ldap-matter/oauth/connexion.php

<?php
session_start();
/**
 * @author Denis CLAVIER <clavierd at gmail dot com>
 */

// include our LDAP object
require_once __DIR__.'/LDAP/LDAP.php';
require_once __DIR__.'/LDAP/config_ldap.php';


// Verify all fields have been filled 
if (empty($_POST['user']) || empty($_POST['password'])) 
{
	echo 'Please fill in your Username and Password<br /><br />';
	echo 'Click <a href="./index.php">here</a> to come back to login page';
}
else
{
	// Check received data length (to prevent code injection) 
	if (strlen($_POST['user']) > 15)
 	{
  		echo 'Username is longer than 15 characters ... Please try again<br /><br />';
		echo 'Click <a href="./index.php">here</a> to come back to login page';
    }
    elseif (strlen($_POST['password']) > 50)
    {
	echo 'Password is longer than 50 characters ... Please try again<br /><br />';
	echo 'Click <a href="./index.php">here</a> to come back to login page';

    } elseif (strlen($_POST['password']) <= 7)
    {
    	echo 'Password is shorter than 7 characters ... Please try again<br /><br />';
	echo 'Click <a href="./index.php">here</a> to come back to login page';
    } 
    else
   	{
   		// Remove every html tag and useless space on username (to prevent XSS)
   	   	$user=strip_tags(trim($_POST['user']));

    	$user=$_POST['user'];
    	$password=$_POST['password'];

    	// Open a LDAP connection
    	$ldap = new LDAP($ldap_host,$ldap_port,$ldap_version);
		
		// Check user credential on LDAP
		try{
			$authenticated = $ldap->checkLogin($user,$password,$ldap_search_attribute,$ldap_filter,$ldap_base_dn,$ldap_bind_dn,$ldap_bind_pass);
		}
		catch (Exception $e)
		{
		    if ($e->getCode() == 404) {
			$resp = json_encode(
			    [
				"error" => "User not found",
				"message" => "$user is not in the group of authorized users."
			    ]
			);
		    } else {
			$resp = json_encode(array("error" => "Impossible to get data", "message" => $e->getMessage()));
		    }
		    $authenticated = false;
		}

		// If user is authenticated
		if ($authenticated) 
		{
		    $_SESSION['uid']=$user;

		    // If user came here with an autorize request, redirect him to the authorize page. Else prompt a simple message.
		    if (isset($_SESSION['auth_page']))
		    {
		    	$auth_page=$_SESSION['auth_page'];
		    	header('Location: ' . $auth_page);
 				exit();
		    }
		 	else 
		 	{
		 		echo "Congratulation you are authenticated ! <br /><br /> However there is nothing to do here ...";
			}
	    }
	    // check login on LDAP has failed. Login and password were invalid or LDAP is unreachable
		else 
		{
		echo "Authentication failed ... Check your username and password.<br />If error persist contact your administrator.<br /><br />";
		echo 'Click <a href="./index.php">here</a> to come back to login page';
		echo '<br /><br /><br />' . $resp;
		}
	}
}
Initial Commit - First version 2017-08-08 03:01:11 +08:00			`<?php`
			`session_start();`
			`/**`
			`* @author Denis CLAVIER <clavierd at gmail dot com>`
			`*/`

			`// include our LDAP object`
			`require_once __DIR__.'/LDAP/LDAP.php';`
			`require_once __DIR__.'/LDAP/config_ldap.php';`

LDAP support improvment (issue #6) + some bugs corrected 2017-08-26 21:54:24 +08:00
Initial Commit - First version 2017-08-08 03:01:11 +08:00			`// Verify all fields have been filled`
			`if (empty($_POST['user']) \|\| empty($_POST['password']))`
			`{`
Patch for Mattermost 4.4 -> 4.9 + some bug fix 2018-05-20 00:04:13 +08:00			`echo 'Please fill in your Username and Password<br /><br />';`
Initial Commit - First version 2017-08-08 03:01:11 +08:00			`echo 'Click <a href="./index.php">here</a> to come back to login page';`
			`}`
			`else`
			`{`
			`// Check received data length (to prevent code injection)`
			`if (strlen($_POST['user']) > 15)`
			`{`
Missing space in username error 2020-04-30 05:55:04 +08:00			`echo 'Username is longer than 15 characters ... Please try again<br /><br />';`
Initial Commit - First version 2017-08-08 03:01:11 +08:00			`echo 'Click <a href="./index.php">here</a> to come back to login page';`
			`}`
Clarify errors in connexion.php 2020-04-30 05:50:57 +08:00			`elseif (strlen($_POST['password']) > 50)`
Initial Commit - First version 2017-08-08 03:01:11 +08:00			`{`
Clarify errors in connexion.php 2020-04-30 05:50:57 +08:00			`echo 'Password is longer than 50 characters ... Please try again<br /><br />';`
			`echo 'Click <a href="./index.php">here</a> to come back to login page';`

			`} elseif (strlen($_POST['password']) <= 7)`
			`{`
			`echo 'Password is shorter than 7 characters ... Please try again<br /><br />';`
			`echo 'Click <a href="./index.php">here</a> to come back to login page';`
Initial Commit - First version 2017-08-08 03:01:11 +08:00			`}`
			`else`
			`{`
			`// Remove every html tag and useless space on username (to prevent XSS)`
			`$user=strip_tags(trim($_POST['user']));`

			`$user=$_POST['user'];`
			`$password=$_POST['password'];`

			`// Open a LDAP connection`
Refresh project and Readme Adapt vars name for consistency Add a light CSS design 2019-05-02 20:51:50 +08:00			`$ldap = new LDAP($ldap_host,$ldap_port,$ldap_version);`
Initial Commit - First version 2017-08-08 03:01:11 +08:00
			`// Check user credential on LDAP`
Patch for Mattermost 4.4 -> 4.9 + some bug fix 2018-05-20 00:04:13 +08:00			`try{`
Refresh project and Readme Adapt vars name for consistency Add a light CSS design 2019-05-02 20:51:50 +08:00			`$authenticated = $ldap->checkLogin($user,$password,$ldap_search_attribute,$ldap_filter,$ldap_base_dn,$ldap_bind_dn,$ldap_bind_pass);`
Patch for Mattermost 4.4 -> 4.9 + some bug fix 2018-05-20 00:04:13 +08:00			`}`
			`catch (Exception $e)`
			`{`
Copy 404 handling to connexion.php 2020-05-01 01:21:56 +08:00			`if ($e->getCode() == 404) {`
			`$resp = json_encode(`
			`[`
			`"error" => "User not found",`
			`"message" => "$user is not in the group of authorized users."`
			`]`
			`);`
			`} else {`
Correct few mistake in Readme and exception handler in connexion.php 2018-05-20 05:28:01 +08:00			`$resp = json_encode(array("error" => "Impossible to get data", "message" => $e->getMessage()));`
Copy 404 handling to connexion.php 2020-05-01 01:21:56 +08:00			`}`
			`$authenticated = false;`
Patch for Mattermost 4.4 -> 4.9 + some bug fix 2018-05-20 00:04:13 +08:00			`}`

			`// If user is authenticated`
			`if ($authenticated)`
Initial Commit - First version 2017-08-08 03:01:11 +08:00			`{`
			`$_SESSION['uid']=$user;`

			`// If user came here with an autorize request, redirect him to the authorize page. Else prompt a simple message.`
			`if (isset($_SESSION['auth_page']))`
			`{`
			`$auth_page=$_SESSION['auth_page'];`
			`header('Location: ' . $auth_page);`
			`exit();`
			`}`
			`else`
			`{`
			`echo "Congratulation you are authenticated ! <br /><br /> However there is nothing to do here ...";`
			`}`
			`}`
			`// check login on LDAP has failed. Login and password were invalid or LDAP is unreachable`
			`else`
			`{`
Better organization for configuration - add config file 2017-08-17 06:05:49 +08:00			`echo "Authentication failed ... Check your username and password.<br />If error persist contact your administrator.<br /><br />";`
Initial Commit - First version 2017-08-08 03:01:11 +08:00			`echo 'Click <a href="./index.php">here</a> to come back to login page';`
Correct few mistake in Readme and exception handler in connexion.php 2018-05-20 05:28:01 +08:00			`echo '<br /><br /><br />' . $resp;`
Initial Commit - First version 2017-08-08 03:01:11 +08:00			`}`
			`}`
			`}`