ldap-matter/oauth/connexion.php

<?php
session_start();
/**
 * @author Denis CLAVIER <clavierd at gmail dot com>
 */

// include our LDAP object
require_once __DIR__.'/LDAP/LDAP.php';
require_once __DIR__.'/LDAP/config_ldap.php';


// Verify all fields have been filled
if (empty($_POST['user']) || empty($_POST['password'])) {
    echo 'Please fill in your Username and Password<br /><br />';
    echo 'Click <a href="./index.php">here</a> to come back to login page';
} else {
    // Check received data length (to prevent code injection)
    if (strlen($_POST['user']) > 15) {
        echo 'Username has incorrect format ... Please try again<br /><br />';
        echo 'Click <a href="./index.php">here</a> to come back to login page';
    } elseif (strlen($_POST['password']) > 50 || strlen($_POST['password']) <= 7) {
        echo 'Password has incorrect format ... Please try again<br /><br />';
        echo 'Click <a href="./index.php">here</a> to come back to login page';
    } else {
        // Remove every html tag and useless space on username (to prevent XSS)
        $user=strtolower(strip_tags(htmlspecialchars(trim($_POST['user']))));

        $password=$_POST['password'];

        // Open a LDAP connection
        $ldap = new LDAP($ldap_host, $ldap_port, $ldap_version);

        // Check user credential on LDAP
        try {
            $authenticated = $ldap->checkLogin($user, $password, $ldap_search_attribute, $ldap_filter, $ldap_base_dn, $ldap_bind_dn, $ldap_bind_pass);
        } catch (Exception $e) {
            $resp = json_encode(array("error" => "Impossible to get data", "message" => $e->getMessage()));
            $authenticated = false;
        }

        // If user is authenticated
        if ($authenticated) {
            $_SESSION['uid']=$user;

            // If user came here with an autorize request, redirect him to the authorize page. Else prompt a simple message.
            if (isset($_SESSION['auth_page'])) {
                $auth_page=$_SESSION['auth_page'];
                header('Location: ' . $auth_page);
                exit();
            } else {
                echo "Congratulation you are authenticated ! <br /><br /> However there is nothing to do here ...";
            }
        }
        // check login on LDAP has failed. Login and password were invalid or LDAP is unreachable
        else {
            echo "Authentication failed ... Check your username and password.<br />If error persist contact your administrator.<br /><br />";
            echo 'Click <a href="./index.php">here</a> to come back to login page';
            echo '<br /><br /><br />' . $resp;
        }
    }
}
Initial Commit - First version 2017-08-08 03:01:11 +08:00			`<?php`
			`session_start();`
			`/**`
			`* @author Denis CLAVIER <clavierd at gmail dot com>`
			`*/`

			`// include our LDAP object`
			`require_once __DIR__.'/LDAP/LDAP.php';`
			`require_once __DIR__.'/LDAP/config_ldap.php';`

LDAP support improvment (issue #6) + some bugs corrected 2017-08-26 21:54:24 +08:00
Update Mattermost-LDAP to V2.0 2020-04-30 21:43:07 +08:00			`// Verify all fields have been filled`
			`if (empty($_POST['user']) \|\| empty($_POST['password'])) {`
			`echo 'Please fill in your Username and Password<br /><br />';`
			`echo 'Click <a href="./index.php">here</a> to come back to login page';`
			`} else {`
			`// Check received data length (to prevent code injection)`
			`if (strlen($_POST['user']) > 15) {`
			`echo 'Username has incorrect format ... Please try again<br /><br />';`
			`echo 'Click <a href="./index.php">here</a> to come back to login page';`
			`} elseif (strlen($_POST['password']) > 50 \|\| strlen($_POST['password']) <= 7) {`
			`echo 'Password has incorrect format ... Please try again<br /><br />';`
			`echo 'Click <a href="./index.php">here</a> to come back to login page';`
			`} else {`
			`// Remove every html tag and useless space on username (to prevent XSS)`
			`$user=strtolower(strip_tags(htmlspecialchars(trim($_POST['user']))));`
Initial Commit - First version 2017-08-08 03:01:11 +08:00
Update Mattermost-LDAP to V2.0 2020-04-30 21:43:07 +08:00			`$password=$_POST['password'];`
Initial Commit - First version 2017-08-08 03:01:11 +08:00
Update Mattermost-LDAP to V2.0 2020-04-30 21:43:07 +08:00			`// Open a LDAP connection`
			`$ldap = new LDAP($ldap_host, $ldap_port, $ldap_version);`
Patch for Mattermost 4.4 -> 4.9 + some bug fix 2018-05-20 00:04:13 +08:00
Update Mattermost-LDAP to V2.0 2020-04-30 21:43:07 +08:00			`// Check user credential on LDAP`
			`try {`
			`$authenticated = $ldap->checkLogin($user, $password, $ldap_search_attribute, $ldap_filter, $ldap_base_dn, $ldap_bind_dn, $ldap_bind_pass);`
			`} catch (Exception $e) {`
			`$resp = json_encode(array("error" => "Impossible to get data", "message" => $e->getMessage()));`
			`$authenticated = false;`
			`}`
Initial Commit - First version 2017-08-08 03:01:11 +08:00
Update Mattermost-LDAP to V2.0 2020-04-30 21:43:07 +08:00			`// If user is authenticated`
			`if ($authenticated) {`
			`$_SESSION['uid']=$user;`

			`// If user came here with an autorize request, redirect him to the authorize page. Else prompt a simple message.`
			`if (isset($_SESSION['auth_page'])) {`
			`$auth_page=$_SESSION['auth_page'];`
			`header('Location: ' . $auth_page);`
			`exit();`
			`} else {`
			`echo "Congratulation you are authenticated ! <br /><br /> However there is nothing to do here ...";`
			`}`
			`}`
			`// check login on LDAP has failed. Login and password were invalid or LDAP is unreachable`
			`else {`
			`echo "Authentication failed ... Check your username and password.<br />If error persist contact your administrator.<br /><br />";`
			`echo 'Click <a href="./index.php">here</a> to come back to login page';`
			`echo '<br /><br /><br />' . $resp;`
			`}`
			`}`
Initial Commit - First version 2017-08-08 03:01:11 +08:00			`}`