home *** CD-ROM | disk | FTP | other *** search
/ PC World 2008 September / PCWorld_2008-09_cd.bin / domacnost a kancelar / joomla / Joomla_1.5.4-Stable-Full_Package.exe / plugins / authentication / ldap.php < prev    next >
Encoding:
PHP Script  |  2008-07-06  |  4.8 KB  |  164 lines
  1. <?php
  2. /**
  3. * @version        $Id: ldap.php 10381 2008-06-01 03:35:53Z pasamio $
  4. * @package        Joomla
  5. * @subpackage    JFramework
  6. * @copyright    Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved.
  7. * @license        GNU/GPL, see LICENSE.php
  8. * Joomla! is free software. This version may have been modified pursuant
  9. * to the GNU General Public License, and as distributed it includes or
  10. * is derivative of works licensed under the GNU General Public License or
  11. * other free or open source software licenses.
  12. * See COPYRIGHT.php for copyright notices and details.
  13. */
  14.  
  15. // Check to ensure this file is included in Joomla!
  16. defined('_JEXEC') or die( 'Restricted access' );
  17.  
  18. jimport( 'joomla.plugin.plugin' );
  19.  
  20. /**
  21.  * LDAP Authentication Plugin
  22.  *
  23.  * @author Sam Moffatt <sam.moffatt@joomla.org>
  24.  * @package        Joomla
  25.  * @subpackage    JFramework
  26.  * @since 1.5
  27.  */
  28.  
  29. class plgAuthenticationLdap extends JPlugin
  30. {
  31.     /**
  32.      * Constructor
  33.      *
  34.      * For php4 compatability we must not use the __constructor as a constructor for plugins
  35.      * because func_get_args ( void ) returns a copy of all passed arguments NOT references.
  36.      * This causes problems with cross-referencing necessary for the observer design pattern.
  37.      *
  38.      * @param     object $subject The object to observe
  39.      * @param     array  $config  An array that holds the plugin configuration
  40.      * @since 1.5
  41.      */
  42.     function plgAuthenticationLdap(& $subject, $config)
  43.     {
  44.         parent::__construct($subject, $config);
  45.     }
  46.  
  47.     /**
  48.      * This method should handle any authentication and report back to the subject
  49.      *
  50.      * @access    public
  51.      * @param   array     $credentials Array holding the user credentials
  52.      * @param     array   $options     Array of extra options
  53.      * @param    object    $response    Authentication response object
  54.      * @return    object    boolean
  55.      * @since 1.5
  56.      */
  57.     function onAuthenticate( $credentials, $options, &$response )
  58.     {
  59.         // Initialize variables
  60.         $userdetails = null;
  61.         $success = 0;
  62.         $userdetails = Array();
  63.  
  64.         // For JLog
  65.         $response->type = 'LDAP';
  66.         // LDAP does not like Blank passwords (tries to Anon Bind which is bad)
  67.         if (empty($credentials['password']))
  68.         {
  69.             $response->status = JAUTHENTICATE_STATUS_FAILURE;
  70.             $response->error_message = 'LDAP can not have blank password';
  71.             return false;
  72.         }
  73.  
  74.         // load plugin params info
  75.         $ldap_email     = $this->params->get('ldap_email');
  76.         $ldap_fullname    = $this->params->get('ldap_fullname');
  77.         $ldap_uid        = $this->params->get('ldap_uid');
  78.         $auth_method    = $this->params->get('auth_method');
  79.  
  80.         jimport('joomla.client.ldap');
  81.         $ldap = new JLDAP($this->params);
  82.  
  83.         if (!$ldap->connect())
  84.         {
  85.             $response->status = JAUTHENTICATE_STATUS_FAILURE;
  86.             $response->error_message = 'Unable to connect to LDAP server';
  87.             return;
  88.         }
  89.  
  90.         switch($auth_method)
  91.         {
  92.             case 'search':
  93.             {
  94.                 // Bind using Connect Username/password
  95.                 // Force anon bind to mitigate misconfiguration like [#7119]
  96.                 if(strlen($this->params->get('username'))) $bindtest = $ldap->bind();
  97.                 else $bindtest = $ldap->anonymous_bind();
  98.  
  99.  
  100.                 if($bindtest)
  101.                 {
  102.                     // Search for users DN
  103.                     $binddata = $ldap->simple_search(str_replace("[search]", $credentials['username'], $this->params->get('search_string')));
  104.                     if(isset($binddata[0]) && isset($binddata[0]['dn'])) {
  105.                         // Verify Users Credentials
  106.                         $success = $ldap->bind($binddata[0]['dn'],$credentials['password'],1);
  107.                         // Get users details
  108.                         $userdetails = $binddata;
  109.                     } else {
  110.                         $response->status = JAUTHENTICATE_STATUS_FAILURE;
  111.                         $response->error_message = 'Unable to find user';
  112.                     }
  113.                 }
  114.                 else
  115.                 {
  116.                     $response->status = JAUTHENTICATE_STATUS_FAILURE;
  117.                     $response->error_message = 'Unable to bind to LDAP';
  118.                 }
  119.             }    break;
  120.  
  121.             case 'bind':
  122.             {
  123.                 // We just accept the result here
  124.                 $success = $ldap->bind($credentials['username'],$credentials['password']);
  125.                 if($success) {
  126.                     $userdetails = $ldap->simple_search(str_replace("[search]", $credentials['username'], $this->params->get('search_string')));
  127.                 } else {
  128.                     $response->status = JAUTHENTICATE_STATUS_FAILURE;
  129.                     $response->error_message = 'Failed binding to LDAP server';
  130.                 }
  131.             }    break;
  132.         }
  133.  
  134.         if(!$success)
  135.         {
  136.             $response->status = JAUTHENTICATE_STATUS_FAILURE;
  137.             if(!strlen($response->error_message)) $response->error_message = 'Incorrect username/password';
  138.         }
  139.         else
  140.         {
  141.             // Grab some details from LDAP and return them
  142.             if (isset($userdetails[0][$ldap_uid][0])) {
  143.                 $response->username = $userdetails[0][$ldap_uid][0];
  144.             }
  145.  
  146.             if (isset($userdetails[0][$ldap_email][0])) {
  147.                 $response->email = $userdetails[0][$ldap_email][0];
  148.             }
  149.  
  150.             if(isset($userdetails[0][$ldap_fullname][0])) {
  151.                 $response->fullname = $userdetails[0][$ldap_fullname][0];
  152.             } else {
  153.                 $response->fullname = $credentials['username'];
  154.             }
  155.  
  156.             // Were good - So say so.
  157.             $response->status        = JAUTHENTICATE_STATUS_SUCCESS;
  158.             $response->error_message = '';
  159.         }
  160.  
  161.         $ldap->close();
  162.     }
  163. }
  164.