2017-08-08 03:01:11 +08:00
< ? php
session_start ();
2019-12-01 00:55:32 +08:00
/**
* @ author Denis CLAVIER < clavierd at gmail dot com >
* A modified verion by dimst23
*/
2017-08-08 03:01:11 +08:00
2019-12-01 00:55:32 +08:00
// include our LDAP object
require_once __DIR__ . '/LDAP/LDAP.php' ;
require_once __DIR__ . '/LDAP/config_ldap.php' ;
2017-08-08 03:01:11 +08:00
2019-12-01 00:55:32 +08:00
$prompt_template = new DOMDocument ();
$prompt_template -> loadHTMLFile ( 'form_prompt.html' );
2019-05-02 20:51:50 +08:00
2019-12-01 00:55:32 +08:00
function messageShow ( $html_template , $message = 'No Msg' ) {
2020-05-02 02:41:24 +08:00
$modification_node = $html_template -> getElementsByTagName ( 'div' ) -> item ( 5 );
$page_fragment = $html_template -> createDocumentFragment ();
$page_fragment -> appendXML ( $message );
2019-12-01 00:55:32 +08:00
2020-05-02 02:41:24 +08:00
$modification_node -> appendChild ( $page_fragment );
2019-12-01 00:55:32 +08:00
2020-05-02 02:41:24 +08:00
echo $html_template -> saveHTML ();
2019-12-01 00:55:32 +08:00
}
2020-05-02 02:41:24 +08:00
// Verify all fields have been filled
if ( empty ( $_POST [ 'user' ]) || empty ( $_POST [ 'password' ]))
2019-12-01 00:55:32 +08:00
{
2020-05-02 02:41:24 +08:00
if ( empty ( $_POST [ 'user' ])) {
messageShow ( $prompt_template , 'Username field can\'t be empty.' );
} else {
messageShow ( $prompt_template , 'Password field can\'t be empty.' );
}
2019-12-01 00:55:32 +08:00
}
else
{
2020-05-02 02:41:24 +08:00
// Check received data length (to prevent code injection)
if ( strlen ( $_POST [ 'user' ]) > 64 )
{
messageShow ( $prompt_template , 'Username has incorrect format ... Please try again' );
2019-12-01 00:55:32 +08:00
}
2022-05-18 22:05:52 +08:00
elseif ( strlen ( $_POST [ 'password' ]) > 64 )
2019-12-01 00:55:32 +08:00
{
2020-05-02 02:41:24 +08:00
messageShow ( $prompt_template , 'Password has incorrect format ... Please try again' );
}
2019-12-01 00:55:32 +08:00
else
2020-05-02 02:41:24 +08:00
{
// Remove every html tag and useless space on username (to prevent XSS)
$user = strtolower ( strip_tags ( htmlspecialchars ( trim ( $_POST [ 'user' ]))));
$password = $_POST [ 'password' ];
2019-12-01 00:55:32 +08:00
2020-05-02 02:41:24 +08:00
// Open a LDAP connection
2020-06-27 22:44:47 +08:00
$ldap = new LDAP ( $ldap_host , $ldap_port , $ldap_version , $ldap_start_tls );
2019-12-01 00:55:32 +08:00
2020-05-02 02:41:24 +08:00
// Check user credential on LDAP
try {
$authenticated = $ldap -> checkLogin ( $user , $password , $ldap_search_attribute , $ldap_filter , $ldap_base_dn , $ldap_bind_dn , $ldap_bind_pass );
}
catch ( Exception $e )
{
$authenticated = false ;
}
2019-12-01 00:55:32 +08:00
2020-05-02 02:41:24 +08:00
// If user is authenticated
if ( $authenticated )
{
$_SESSION [ 'uid' ] = $user ;
2019-12-01 00:55:32 +08:00
2020-05-02 02:41:24 +08:00
// If user came here with an autorize request, redirect him to the authorize page. Else prompt a simple message.
if ( isset ( $_SESSION [ 'auth_page' ]))
{
$auth_page = $_SESSION [ 'auth_page' ];
header ( 'Location: ' . $auth_page );
exit ();
}
else
{
messageShow ( $prompt_template , 'Congratulation you are authenticated ! <br /><br /> However there is nothing to do here ...' );
}
}
// check login on LDAP has failed. Login and password were invalid or LDAP is unreachable
else
{
messageShow ( $prompt_template , 'Authentication failed ... Check your username and password.<br />If the error persists contact your administrator.<br /><br />' );
}
}
2019-12-01 00:55:32 +08:00
}
