forked from zakkak/qa-ldap-login
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathqa-ldap-process.php
99 lines (86 loc) · 2.91 KB
/
qa-ldap-process.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
<?php
/* This script grabs the user/pass combo directly
* from the Question2Answer login page.
* It uses a service account to find
* the user in the ldap database.
* When found the user/pass combo is checked against the
* LDAP authentication source. Following
* this check, it either creates a SESSION array or
* a cookie that can be checked by the ldap-login
* module's check_login function, and bypasses the
* internal QA auth mechanism by redirecting back to
* the login page.
*/
require_once QA_INCLUDE_DIR."qa-base.php";
require_once QA_INCLUDE_DIR."../qa-plugin/qa-ldap-login/LDAPServer.php";
require_once QA_INCLUDE_DIR."../qa-plugin/qa-ldap-login/ActiveDirectoryLDAPServer.php";
require_once QA_INCLUDE_DIR."../qa-plugin/qa-ldap-login/GenericLDAPServer.php";
global $ldapserver;
function ldap_process ($user,$pass) {
global $ldapserver;
// Check ig user or pass is empty
if ( '' == $user || '' == $pass ) {
return false;
}
if (qa_opt('ldap_login_ad')) {
$ldapserver = new ActiveDirectoryLDAPServer();
} else {
$ldapserver = new GenericLDAPServer();
}
$ldapserver->connectWithServer();
if ($ldapserver->bindToLDAP($user,$pass)) {
$data = $ldapserver->getUserAttributes();
return $data;
}
$ldapserver->closeServerConnection();
return false;
}
function isEmpty($attr) {
if($attr == '' || preg_match("/^[[:space:]]+$/", $attr)) {
return true;
}
return false;
}
$expire = 14*24*60*60;
if (!isEmpty($inemailhandle)) {
if (!isEmpty($inpassword)) {
$name = ldap_process($inemailhandle,$inpassword);
if ($name) {
// Set name variables based on results from LDAP
$fname = $name[0];
$lname = $name[1];
$email = $name[2];
$user = $name[3];
// Do not login or create account if mail value is NULL
if ( '' == $email ){
// FIXME somehow print a message
qa_redirect('login');
exit();
}
if($inremember == '1') {
setcookie("qa-login_lname", $lname, time() + $expire, '/');
setcookie("qa-login_fname", $fname, time() + $expire, '/');
setcookie("qa-login_email", $email, time() + $expire, '/');
setcookie("qa-login_user", $user, time() + $expire, '/');
} else {
$_SESSION["qa-login_lname"] = $lname;
$_SESSION["qa-login_fname"] = $fname;
$_SESSION["qa-login_email"] = $email;
$_SESSION["qa-login_user"] = $user;
}
$topath=qa_get('to');
if (isset($topath))
qa_redirect_raw(qa_path_to_root().$topath); // path already provided as URL fragment
else
qa_redirect('');
exit();
} else {
if(!qa_opt('ldap_login_allow_normal')) {
// FIXME somehow print a message
qa_redirect('login');
exit();
}
}
}
}
?>