<?php

/*
Written by Imran Hussain ~imranh

Used to auth people, will check SUCS then the uni ldap, will only check
students on the uni ldap.

will return "sucs" if the username/password passed is a sucs member
will return "uni" if the user/pass passed has a student swan uni account
will return "nope" if the user/pass passed is inavlid

Example usage:

include_once("ldap-auth.php");

isAuthd = ldapauth("usaername", "password");

if (isAuthd == "sucs"){
	//do stuff for sucs auth
}elseif (isAuthd == "uni"){
	//do stuff for uni auth
}else{
	//do stuff for not authd peeps
}

*/

// we don't care about warnings, we write our own
error_reporting(E_ERROR | E_PARSE);

// how to bind
$sucsBindDn = 'uid=$username,ou=People,dc=sucs,dc=org';
$lisBindDn1 = 'cn=$username,ou=$lisUsernameOu,ou=students,ou=Swansea,o=swanuni';
$lisBindDn2 = 'cn=$username,ou=$lisOtherOu,ou=students,ou=Swansea,o=swanuni';

// ldap servers
$sucsLDAPServer = 'silver.sucs.swan.ac.uk';
$lisLDAPServer = 'ccs-suld1.swan.ac.uk';

function ldapAuth($username, $password) {

	// lis auth stuffs
	$lisUsernameOu = substr($username, -1);
	$lisOtherOu = 'moved';

	// Main auth

	// Try and connect to silver
	$ldapconnSUCS = ldap_connect($sucsLDAPServer) or die("Could not connect to SUCS LDAP server.");

	if ($ldapconnSUCS) {

		//echo "Connected to $sucsServer <br>";

		// try and bind to sucs ldap
		$ldapbindSUCS = ldap_bind($ldapconnSUCS, $sucsBindDn, $password);
		if ($ldapbindSUCS) {
			//echo "Auth'd as $username using SUCS LDAP<br>";
			return "sucs";
		// turns out they didn't give us valid sucs creds, lets try lis now
		} else {

			// try and connect to the lis ldap server
			$ldapconnLIS = ldap_connect($lisLDAPServer) or die("Could not connect to uni LDAP server.");
			//echo "Connected to $lisServer <br>";

			// lets try and bind to the uni ldap
			$ldapbindLIS1 = ldap_bind($ldapconnLIS, $lisBindDn1, $password);
			if ($ldapbindLIS1) {
				//echo "Auth'd as $username using uni LDAP using ou=$lisUsernameOu<br>";
				return "uni";
			} else {
				$ldapbindLIS2 = ldap_bind($ldapconnLIS, $lisBindDn2, $password);
				if ($ldapbindLIS2) {
					//echo "Auth'd as $username using uni LDAP using ou=moved<br>";
					return "uni";
				// shit, couldn't bind to anything
				} else {
					//exit("Invalid Username or Password");
					return "nope";
				}
			}
		}
	}
}
?>