90 lines
2.8 KiB
PHP
90 lines
2.8 KiB
PHP
<?php
|
|
session_start();
|
|
/**
|
|
* @author Denis CLAVIER <clavierd at gmail dot com>
|
|
* A modified verion by dimst23
|
|
*/
|
|
|
|
|
|
// include our LDAP object
|
|
require_once __DIR__.'/LDAP/LDAP.php';
|
|
require_once __DIR__.'/LDAP/config_ldap.php';
|
|
|
|
$prompt_template = new DOMDocument();
|
|
$prompt_template->loadHTMLFile('form_prompt.html');
|
|
|
|
|
|
function messageShow($html_template, $message = 'No Msg') {
|
|
$modification_node = $html_template->getElementsByTagName('div')->item(5);
|
|
$page_fragment = $html_template->createDocumentFragment();
|
|
$page_fragment->appendXML($message);
|
|
|
|
$modification_node->appendChild($page_fragment);
|
|
|
|
echo $html_template->saveHTML();
|
|
}
|
|
|
|
|
|
// Verify all fields have been filled
|
|
if (empty($_POST['user']) || empty($_POST['password']))
|
|
{
|
|
if (empty($_POST['user'])) {
|
|
messageShow($prompt_template, 'Username field can\'t be empty.');
|
|
} else {
|
|
messageShow($prompt_template, 'Password field can\'t be empty.');
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// Check received data length (to prevent code injection)
|
|
if (strlen($_POST['user']) > 64)
|
|
{
|
|
messageShow($prompt_template, 'Username has incorrect format ... Please try again');
|
|
}
|
|
elseif (strlen($_POST['password']) > 64)
|
|
{
|
|
messageShow($prompt_template, 'Password has incorrect format ... Please try again');
|
|
}
|
|
else
|
|
{
|
|
// Remove every html tag and useless space on username (to prevent XSS)
|
|
$user=strtolower(strip_tags(htmlspecialchars(trim($_POST['user']))));
|
|
$password=$_POST['password'];
|
|
|
|
// Open a LDAP connection
|
|
$ldap = new LDAP($ldap_host,$ldap_port,$ldap_version,$ldap_start_tls);
|
|
|
|
// Check user credential on LDAP
|
|
try{
|
|
$authenticated = $ldap->checkLogin($user,$password,$ldap_search_attribute,$ldap_filter,$ldap_base_dn,$ldap_bind_dn,$ldap_bind_pass);
|
|
}
|
|
catch (Exception $e)
|
|
{
|
|
$authenticated = false;
|
|
}
|
|
|
|
// If user is authenticated
|
|
if ($authenticated)
|
|
{
|
|
$_SESSION['uid']=$user;
|
|
|
|
// If user came here with an autorize request, redirect him to the authorize page. Else prompt a simple message.
|
|
if (isset($_SESSION['auth_page']))
|
|
{
|
|
$auth_page=$_SESSION['auth_page'];
|
|
header('Location: ' . $auth_page);
|
|
exit();
|
|
}
|
|
else
|
|
{
|
|
messageShow($prompt_template, 'Congratulation you are authenticated ! <br /><br /> However there is nothing to do here ...');
|
|
}
|
|
}
|
|
// check login on LDAP has failed. Login and password were invalid or LDAP is unreachable
|
|
else
|
|
{
|
|
messageShow($prompt_template, 'Authentication failed ... Check your username and password.<br />If the error persists contact your administrator.<br /><br />');
|
|
}
|
|
}
|
|
}
|