| Server IP : 52.223.31.75 / Your IP : 172.31.6.220 [ Web Server : Apache/2.4.66 () OpenSSL/1.0.2k-fips PHP/7.4.33 System : Linux ip-172-31-14-81.eu-central-1.compute.internal 4.14.281-212.502.amzn2.x86_64 #1 SMP Thu May 26 09:52:17 UTC 2022 x86_64 User : apache ( 48) PHP Version : 7.4.33 Disable Function : NONE Domains : 4 Domains MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /var/www/ripara.co/app/helpers/ |
Upload File : |
<?php
/**
* class.AuthLdap.php , version 0.2
* Mark Round, April 2002 - http://www.markround.com/unix
* Provides LDAP authentication and user functions.
*
* Not intended as a full-blown LDAP access class - but it does provide
* several useful functions for dealing with users.
* Note - this works out of the box on Sun's iPlanet Directory Server - but
* an ACL has to be defined giving all users the ability to change their
* password (userPassword attribute).
* See the README file for more information and examples.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* ChangeLog
* ---------
* version 0.2, 11.04.2003, Michael Joseph <michael@jamwarehouse.com>
* - Added switches and workarounds for Active Directory integration
* - Change documentation to phpdoc style (http://phpdocu.sourceforge.net)
* - Added a constructor
* - Added an attribute array parameter to the getUsers method
*/
class AuthLdap {
// 1.1 Public properties -----------------------------------------------------
/**
* Array of server IP address or hostnames
*/
var $server;
/**
* The base DN (e.g. "dc=foo,dc=com")
*/
var $dn;
/**
* the directory server, currently supports iPlanet and Active Directory
*/
var $serverType;
/**
* Active Directory authenticates using user@domain
*/
var $domain;
/**
* The user to authenticate with when searching
* Active Directory doesn't support anonymous access
*/
var $username;
/**
* The password to authenticate with when searching
* Active Directory doesn't support anonymous access
*/
var $password;
/**
* Where the user records are kept
*/
var $people;
/**
* Where the group definitions are kept
*/
var $groups;
/**
* The last error code returned by the LDAP server
*/
var $ldapErrorCode;
/**
* Text of the error message
*/
var $ldapErrorText;
// 1.2 Private properties ----------------------------------------------------
/**
* The internal LDAP connection handle
*/
var $connection;
/**
* Result of any connections etc.
*/
var $result;
//host del server
var $host;
//query where
var $query;
protected $debug;
/**
*
*
* Database details, parse arrays and override config with mda.ini
*/
public function __construct($inifile){
$defaultconf = array(
'auth' => array(
'servetype' => 'Active Directory',
'domain' => 'WIN-JDU9CCJF1V6',
'server' => 'server',
'host' => '52.53.249.240',
'dnbase' => 'CN=users,DC=server,DC=WIN-JDU9CCJF1V6',
'query' => '(&(objectCategory=person)(samaccountname=*))',
'username' => 'Administrator',
'password' => 'i;NzBFdR4y'
),
'options' => array(
'debug' => 0, // 0, 1, 2
),
);
$ini = array();
$ini = parse_ini_file($inifile,true);
if (!$ini) $this->Fail('Invalid ldap ini file');
$ini = array_merge($defaultconf,array_intersect_key($ini,$defaultconf));
/**
init
*/
$this->debug = $ini['options']['debug'];
$this->server = $ini['auth']['server'];
$this->dn = $ini['auth']['dnbase'];
$this->serverType = $ini['auth']['servetype'];
$this->domain = $ini['auth']['domain'];
$this->username = $ini['auth']['username'];
$this->password = $ini['auth']['password'];
$this->host = $ini['auth']['host'];
$this->query = $ini['auth']['query'];
}
public function checkLogin($username, $password){
$ldap = ldap_connect($this->host);
if (FALSE === $ldap){
return 'Connessione con il server LDAP non riuscita!';
// Uh-oh, something is wrong...
}
$ldap_username = $username.'@'.$this->server.'.'.$this->domain;
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
$bind = @ldap_bind($ldap, $ldap_username, $password);
if ($bind) {
$filter="(sAMAccountName=$username)";
$attributes = array();
$attributes[] = 'givenname';
$attributes[] = 'mail';
$attributes[] = 'samaccountname';
$attributes[] = 'userPrincipalName';
$attributes[] = 'sn';
$result = ldap_search($ldap,$this->dn,$filter,$attributes);
ldap_sort($ldap,$result,"sn");
$entries = ldap_get_entries($ldap, $result);
for ($x=0; $x<$entries["count"]; $x++)
{
if($entries['count'] > 1){
break;
}
@ldap_close($ldap);
$dn = array();
$adn = explode(",", $entries[$x]['dn']);
foreach ($adn as $key => $value) {
if(strstr($value, "CN=")){
$dn[] = substr($value, 3);
}
}
return array('id_user' => $entries[$x]['samaccountname'][0], 'email' => $entries[$x]['mail'][0], 'username' => $entries[$x]['mail'][0], 'firstname' => $entries[$x]['samaccountname'][0], 'dn' => implode(", ", $dn), 'avatar_location' => DEFAULT_IMAGE_LDAP);
}
} else {
@ldap_close($ldap);
return false;
}
}
public function getAllUsers($person){
/**
* Get a list of users from Active Directory.
*/
$ad_users = array();
$ldap_password = $this->password;
$ldap_username = $this->username.'@'.$this->server.'.'.$this->domain;
$ldap_connection = ldap_connect($this->host); //istanza di ldap://prova.com:3268
if (FALSE === $ldap_connection){
return 'Connessione con il server LDAP non riuscita!';
// Uh-oh, something is wrong...
}
// We have to set this option for the version of Active Directory we are using.
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3) or die('Unable to set LDAP protocol version');
ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search.
if (TRUE === ldap_bind($ldap_connection, $ldap_username, $ldap_password)){
$ldap_base_dn = $this->dn;//'CN=users,DC=server,DC=WIN-JDU9CCJF1V6';
$search_filter = $filter="(|(sn=$person*)(givenname=$person*))";
//$search_filter = $this->query;//'(&(objectCategory=person)(samaccountname=*))';
$attributes = array();
$attributes[] = 'givenname';
$attributes[] = 'mail';
$attributes[] = 'samaccountname';
$attributes[] = 'userPrincipalName';
$attributes[] = 'sn';
$result = ldap_search($ldap_connection, $ldap_base_dn, $search_filter, $attributes);
if (FALSE !== $result){
$entries = ldap_get_entries($ldap_connection, $result);
for ($x=0; $x<$entries['count']; $x++){
$dn = array();
$adn = explode(",", $entries[$x]['dn']);
foreach ($adn as $key => $value) {
if(strstr($value, "CN=")){
$dn[] = substr($value, 3);
}
}
$ad_users[] = array('id_user' => $entries[$x]['samaccountname'][0], 'email' => $entries[$x]['mail'][0], 'username' => $entries[$x]['mail'][0], 'firstname' => $entries[$x]['samaccountname'][0], 'dn' => implode(", ", $dn), 'avatar_location' => DEFAULT_IMAGE_LDAP);
}
}
ldap_unbind($ldap_connection); // Clean up after ourselves.
}
@ldap_close($ldap);
return $ad_users;
}
} // End of class
?>