diff options
Diffstat (limited to 'php/admin/include/auth.class.php.in')
-rw-r--r-- | php/admin/include/auth.class.php.in | 175 |
1 files changed, 175 insertions, 0 deletions
diff --git a/php/admin/include/auth.class.php.in b/php/admin/include/auth.class.php.in new file mode 100644 index 0000000..8932a10 --- /dev/null +++ b/php/admin/include/auth.class.php.in @@ -0,0 +1,175 @@ +<?php +/* + * Copyright (c) 2004 Klarälvdalens Datakonsult AB + * + * Written by Steffen Hansen <steffen@klaralvdalens-datakonsult.se> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You can view the GNU General Public License, online, at the GNU + * Project's homepage; see <http://www.gnu.org/licenses/gpl.html>. + */ + +require_once('ldap.class.php'); +require_once('debug.php'); +require_once('mysmarty.php'); +require_once('locale.php'); + +class KolabAuth { + function KolabAuth( $do_auth = true, $params = array() ) { + $this->params = $params; + if( isset( $_GET['logout'] ) || isset( $_POST['logout'] ) ) { + $this->logout(); + } else if( $do_auth ) { + $this->authenticate(); + } + } + + function authenticate() { + global $ldap; + $this->error_string = false; + if( !isset( $ldap ) ) { + $this->error_string = _("Server error, no ldap object!"); + return false; + } + // Anon. bind first + if( !$ldap->bind( $_SESSION['php_dn'], $_SESSION['php_pw'] ) ) { + $this->error_string = _("Could not bind to LDAP server: ").$ldap->error(); + $this->gotoLoginPage(); + } + if( $this->isAuthenticated() ) { + $bind_result = $ldap->bind( $_SESSION['auth_dn'], $_SESSION['auth_pw'] ); + } else { + $bind_result = false; + } + if( !$bind_result ) { + // Anon. bind first + if( !$ldap->bind() ) { + $this->error_string = _("Could not bind to LDAP server"); + $this->gotoLoginPage(); + } + // User not logged in, check login/password + if( isset( $_POST['username'] ) && isset( $_POST['password'] ) ) { + $dn = $ldap->dnForUid( $_POST['username'] ); + if (!$dn) { + $dn = $ldap->dnForMail( $_POST['username'] ); // try mail attribute + } + if( $dn ) { + $auth_user = $ldap->uidForDn( $dn ); + $auth_group = $ldap->groupForUid( $auth_user ); + $tmp_group = ($auth_user=='manager')?'manager':$auth_group; + if( !in_array( $tmp_group, $this->params['allow_user_classes'] ) ) { + $this->error_string = _("User class '$tmp_group' is denied access"); + $this->gotoLoginPage(); + } + $bind_result = $ldap->bind( $dn, $_POST['password'] ); + if( $bind_result ) { + // All OK! + $_SESSION['auth_dn'] = $dn; + $_SESSION['auth_user'] = $auth_user; + $_SESSION['auth_pw'] = $_POST['password']; + $_SESSION['auth_group'] = $auth_group; + $_SESSION['remote_ip'] = $_SERVER['REMOTE_ADDR']; + return true; + } else { + $this->error_string = _("Wrong username or password"); + $this->gotoLoginPage(); + } + } else { + $this->error_string = _("Wrong username or password"); + //$this->error_string = "Dn not found"; + $this->gotoLoginPage(); + } + } else { + $this->error_string = _('Please log in as a valid user'); + $this->gotoLoginPage(); + } + } else { + // All OK, user already logged in + return true; + } + } + + function logout() { + session_unset(); + session_destroy(); + $this->error_string = ""; + //$this->gotoLoginPage(); + Header("Location: @webserver_web_prefix@/admin/"); + } + + function handleLogin() { + if( isset( $_POST['login'] ) ) { + $this->authenticate(); + } else if( isset( $_POST['logout'] ) ) { + $this->logout(); + } + } + + function gotoLoginPage() { + global $topdir; + $smarty =& new MySmarty(); + $smarty->assign( 'topdir', $topdir ); + $smarty->assign( 'uid', '' ); + $smarty->assign( 'group', '' ); + $smarty->assign( 'page_title', _('Login') ); + $smarty->assign( 'menuitems', array() ); + $smarty->assign( 'errors', array( $this->error() ) ); + $smarty->assign( 'maincontent', 'login.tpl' ); + $smarty->display('page.tpl'); + exit(); + } + + function isAuthenticated() { + return isset( $_SESSION['auth_dn'] ) && $_SESSION['remote_ip'] == $_SERVER['REMOTE_ADDR']; + } + + function dn() { + if( $this->isAuthenticated() ) return $_SESSION['auth_dn']; + else return false; + } + + function uid() { + if( $this->isAuthenticated() ) return $_SESSION['auth_user']; + else return false; + } + + function group() { + if( $this->isAuthenticated() ) return $_SESSION['auth_group']; + } + + function password() { + if( $this->isAuthenticated() ) { + return $_SESSION['auth_pw']; + } + else return false; + } + + function setDn( $dn ) {$_SESSION['auth_dn'] = $dn;} + function setUid( $uid ) {$_SESSION['auth_user'] = $uid;} + function setPassword( $pw ) {$_SESSION['auth_pw'] = $pw;} + + function error() { + return $this->error_string; + } + + var $error_string = false; + var $params; +}; +/* + Local variables: + mode: php + indent-tabs-mode: t + tab-width: 4 + buffer-file-coding-system: utf-8 + End: + */ +?> |