Skip to content
GitLab
Commits (5)
Hide whitespace changes
Inline Side-by-side
lib/ldap-auth.php
View file @ 0ded7b1d
......@@ -12,7 +12,7 @@ will return "nope" if the user/pass passed is inavlid
Example usage:
include_once("ldap-auth.php");
require "ldap-auth.php";
isAuthd = ldapAuth("usaername", "password");
......@@ -29,6 +29,8 @@ if (isAuthd == "sucs"){
// we don't care about warnings, we write our own
error_reporting(E_ERROR | E_PARSE);
define(LDAP_OPT_DIAGNOSTIC_MESSAGE, 0x0032);
function ldapAuth($username, $password)
{
......@@ -45,24 +47,29 @@ function ldapAuth($username, $password)
$username = implode("@", $s);
}
// filter out everything but A-Z a-z 0-9 . - _ from username
$safeusername = preg_replace("/[^A-Za-z0-9\.\-\_]/", '', $username);
// if safeusername isn't the same as username just error out
if ($safeusername != $username) {
return "nope";
}
// ldap servers
$sucsLDAPServer = 'silver.sucs.swan.ac.uk';
$lisLDAPServer = 'ccs-suld1.swan.ac.uk';
// lis auth stuffs
$lisUsernameOu = substr($username, -1);
$lisOtherOu = "Moved";
$issLDAPServer = '192.168.10.16';
// how to bind
$sucsBindDn = "uid=$username,ou=People,dc=sucs,dc=org";
$lisBindDn1 = "cn=$username,ou=$lisUsernameOu,ou=Students,ou=SWANSEA,o=SWANUNI";
$lisBindDn2 = "cn=$username,ou=$lisOtherOu,ou=Students,ou=SWANSEA,o=SWANUNI";
$sucsBindDn = "uid=$safeusername,ou=People,dc=sucs,dc=org";
$issBindDn = "cn=$safeusername,ou=Students,ou=Active,ou=Resources,o=Swansea";
// Main auth
// Try and connect to silver
$ldapconnSUCS = ldap_connect($sucsLDAPServer) or die("Could not connect to SUCS LDAP server.");
ldap_set_option($ldapconnSUCS,LDAP_OPT_PROTOCOL_VERSION,3);
if ($ldapconnSUCS) {
//echo "Connected to $sucsLDAPServer <br>";
......@@ -73,28 +80,28 @@ function ldapAuth($username, $password)
if ($ldapbindSUCS) {
//echo "Auth'd as $username using SUCS LDAP<br>";
return "sucs";
// turns out they didn't give us valid sucs creds, lets try lis now
// turns out they didn't give us valid sucs creds, lets try iss now
} else {
// try and connect to the lis ldap server
$ldapconnLIS = ldap_connect($lisLDAPServer) or die("Could not connect to uni LDAP server.");
//echo "Connected to $lisLDAPServer <br>";
// try and connect to the iss ldap server
$ldapconnISS = ldap_connect($issLDAPServer) or die("Could not connect to uni LDAP server.");
// echo "Connected to $issLDAPServer <br>";
ldap_set_option($ldapconnISS,LDAP_OPT_PROTOCOL_VERSION,3);
// lets try and bind to the uni ldap
$ldapbindLIS1 = ldap_bind($ldapconnLIS, $lisBindDn1, $password);
if ($ldapbindLIS1) {
//echo "Auth'd as $username using uni LDAP using ou=$lisUsernameOu<br>";
$ldapbindiss = ldap_bind($ldapconnISS, $issBindDn, $password);
/*if (ldap_get_option($ldapconnISS, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error)) {
echo "Error Binding to LDAP: $extended_error";
}*/
if ($ldapbindiss) {
//echo "Auth'd as $username using uni LDAP using ou=$issUsernameOu<br>";
return "uni";
} else {
$ldapbindLIS2 = ldap_bind($ldapconnLIS, $lisBindDn2, $password);
if ($ldapbindLIS2) {
//echo "Auth'd as $username using uni LDAP using ou=moved<br>";
return "uni";
// shit, couldn't bind to anything
} else {
//exit("Invalid Username or Password");
return "nope";
}
//exit("Invalid Username or Password");
return "nope";
}
}
}
......
lib/session.php
View file @ 0ded7b1d
......@@ -116,7 +116,15 @@ class Session
// Is this a login attempt ?
if ($submit != '' && $session_user != '' && $session_pass != '') {
$this->session_init($session_user, $session_pass);
// filter out everything but A-Z a-z 0-9 . - _ from username
$safeusername = preg_replace("/[^A-Za-z0-9\.\-\_]/", '', $session_user);
if ($safeusername != $session_user) {
trigger_error("Invalid username", E_USER_NOTICE);
$this->newsession();
return;
} elseif ($safeusername == $session_user) {
$this->session_init($safeusername, $session_pass);
}
}
// Retrieve session information
......