn1, $password);
			if ($ldapbindLIS1) {
				//echo "Auth'd as $username using uni LDAP using ou=$lisUsernameOu<br>";
				return "uni";
			} else {
				$ldapbindLIS2 = ldap_bind($ldapconnLIS, $lisBindDn2, $password);
				if ($ldapbindLIS2) {
					//echo "Auth'd as $username using uni LDAP using ou=moved<br>";
					return "uni";
				// shit, couldn't bind to anything
				} else {
					//exit("Invalid Username or Password");
					return "nope";
				}
			}
		}
	}
}
?>