Skip to content
Snippets Groups Projects
Commit 2fb0e5a6 authored by Laurent Destailleur's avatar Laurent Destailleur
Browse files

Qual: Externalisation en fichier modules des modes de connexion

parent db685030
Branches
Tags
No related merge requests found
Show whitespace changes
Inline Side-by-side
htdocs/conf/conf.php.example
+ 4
2
View file @ 2fb0e5a6
...@@ -124,12 +124,14 @@ $character_set_client="ISO-8859-1"; ...@@ -124,12 +124,14 @@ $character_set_client="ISO-8859-1";
# This parameter contains the way authentication is done. # This parameter contains the way authentication is done.
# If value "ldap" is used, you must also set parameters dolibarr_main_auth_ldap_* # If value "ldap" is used, you must also set parameters dolibarr_main_auth_ldap_*
# Default value: dolibarr # Default value: dolibarr
# Possible values: http, dolibarr, ldap # Possible values: Any values found in files in htdocs/includes/login directory after
# the "function_" string and before the ".php" string.
# Examples: # Examples:
# $dolibarr_main_authentication="http"; # $dolibarr_main_authentication="http";
# $dolibarr_main_authentication="dolibarr"; # $dolibarr_main_authentication="dolibarr";
# $dolibarr_main_authentication="ldap"; # $dolibarr_main_authentication="ldap";
# #
$dolibarr_main_authentication="dolibarr"
# Parameters used to setup LDAP authentication. # Parameters used to setup LDAP authentication.
...@@ -150,7 +152,7 @@ $character_set_client="ISO-8859-1"; ...@@ -150,7 +152,7 @@ $character_set_client="ISO-8859-1";
# Parameters not used yet # Parameters not used yet
# dolibarr_smarty_libs_dir # dolibarr_smarty_libs_dir,dolibarr_smarty_compile,dolibarr_smarty_cache
# Examples: # Examples:
# $dolibarr_smarty_libs_dir="/var/www/dolibarr/external-libs/smarty/libs/"; # $dolibarr_smarty_libs_dir="/var/www/dolibarr/external-libs/smarty/libs/";
# $dolibarr_smarty_compile="/var/www/dolibarr/documents/temp/smarty_templates"; # $dolibarr_smarty_compile="/var/www/dolibarr/documents/temp/smarty_templates";
......
htdocs/includes/login/functions_dolibarr.php 0 → 100644
+ 115
0
View file @ 2fb0e5a6
<?php
/* Copyright (C) 2007 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/includes/login/functions_dolibarr.php
\ingroup core
\brief Authentication functions for Dolibarr mode
*/
/**
\brief Check user and password
\param usertotest Login
\param passwordtotest Password
\return string Login if ok, '' if ko.
*/
function check_user_password_dolibarr($usertotest,$passwordtotest)
{
global $_POST,$db,$conf,$langs;
dolibarr_syslog("functions_dolibarr::check_user_password_dolibarr usertotest=".$usertotest);
$login='';
if (! empty($_POST["username"]))
{
// If test username/password asked, we define $test=false and $login var if ok, set $_SESSION["dol_loginmesg"] if ko
$table = MAIN_DB_PREFIX."user";
$usernamecol = 'login';
$sql ='SELECT pass, pass_crypted';
$sql.=' from '.$table;
$sql.=' where '.$usernamecol." = '".addslashes($_POST["username"])."'";
dolibarr_syslog("functions_dolibarr::check_user_password_dolibarr sql=".$sql);
$resql=$db->query($sql);
if ($resql)
{
$obj=$db->fetch_object($resql);
if ($obj)
{
$passclear=$obj->pass;
$passcrypted=$obj->pass_crypted;
$passtyped=$_POST["password"];
$passok=false;
// Check crypted password
$cryptType='';
if ($conf->global->DATABASE_PWD_ENCRYPTED) $cryptType='md5';
if ($cryptType == 'md5')
{
if (md5($passtyped) == $passcrypted) $passok=true;
}
// For compatibility with old versions
if (! $passok)
{
if ($passtyped == $passclear) $passok=true;
}
// Password ok ?
if ($passok)
{
dolibarr_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok");
$login=$_POST["username"];
}
else
{
dolibarr_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko bad password pour '".$_POST["username"]."'");
sleep(1);
$langs->load('main');
$langs->load('other');
$_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword");
}
}
else
{
dolibarr_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko user not found pour '".$_POST["username"]."'");
sleep(1);
$langs->load('main');
$langs->load('other');
$_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword");
}
}
else
{
dolibarr_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ko db error pour '".$_POST["username"]."' error=".$db->lasterror());
sleep(1);
$_SESSION["dol_loginmesg"]=$db->lasterror();
}
}
return $login;
}
?>
\ No newline at end of file
htdocs/includes/login/functions_forceuser.php 0 → 100644
+ 50
0
View file @ 2fb0e5a6
<?php
/* Copyright (C) 2007 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/includes/login/functions_forceuser.php
\ingroup core
\brief Authentication functions for forceuser
*/
/**
\brief Check user and password
\param usertotest Login
\param passwordtotest Password
\return string Login if ok, '' if ko.
*/
function check_user_password_forceuser($usertotest,$passwordtotest)
{
// Variable dolibarr_auto_user must be defined in conf.php file
global $dolibarr_auto_user;
dolibarr_syslog("functions_forceuser::check_user_password_forceuser");
$login=$dolibarr_auto_user;
if (empty($login)) $login='auto';
if ($_SESSION["dol_loginmesg"]) $login='';
return $login;
}
?>
\ No newline at end of file
htdocs/includes/login/functions_http.php 0 → 100644
+ 48
0
View file @ 2fb0e5a6
<?php
/* Copyright (C) 2007 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/includes/login/functions_http.php
\ingroup core
\brief Authentication functions for HTTP Basic
*/
/**
\brief Check user and password
\param usertotest Login
\param passwordtotest Password
\return string Login if ok, '' if ko.
*/
function check_user_password_http($usertotest,$passwordtotest)
{
dolibarr_syslog("functions_http::check_user_password_http _SERVER[REMOTE_USER]=".$_SERVER["REMOTE_USER"]);
$login='';
if (! empty($_SERVER["REMOTE_USER"]))
{
$login=$_SERVER["REMOTE_USER"];
}
return $login;
}
?>
\ No newline at end of file
htdocs/includes/login/functions_ldap.php 0 → 100644
+ 196
0
View file @ 2fb0e5a6
<?php
/* Copyright (C) 2007 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/includes/login/functions_ldap.php
\ingroup core
\brief Authentication functions for LDAP
*/
/**
\brief Check user and password
\param usertotest Login
\param passwordtotest Password
\return string Login if ok, '' if ko.
\remarks If test is ko, reason must be filled into $_SESSION["dol_loginmesg"]
*/
function check_user_password_ldap($usertotest,$passwordtotest)
{
global $_POST,$db,$conf,$langs;
global $dolibarr_main_auth_ldap_host,$dolibarr_main_auth_ldap_port;
global $dolibarr_main_auth_ldap_version,$dolibarr_main_auth_ldap_servertype;
global $dolibarr_main_auth_ldap_login_attribute,$dolibarr_main_auth_ldap_dn;
global $dolibarr_main_auth_ldap_admin_login,$dolibarr_main_auth_ldap_admin_pass;
global $dolibarr_main_auth_ldap_debug;
dolibarr_syslog("functions_ldap::check_user_password_ldap usertotest=".$usertotest);
if (! function_exists("ldap_connect"))
{
dolibarr_syslog("functions_ldap::check_user_password_ldap Authentification ko failed to connect to LDAP. LDAP functions are disabled on this PHP");
sleep(1);
$langs->load('main');
$langs->load('other');
$_SESSION["dol_loginmesg"]=$langs->trans("ErrorLDAPFunctionsAreDisabledOnThisPHP").' '.$langs->trans("TryAnotherConnectionMode");
return;
}
$login='';
$resultFetchUser='';
if (! empty($_POST["username"]))
{
// If test username/password asked, we define $test=false and $login var if ok, set $_SESSION["dol_loginmesg"] if ko
$ldaphost=$dolibarr_main_auth_ldap_host;
$ldapport=$dolibarr_main_auth_ldap_port;
$ldapversion=$dolibarr_main_auth_ldap_version;
$ldapservertype=(empty($dolibarr_main_auth_ldap_servertype) ? 'openldap' : $dolibarr_main_auth_ldap_servertype);
$ldapuserattr=$dolibarr_main_auth_ldap_login_attribute;
$ldapdn=$dolibarr_main_auth_ldap_dn;
$ldapadminlogin=$dolibarr_main_auth_ldap_admin_login;
$ldapadminpass=$dolibarr_main_auth_ldap_admin_pass;
$ldapdebug=(empty($dolibarr_main_auth_ldap_debug) || $dolibarr_main_auth_ldap_debug=="false" ? false : true);
if ($ldapdebug) print "DEBUG: Logging LDAP steps<br>\n";
// Debut code pour compatibilite (prend info depuis config en base)
// Ne plus utiliser. La config LDAP de connexion doit etre dans le fichier conf.php
if (! $ldapuserattr && $conf->ldap->enabled)
{
if ($conf->global->LDAP_SERVER_TYPE == "activedirectory")
{
$ldapuserattr = $conf->global->LDAP_FIELD_LOGIN_SAMBA;
}
else
{
$ldapuserattr = $conf->global->LDAP_FIELD_LOGIN;
}
}
if (! $ldaphost) $ldaphost=$conf->global->LDAP_SERVER_HOST;
if (! $ldapport) $ldapport=$conf->global->LDAP_SERVER_PORT;
if (! $ldapservertype) $ldapservertype=$conf->global->LDAP_SERVER_TYPE;
if (! $ldapversion) $ldapversion=$conf->global->LDAP_SERVER_PROTOCOLVERSION;
if (! $ldapdn) $ldapdn=$conf->global->LDAP_SERVER_DN;
if (! $ldapadminlogin) $ldapadminlogin=$conf->global->LDAP_ADMIN_DN;
if (! $ldapadminpass) $ldapadminpass=$conf->global->LDAP_ADMIN_PASS;
// Fin code pour compatiblite
require_once(DOL_DOCUMENT_ROOT."/lib/ldap.class.php");
$ldap=new Ldap();
$ldap->server=array($ldaphost);
$ldap->serverPort=$ldapport;
$ldap->ldapProtocolVersion=$ldapversion;
$ldap->serverType=$ldapservertype;
$ldap->searchUser=$ldapadminlogin;
$ldap->searchPassword=$ldapadminpass;
if ($ldapdebug) dolibarr_syslog("Authentification LDAP --> Server:".join(',',$ldap->server).", Port:".$ldap->serverPort.", Protocol:".$ldap->ldapProtocolVersion.", Type:".$ldap->serverType.", Admin:".$ldap->searchUser.", Pass:".$ldap->searchPassword);
// Code to get user in LDAP (may differ from Dolibarr user)
$result=$ldap->connect_bind();
$resultCheckUserDN = $ldap->checkPass($usertotest,$passwordtotest);
$ldap->close();
$ldap->searchUser=$usertotest;
if ($resultCheckUserDN) $ldap->searchUser = $ldap->ldapUserDN;
$ldap->searchPassword=$passwordtotest;
$result=$ldap->connect_bind(); // Test with this->seachUser and this->searchPassword
if ($result > 0)
{
if ($result == 2)
{
dolibarr_syslog("functions_ldap::check_user_password_ldap Authentification ok");
$login=$_POST["username"];
// ldap2dolibarr synchronisation
if ($login && $conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr')
{
// On charge les attributs du user ldap
if ($ldapdebug) print "DEBUG: login ldap = ".$login."<br>\n";
$ldap->fetch($login);
if ($ldapdebug) print "DEBUG: UACF = ".join(',',$ldap->uacf)."<br>\n";
if ($ldapdebug) print "DEBUG: pwdLastSet = ".dolibarr_print_date($ldap->pwdlastset,'day')."<br>\n";
if ($ldapdebug) print "DEBUG: badPasswordTime = ".dolibarr_print_date($ldap->badpwdtime,'day')."<br>\n";
// On stop si le mot de passe ldap doit etre modifie
if ($ldap->pwdlastset == 0)
{
session_destroy();
dolibarr_syslog('User '.$login.' must change password next logon');
if ($ldapdebug) print "DEBUG: User ".$login." must change password<br>\n";
$ldap->close();
// On repart sur page accueil
session_name($sessionname);
session_start();
$langs->load('ldap');
$_SESSION["loginmesg"]=$langs->trans("UserMustChangePassNextLogon");
header('Location: '.DOL_URL_ROOT.'/index.php');
exit;
}
// On recherche le user dolibarr en fonction de son SID ldap
$sid = $ldap->getObjectSid($login);
if ($ldapdebug) print "DEBUG: sid = ".$sid."<br>\n";
$resultFetchUser=$user->fetch($login,$sid);
if ($resultFetchUser > 0)
{
//TODO: on verifie si le login a change et on met a jour les attributs dolibarr
if ($user->login != $ldap->login && $ldap->login)
{
$user->login = $ldap->login;
$user->update($user);
}
//$resultUpdate = $user->update_ldap2dolibarr();
}
}
}
if ($result == 1)
{
dolibarr_syslog("functions_ldap::check_user_password_ldap Authentification ko bad user/password pour '".$_POST["username"]."'");
sleep(1);
$langs->load('main');
$langs->load('other');
$_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword");
}
}
else
{
dolibarr_syslog("functions_ldap::check_user_password_ldap Authentification ko failed to connect to LDAP pour '".$_POST["username"]."'");
sleep(1);
$langs->load('main');
$langs->load('other');
$_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword");
}
$ldap->close();
}
return $login;
}
?>
\ No newline at end of file
htdocs/main.inc.php
+ 41
274
View file @ 2fb0e5a6
<?php <?php
/* Copyright (C) 2002-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org> /* Copyright (C) 2002-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2003 Xavier Dutoit <doli@sydesy.com> * Copyright (C) 2003 Xavier Dutoit <doli@sydesy.com>
* Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net> * Copyright (C) 2004-2007 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org> * Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org>
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be> * Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
* Copyright (C) 2005-2008 Regis Houssin <regis@dolibarr.fr> * Copyright (C) 2005-2007 Regis Houssin <regis@dolibarr.fr>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
...@@ -91,42 +91,20 @@ $bc[1]="class=\"pair\""; ...@@ -91,42 +91,20 @@ $bc[1]="class=\"pair\"";
* Phase identification * Phase identification
*/ */
// $authmode contient la liste des differents modes d'identification a tester // $authmode contient la liste des differents modes d'identification a tester par ordre de preference.
// par ordre de preference. Attention, rares sont les combinaisons possibles si // Example: 'http'
// plusieurs modes sont indiques. // Example: 'dolibarr'
// Example: array('http','dolibarr'); // Example: 'ldap'
// Example: array('ldap'); // Example: 'http,forceuser'
// Example: array('forceuser');
$authmode=array();
// Authentication mode: non defini (cas de compatibilite ascendante) // Authentication mode
if (! $dolibarr_main_authentication) if (empty($dolibarr_main_authentication)) $dolibarr_main_authentication='http,dolibarr';
{
// Mode par defaut, on test http + dolibarr
$authmode=array('http','dolibarr');
}
// Authentication mode: http
if ($dolibarr_main_authentication == 'http')
{
$authmode=array('http');
}
// Authentication mode: dolibarr
if ($dolibarr_main_authentication == 'dolibarr')
{
$authmode=array('dolibarr');
}
// Authentication mode: ldap
if ($dolibarr_main_authentication == 'ldap')
{
$authmode=array('ldap');
}
// Authentication mode: forceuser // Authentication mode: forceuser
if ($dolibarr_main_authentication == 'forceuser' || isset($dolibarr_auto_user)) if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) $dolibarr_auto_user='auto';
{
$authmode=array('forceuser'); // Set authmode
if (! isset($dolibarr_auto_user)) $dolibarr_auto_user='auto'; $authmode=split(',',$dolibarr_main_authentication);
}
// No authentication mode // No authentication mode
if (! sizeof($authmode)) if (! sizeof($authmode))
{ {
...@@ -144,8 +122,6 @@ $test=true; ...@@ -144,8 +122,6 @@ $test=true;
if (! isset($_SESSION["dol_login"])) if (! isset($_SESSION["dol_login"]))
{ {
// On est pas deja authentifie, on demande le login/mot de passe // On est pas deja authentifie, on demande le login/mot de passe
// A l'issu de cette demande, le login doivent avoir ete place dans dol_login
// et en session on place dol_login et dol_password
// Verification du code securite graphique // Verification du code securite graphique
if ($test && isset($_POST["username"]) && $conf->global->MAIN_SECURITY_ENABLECAPTCHA) if ($test && isset($_POST["username"]) && $conf->global->MAIN_SECURITY_ENABLECAPTCHA)
...@@ -167,244 +143,35 @@ if (! isset($_SESSION["dol_login"])) ...@@ -167,244 +143,35 @@ if (! isset($_SESSION["dol_login"]))
} }
} }
// MODE AUTO // Tests de validation user/mot de passe
if ($test && in_array('forceuser',$authmode) && ! $login) // Si ok, la variable login doit avoir ete initialisee
{ // Si erreur, on a place message erreur dans session sous le nom dol_loginmesg
$login=$dolibarr_auto_user; foreach($authmode as $mode)
dolibarr_syslog ("Authentification ok (en mode force, login=".$login.")");
$test=false;
}
// MODE HTTP (Basic)
if ($test && in_array('http',$authmode) && ! $login)
{ {
if (! empty($_SERVER["REMOTE_USER"])) if ($test && $mode && ! $login)
{ {
$login=$_SERVER["REMOTE_USER"]; $authfile=DOL_DOCUMENT_ROOT.'/includes/login/functions_'.$mode.'.php';
$test=false; $result=include_once($authfile);
} if ($result)
}
// MODE DOLIBARR
if ($test && in_array('dolibarr',$authmode) && ! $login)
{ {
$login='';
$usertotest=$_POST["username"]; $usertotest=$_POST["username"];
$passwordtotest=$_POST["password"]; $passwordtotest=$_POST["password"];
$function='check_user_password_'.$mode;
if (! empty($_POST["username"])) $login=$function($usertotest,$passwordtotest);
{ if ($login) $test=false;
// If test username/password asked, we define $test=false and $login var if ok, set $_SESSION["dol_loginmesg"] if ko
$table = MAIN_DB_PREFIX."user";
$usernamecol = 'login';
$sql ='SELECT pass, pass_crypted';
$sql.=' from '.$table;
$sql.=' where '.$usernamecol." = '".addslashes($_POST["username"])."'";
dolibarr_syslog("main.inc::get password sql=".$sql);
$resql=$db->query($sql);
if ($resql)
{
$obj=$db->fetch_object($resql);
if ($obj)
{
$passclear=$obj->pass;
$passcrypted=$obj->pass_crypted;
$passtyped=$_POST["password"];
$passok=false;
// Check crypted password
$cryptType='';
if ($conf->global->DATABASE_PWD_ENCRYPTED) $cryptType='md5';
if ($cryptType == 'md5')
{
if (md5($passtyped) == $passcrypted) $passok=true;
}
// For compatibility with old versions
if (! $passok)
{
if ($passtyped == $passclear) $passok=true;
}
// Password ok ?
if ($passok)
{
dolibarr_syslog("Authentification ok (en mode Base Dolibarr)");
$login=$_POST["username"];
$test=false;
}
else
{
dolibarr_syslog("Authentification ko bad password (en mode Base Dolibarr) pour '".$_POST["username"]."'");
sleep(1);
$langs->load('main');
$langs->load('other');
$_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword");
}
}
else
{
dolibarr_syslog("Authentification ko user not found (en mode Base Dolibarr) pour '".$_POST["username"]."'");
sleep(1);
$langs->load('main');
$langs->load('other');
$_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword");
}
}
else
{
dolibarr_syslog("Authentification ko db error (en mode Base Dolibarr) pour '".$_POST["username"]."', sql=".$sql);
sleep(1);
$_SESSION["dol_loginmesg"]=$db->lasterror();
}
}
}
// MODE LDAP
if ($test && in_array('ldap',$authmode) && ! $login)
{
$login='';
$usertotest=$_POST["username"];
$passwordtotest=$_POST["password"];
if (! empty($_POST["username"]))
{
// If test username/password asked, we define $test=false and $login var if ok, set $_SESSION["dol_loginmesg"] if ko
$ldaphost=$dolibarr_main_auth_ldap_host;
$ldapport=$dolibarr_main_auth_ldap_port;
$ldapversion=$dolibarr_main_auth_ldap_version;
$ldapservertype=(empty($dolibarr_main_auth_ldap_servertype) ? 'openldap' : $dolibarr_main_auth_ldap_servertype);
$ldapuserattr=$dolibarr_main_auth_ldap_login_attribute;
$ldapdn=$dolibarr_main_auth_ldap_dn;
$ldapadminlogin=$dolibarr_main_auth_ldap_admin_login;
$ldapadminpass=$dolibarr_main_auth_ldap_admin_pass;
$ldapdebug=(empty($dolibarr_main_auth_ldap_debug) || $dolibarr_main_auth_ldap_debug=="false" ? false : true);
if ($ldapdebug) print "DEBUG: Logging LDAP steps<br>\n";
// Debut code pour compatibilite (prend info depuis config en base)
// Ne plus utiliser. La config LDAP de connexion doit etre dans le
// fichier conf.php
if (! $ldapuserattr && $conf->ldap->enabled)
{
if ($conf->global->LDAP_SERVER_TYPE == "activedirectory")
{
$ldapuserattr = $conf->global->LDAP_FIELD_LOGIN_SAMBA;
}
else
{
$ldapuserattr = $conf->global->LDAP_FIELD_LOGIN;
}
}
if (! $ldaphost) $ldaphost=$conf->global->LDAP_SERVER_HOST;
if (! $ldapport) $ldapport=$conf->global->LDAP_SERVER_PORT;
if (! $ldapservertype) $ldapservertype=$conf->global->LDAP_SERVER_TYPE;
if (! $ldapversion) $ldapversion=$conf->global->LDAP_SERVER_PROTOCOLVERSION;
if (! $ldapdn) $ldapdn=$conf->global->LDAP_SERVER_DN;
if (! $ldapadminlogin) $ldapadminlogin=$conf->global->LDAP_ADMIN_DN;
if (! $ldapadminpass) $ldapadminpass=$conf->global->LDAP_ADMIN_PASS;
// Fin code pour compatiblite
require_once(DOL_DOCUMENT_ROOT."/lib/ldap.class.php");
$ldap=new Ldap();
$ldap->server=array($ldaphost);
$ldap->serverPort=$ldapport;
$ldap->ldapProtocolVersion=$ldapversion;
$ldap->serverType=$ldapservertype;
$ldap->searchUser=$ldapadminlogin;
$ldap->searchPassword=$ldapadminpass;
if ($ldapdebug) dolibarr_syslog("Authentification LDAP --> Server:".join(',',$ldap->server).", Port:".$ldap->serverPort.", Protocol:".$ldap->ldapProtocolVersion.", Type:".$ldap->serverType.", Admin:".$ldap->searchUser.", Pass:".$ldap->searchPassword);
$result=$ldap->connect_bind();
$resultCheckUserDN = $ldap->checkPass($usertotest,$passwordtotest);
$ldap->close();
$ldap->searchUser=$usertotest;
if ($resultCheckUserDN) $ldap->searchUser = $ldap->ldapUserDN;
$ldap->searchPassword=$passwordtotest;
$result=$ldap->connect_bind();
if ($result > 0)
{
if ($result == 2)
{
dolibarr_syslog("Authentification ok (en mode LDAP)");
$login=$_POST["username"];
$test=false;
// ldap2dolibarr synchronisation
if ($login && $conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr')
{
// On charge les attributs du user ldap
if ($ldapdebug) print "DEBUG: login ldap = ".$login."<br>\n";
$ldap->fetch($login);
if ($ldapdebug) print "DEBUG: UACF = ".join(',',$ldap->uacf)."<br>\n";
if ($ldapdebug) print "DEBUG: pwdLastSet = ".dolibarr_print_date($ldap->pwdlastset,'day')."<br>\n";
if ($ldapdebug) print "DEBUG: badPasswordTime = ".dolibarr_print_date($ldap->badpwdtime,'day')."<br>\n";
// On stop si le mot de passe ldap doit etre modifie
if ($ldap->pwdlastset == 0)
{
session_destroy();
dolibarr_syslog('User '.$login.' must change password next logon');
if ($ldapdebug) print "DEBUG: User ".$login." must change password<br>\n";
$ldap->close();
// On repart sur page accueil
session_name($sessionname);
session_start();
$langs->load('ldap');
$_SESSION["loginmesg"]=$langs->trans("UserMustChangePassNextLogon");
header('Location: '.DOL_URL_ROOT.'/index.php');
exit;
}
// On recherche le user dolibarr en fonction de son SID ldap
$sid = $ldap->getObjectSid($login);
if ($ldapdebug) print "DEBUG: sid = ".$sid."<br>\n";
$resultFetchUser=$user->fetch($login,$sid);
if ($resultFetchUser > 0)
{
//TODO: on verifie si le login a change et on met a jour les attributs dolibarr
if ($user->login != $ldap->login && $ldap->login)
{
$user->login = $ldap->login;
$user->update($user);
}
//$resultUpdate = $user->update_ldap2dolibarr();
}
}
}
if ($result == 1)
{
dolibarr_syslog("Authentification ko bad password (en mode LDAP) pour '".$_POST["username"]."'");
sleep(1);
$langs->load('main');
$langs->load('other');
$_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword");
}
} }
else else
{ {
dolibarr_syslog("Authentification ko failed to connect to LDAP (en mode LDAP) pour '".$_POST["username"]."'"); dolibarr_syslog("Authentification ko - failed to load file '".$authfile."'");
sleep(1); sleep(1);
$langs->load('main'); $langs->load('main');
$langs->load('other'); $langs->load('other');
$_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword"); $_SESSION["dol_loginmesg"]=$langs->trans("ErrorFailedToLoadLoginFileForMode",$mode);
} }
$ldap->close();
} }
} }
// Fin des tests de login/passwords
if (! $login) if (! $login)
{ {
// We show login page // We show login page
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment