home *** CD-ROM | disk | FTP | other *** search

---

/ PC World 2008 September / PCWorld_2008-09_cd.bin / domacnost a kancelar / joomla / Joomla_1.5.4-Stable-Full_Package.exe / plugins / authentication / ldap.php

< prev

next >

Wrap

PHP Script  |  2008-07-06  |  5KB  |  164 lines

---

1. <?php
2. /**
3. * @version        $Id: ldap.php 10381 2008-06-01 03:35:53Z pasamio $
4. * @package        Joomla
5. * @subpackage    JFramework
6. * @copyright    Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved.
7. * @license        GNU/GPL, see LICENSE.php
8. * Joomla! is free software. This version may have been modified pursuant
9. * to the GNU General Public License, and as distributed it includes or
10. * is derivative of works licensed under the GNU General Public License or
11. * other free or open source software licenses.
12. * See COPYRIGHT.php for copyright notices and details.
13. */
14.  
15. // Check to ensure this file is included in Joomla!
16. defined('_JEXEC') or die( 'Restricted access' );
17.  
18. jimport( 'joomla.plugin.plugin' );
19.  
20. /**
21.  * LDAP Authentication Plugin
22.  *
23.  * @author Sam Moffatt <sam.moffatt@joomla.org>
24.  * @package        Joomla
25.  * @subpackage    JFramework
26.  * @since 1.5
27.  */
28.  
29. class plgAuthenticationLdap extends JPlugin
30. {
31.     /**
32.      * Constructor
33.      *
34.      * For php4 compatability we must not use the __constructor as a constructor for plugins
35.      * because func_get_args ( void ) returns a copy of all passed arguments NOT references.
36.      * This causes problems with cross-referencing necessary for the observer design pattern.
37.      *
38.      * @param     object $subject The object to observe
39.      * @param     array  $config  An array that holds the plugin configuration
40.      * @since 1.5
41.      */
42.     function plgAuthenticationLdap(& $subject, $config)
43.     {
44.         parent::__construct($subject, $config);
45.     }
46.  
47.     /**
48.      * This method should handle any authentication and report back to the subject
49.      *
50.      * @access    public
51.      * @param   array     $credentials Array holding the user credentials
52.      * @param     array   $options     Array of extra options
53.      * @param    object    $response    Authentication response object
54.      * @return    object    boolean
55.      * @since 1.5
56.      */
57.     function onAuthenticate( $credentials, $options, &$response )
58.     {
59.         // Initialize variables
60.         $userdetails = null;
61.         $success = 0;
62.         $userdetails = Array();
63.  
64.         // For JLog
65.         $response->type = 'LDAP';
66.         // LDAP does not like Blank passwords (tries to Anon Bind which is bad)
67.         if (empty($credentials['password']))
68.         {
69.             $response->status = JAUTHENTICATE_STATUS_FAILURE;
70.             $response->error_message = 'LDAP can not have blank password';
71.             return false;
72.         }
73.  
74.         // load plugin params info
75.         $ldap_email     = $this->params->get('ldap_email');
76.         $ldap_fullname    = $this->params->get('ldap_fullname');
77.         $ldap_uid        = $this->params->get('ldap_uid');
78.         $auth_method    = $this->params->get('auth_method');
79.  
80.         jimport('joomla.client.ldap');
81.         $ldap = new JLDAP($this->params);
82.  
83.         if (!$ldap->connect())
84.         {
85.             $response->status = JAUTHENTICATE_STATUS_FAILURE;
86.             $response->error_message = 'Unable to connect to LDAP server';
87.             return;
88.         }
89.  
90.         switch($auth_method)
91.         {
92.             case 'search':
93.             {
94.                 // Bind using Connect Username/password
95.                 // Force anon bind to mitigate misconfiguration like [#7119]
96.                 if(strlen($this->params->get('username'))) $bindtest = $ldap->bind();
97.                 else $bindtest = $ldap->anonymous_bind();
98.  
99.  
100.                 if($bindtest)
101.                 {
102.                     // Search for users DN
103.                     $binddata = $ldap->simple_search(str_replace("[search]", $credentials['username'], $this->params->get('search_string')));
104.                     if(isset($binddata[0]) && isset($binddata[0]['dn'])) {
105.                         // Verify Users Credentials
106.                         $success = $ldap->bind($binddata[0]['dn'],$credentials['password'],1);
107.                         // Get users details
108.                         $userdetails = $binddata;
109.                     } else {
110.                         $response->status = JAUTHENTICATE_STATUS_FAILURE;
111.                         $response->error_message = 'Unable to find user';
112.                     }
113.                 }
114.                 else
115.                 {
116.                     $response->status = JAUTHENTICATE_STATUS_FAILURE;
117.                     $response->error_message = 'Unable to bind to LDAP';
118.                 }
119.             }    break;
120.  
121.             case 'bind':
122.             {
123.                 // We just accept the result here
124.                 $success = $ldap->bind($credentials['username'],$credentials['password']);
125.                 if($success) {
126.                     $userdetails = $ldap->simple_search(str_replace("[search]", $credentials['username'], $this->params->get('search_string')));
127.                 } else {
128.                     $response->status = JAUTHENTICATE_STATUS_FAILURE;
129.                     $response->error_message = 'Failed binding to LDAP server';
130.                 }
131.             }    break;
132.         }
133.  
134.         if(!$success)
135.         {
136.             $response->status = JAUTHENTICATE_STATUS_FAILURE;
137.             if(!strlen($response->error_message)) $response->error_message = 'Incorrect username/password';
138.         }
139.         else
140.         {
141.             // Grab some details from LDAP and return them
142.             if (isset($userdetails[0][$ldap_uid][0])) {
143.                 $response->username = $userdetails[0][$ldap_uid][0];
144.             }
145.  
146.             if (isset($userdetails[0][$ldap_email][0])) {
147.                 $response->email = $userdetails[0][$ldap_email][0];
148.             }
149.  
150.             if(isset($userdetails[0][$ldap_fullname][0])) {
151.                 $response->fullname = $userdetails[0][$ldap_fullname][0];
152.             } else {
153.                 $response->fullname = $credentials['username'];
154.             }
155.  
156.             // Were good - So say so.
157.             $response->status        = JAUTHENTICATE_STATUS_SUCCESS;
158.             $response->error_message = '';
159.         }
160.  
161.         $ldap->close();
162.     }
163. }
164.