| [ Index ] |
PHP Cross Reference of phpBB-3.2.11-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * This file is part of the phpBB Forum Software package. 5 * 6 * @copyright (c) phpBB Limited <https://www.phpbb.com> 7 * @license GNU General Public License, version 2 (GPL-2.0) 8 * 9 * For full copyright and license information, please see 10 * the docs/CREDITS.txt file. 11 * 12 */ 13 14 namespace phpbb\auth\provider; 15 16 /** 17 * Database authentication provider for phpBB3 18 * This is for authentication via the integrated user table 19 */ 20 class ldap extends \phpbb\auth\provider\base 21 { 22 /** 23 * phpBB passwords manager 24 * 25 * @var \phpbb\passwords\manager 26 */ 27 protected $passwords_manager; 28 29 /** 30 * LDAP Authentication Constructor 31 * 32 * @param \phpbb\db\driver\driver_interface $db Database object 33 * @param \phpbb\config\config $config Config object 34 * @param \phpbb\passwords\manager $passwords_manager Passwords manager object 35 * @param \phpbb\user $user User object 36 */ 37 public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\user $user) 38 { 39 $this->db = $db; 40 $this->config = $config; 41 $this->passwords_manager = $passwords_manager; 42 $this->user = $user; 43 } 44 45 /** 46 * {@inheritdoc} 47 */ 48 public function init() 49 { 50 if (!@extension_loaded('ldap')) 51 { 52 return $this->user->lang['LDAP_NO_LDAP_EXTENSION']; 53 } 54 55 $this->config['ldap_port'] = (int) $this->config['ldap_port']; 56 if ($this->config['ldap_port']) 57 { 58 $ldap = @ldap_connect($this->config['ldap_server'], $this->config['ldap_port']); 59 } 60 else 61 { 62 $ldap = @ldap_connect($this->config['ldap_server']); 63 } 64 65 if (!$ldap) 66 { 67 return $this->user->lang['LDAP_NO_SERVER_CONNECTION']; 68 } 69 70 @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); 71 @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); 72 73 if ($this->config['ldap_user'] || $this->config['ldap_password']) 74 { 75 if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password']))) 76 { 77 return $this->user->lang['LDAP_INCORRECT_USER_PASSWORD']; 78 } 79 } 80 81 // ldap_connect only checks whether the specified server is valid, so the connection might still fail 82 $search = @ldap_search( 83 $ldap, 84 htmlspecialchars_decode($this->config['ldap_base_dn']), 85 $this->ldap_user_filter($this->user->data['username']), 86 (empty($this->config['ldap_email'])) ? 87 array(htmlspecialchars_decode($this->config['ldap_uid'])) : 88 array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])), 89 0, 90 1 91 ); 92 93 if ($search === false) 94 { 95 return $this->user->lang['LDAP_SEARCH_FAILED']; 96 } 97 98 $result = @ldap_get_entries($ldap, $search); 99 100 @ldap_close($ldap); 101 102 if (!is_array($result) || count($result) < 2) 103 { 104 return sprintf($this->user->lang['LDAP_NO_IDENTITY'], $this->user->data['username']); 105 } 106 107 if (!empty($this->config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($this->config['ldap_email'])])) 108 { 109 return $this->user->lang['LDAP_NO_EMAIL']; 110 } 111 112 return false; 113 } 114 115 /** 116 * {@inheritdoc} 117 */ 118 public function login($username, $password) 119 { 120 // do not allow empty password 121 if (!$password) 122 { 123 return array( 124 'status' => LOGIN_ERROR_PASSWORD, 125 'error_msg' => 'NO_PASSWORD_SUPPLIED', 126 'user_row' => array('user_id' => ANONYMOUS), 127 ); 128 } 129 130 if (!$username) 131 { 132 return array( 133 'status' => LOGIN_ERROR_USERNAME, 134 'error_msg' => 'LOGIN_ERROR_USERNAME', 135 'user_row' => array('user_id' => ANONYMOUS), 136 ); 137 } 138 139 if (!@extension_loaded('ldap')) 140 { 141 return array( 142 'status' => LOGIN_ERROR_EXTERNAL_AUTH, 143 'error_msg' => 'LDAP_NO_LDAP_EXTENSION', 144 'user_row' => array('user_id' => ANONYMOUS), 145 ); 146 } 147 148 $this->config['ldap_port'] = (int) $this->config['ldap_port']; 149 if ($this->config['ldap_port']) 150 { 151 $ldap = @ldap_connect($this->config['ldap_server'], $this->config['ldap_port']); 152 } 153 else 154 { 155 $ldap = @ldap_connect($this->config['ldap_server']); 156 } 157 158 if (!$ldap) 159 { 160 return array( 161 'status' => LOGIN_ERROR_EXTERNAL_AUTH, 162 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', 163 'user_row' => array('user_id' => ANONYMOUS), 164 ); 165 } 166 167 @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); 168 @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); 169 170 if ($this->config['ldap_user'] || $this->config['ldap_password']) 171 { 172 if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password']))) 173 { 174 return array( 175 'status' => LOGIN_ERROR_EXTERNAL_AUTH, 176 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', 177 'user_row' => array('user_id' => ANONYMOUS), 178 ); 179 } 180 } 181 182 $search = @ldap_search( 183 $ldap, 184 htmlspecialchars_decode($this->config['ldap_base_dn']), 185 $this->ldap_user_filter($username), 186 (empty($this->config['ldap_email'])) ? 187 array(htmlspecialchars_decode($this->config['ldap_uid'])) : 188 array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])), 189 0, 190 1 191 ); 192 193 $ldap_result = @ldap_get_entries($ldap, $search); 194 195 if (is_array($ldap_result) && count($ldap_result) > 1) 196 { 197 if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password))) 198 { 199 @ldap_close($ldap); 200 201 $sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type 202 FROM ' . USERS_TABLE . " 203 WHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'"; 204 $result = $this->db->sql_query($sql); 205 $row = $this->db->sql_fetchrow($result); 206 $this->db->sql_freeresult($result); 207 208 if ($row) 209 { 210 unset($ldap_result); 211 212 // User inactive... 213 if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) 214 { 215 return array( 216 'status' => LOGIN_ERROR_ACTIVE, 217 'error_msg' => 'ACTIVE_ERROR', 218 'user_row' => $row, 219 ); 220 } 221 222 // Successful login... set user_login_attempts to zero... 223 return array( 224 'status' => LOGIN_SUCCESS, 225 'error_msg' => false, 226 'user_row' => $row, 227 ); 228 } 229 else 230 { 231 // retrieve default group id 232 $sql = 'SELECT group_id 233 FROM ' . GROUPS_TABLE . " 234 WHERE group_name = '" . $this->db->sql_escape('REGISTERED') . "' 235 AND group_type = " . GROUP_SPECIAL; 236 $result = $this->db->sql_query($sql); 237 $row = $this->db->sql_fetchrow($result); 238 $this->db->sql_freeresult($result); 239 240 if (!$row) 241 { 242 trigger_error('NO_GROUP'); 243 } 244 245 // generate user account data 246 $ldap_user_row = array( 247 'username' => $username, 248 'user_password' => $this->passwords_manager->hash($password), 249 'user_email' => (!empty($this->config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($this->config['ldap_email'])][0]) : '', 250 'group_id' => (int) $row['group_id'], 251 'user_type' => USER_NORMAL, 252 'user_ip' => $this->user->ip, 253 'user_new' => ($this->config['new_member_post_limit']) ? 1 : 0, 254 ); 255 256 unset($ldap_result); 257 258 // this is the user's first login so create an empty profile 259 return array( 260 'status' => LOGIN_SUCCESS_CREATE_PROFILE, 261 'error_msg' => false, 262 'user_row' => $ldap_user_row, 263 ); 264 } 265 } 266 else 267 { 268 unset($ldap_result); 269 @ldap_close($ldap); 270 271 // Give status about wrong password... 272 return array( 273 'status' => LOGIN_ERROR_PASSWORD, 274 'error_msg' => 'LOGIN_ERROR_PASSWORD', 275 'user_row' => array('user_id' => ANONYMOUS), 276 ); 277 } 278 } 279 280 @ldap_close($ldap); 281 282 return array( 283 'status' => LOGIN_ERROR_USERNAME, 284 'error_msg' => 'LOGIN_ERROR_USERNAME', 285 'user_row' => array('user_id' => ANONYMOUS), 286 ); 287 } 288 289 /** 290 * {@inheritdoc} 291 */ 292 public function acp() 293 { 294 // These are fields required in the config table 295 return array( 296 'ldap_server', 'ldap_port', 'ldap_base_dn', 'ldap_uid', 'ldap_user_filter', 'ldap_email', 'ldap_user', 'ldap_password', 297 ); 298 } 299 300 /** 301 * {@inheritdoc} 302 */ 303 public function get_acp_template($new_config) 304 { 305 return array( 306 'TEMPLATE_FILE' => 'auth_provider_ldap.html', 307 'TEMPLATE_VARS' => array( 308 'AUTH_LDAP_BASE_DN' => $new_config['ldap_base_dn'], 309 'AUTH_LDAP_EMAIL' => $new_config['ldap_email'], 310 'AUTH_LDAP_PASSORD' => $new_config['ldap_password'] !== '' ? '********' : '', 311 'AUTH_LDAP_PORT' => $new_config['ldap_port'], 312 'AUTH_LDAP_SERVER' => $new_config['ldap_server'], 313 'AUTH_LDAP_UID' => $new_config['ldap_uid'], 314 'AUTH_LDAP_USER' => $new_config['ldap_user'], 315 'AUTH_LDAP_USER_FILTER' => $new_config['ldap_user_filter'], 316 ), 317 ); 318 } 319 320 /** 321 * Generates a filter string for ldap_search to find a user 322 * 323 * @param $username string Username identifying the searched user 324 * 325 * @return string A filter string for ldap_search 326 */ 327 private function ldap_user_filter($username) 328 { 329 $filter = '(' . $this->config['ldap_uid'] . '=' . $this->ldap_escape(htmlspecialchars_decode($username)) . ')'; 330 if ($this->config['ldap_user_filter']) 331 { 332 $_filter = ($this->config['ldap_user_filter'][0] == '(' && substr($this->config['ldap_user_filter'], -1) == ')') ? $this->config['ldap_user_filter'] : "({$this->config['ldap_user_filter']})"; 333 $filter = "(&{$filter}{$_filter})"; 334 } 335 return $filter; 336 } 337 338 /** 339 * Escapes an LDAP AttributeValue 340 * 341 * @param string $string The string to be escaped 342 * @return string The escaped string 343 */ 344 private function ldap_escape($string) 345 { 346 return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string); 347 } 348 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Nov 11 20:33:01 2020 | Cross-referenced by PHPXref 0.7.1 |