Commit 27cdeac6aec691d603927423b809aea7619f90af
1 parent
2b381b2a
Basic Import
Showing
1 changed file
with
115 additions
and
0 deletions
main.inc.php
0 → 100644
| 1 | +<?php | ||
| 2 | +/* | ||
| 3 | +Plugin Name: Ldap_Login | ||
| 4 | +Version: 1.2 | ||
| 5 | +Description: Allow piwigo authentication along an ldap | ||
| 6 | +Plugin URI: http://piwigo.org/ext/extension_view.php?eid=650 | ||
| 7 | +Author: 22decembre | ||
| 8 | +Author URI: http://www.22decembre.eu | ||
| 9 | +*/ | ||
| 10 | +if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!'); | ||
| 11 | + | ||
| 12 | +// +-----------------------------------------------------------------------+ | ||
| 13 | +// | Define plugin constants | | ||
| 14 | +// +-----------------------------------------------------------------------+ | ||
| 15 | +define('LDAP_LOGIN_ID', basename(dirname(__FILE__))); | ||
| 16 | +define('LDAP_LOGIN_PATH' , PHPWG_PLUGINS_PATH . LDAP_LOGIN_ID . '/'); | ||
| 17 | +define('LDAP_LOGIN_ADMIN', get_root_url() . 'admin.php?page=plugin-' . LDAP_LOGIN_ID); | ||
| 18 | +define('LDAP_LOGIN_VERSION', '1.2'); | ||
| 19 | + | ||
| 20 | +include_once(LDAP_LOGIN_PATH.'/class.ldap.php'); | ||
| 21 | + | ||
| 22 | +// +-----------------------------------------------------------------------+ | ||
| 23 | +// | Event handlers | | ||
| 24 | +// +-----------------------------------------------------------------------+ | ||
| 25 | + | ||
| 26 | +add_event_handler('init', 'ld_init'); | ||
| 27 | + | ||
| 28 | +add_event_handler('try_log_user','login', 0, 4); | ||
| 29 | + | ||
| 30 | +add_event_handler('get_admin_plugin_menu_links', array(&$ldap, 'ldap_admin_menu')); | ||
| 31 | + | ||
| 32 | +// +-----------------------------------------------------------------------+ | ||
| 33 | +// | Admin menu loading | | ||
| 34 | +// +-----------------------------------------------------------------------+ | ||
| 35 | + | ||
| 36 | +$ldap = new Ldap(); | ||
| 37 | +$ldap->load_config(); | ||
| 38 | +set_plugin_data($plugin['id'], $ldap); | ||
| 39 | +unset($ldap); | ||
| 40 | + | ||
| 41 | +// +-----------------------------------------------------------------------+ | ||
| 42 | +// | functions | | ||
| 43 | +// +-----------------------------------------------------------------------+ | ||
| 44 | + | ||
| 45 | +function random_password( $length = 8 ) { | ||
| 46 | + $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_-=+;:,.?"; | ||
| 47 | + $password = substr( str_shuffle( $chars ), 0, $length ); | ||
| 48 | + return $password; | ||
| 49 | +} | ||
| 50 | + | ||
| 51 | +function ld_init(){ | ||
| 52 | + load_language('plugin.lang', LDAP_LOGIN_PATH); | ||
| 53 | +} | ||
| 54 | + | ||
| 55 | + | ||
| 56 | +function login($success, $username, $password, $remember_me){ | ||
| 57 | + | ||
| 58 | + global $conf; | ||
| 59 | + | ||
| 60 | + $obj = new Ldap(); | ||
| 61 | + $obj->load_config(); | ||
| 62 | + $obj->ldap_conn() or die("Unable to connect LDAP server : ".$ldap->getErrorString()); | ||
| 63 | + | ||
| 64 | + //if (!$obj->ldap_bind_as($username,$password)){ // bind with userdn | ||
| 65 | + if (!$obj->ldap_search_dn($username) || !$obj->ldap_bind_as($obj->ldap_search_dn($username),$password)){ // bind with userdn | ||
| 66 | + trigger_notify('login_failure', stripslashes($username)); | ||
| 67 | + return false; // wrong password | ||
| 68 | + } | ||
| 69 | + | ||
| 70 | + // search user in piwigo database | ||
| 71 | + $query = 'SELECT '.$conf['user_fields']['id'].' AS id FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\' ;'; | ||
| 72 | + | ||
| 73 | + $row = pwg_db_fetch_assoc(pwg_query($query)); | ||
| 74 | + | ||
| 75 | + // if query is not empty, it means everything is ok and we can continue, auth is done ! | ||
| 76 | + if (!empty($row['id'])) { | ||
| 77 | + log_user($row['id'], $remember_me); | ||
| 78 | + trigger_notify('login_success', stripslashes($username)); | ||
| 79 | + return true; | ||
| 80 | + } | ||
| 81 | + | ||
| 82 | + // if query is empty but ldap auth is done we can create a piwigo user if it's said so ! | ||
| 83 | + else { | ||
| 84 | + // this is where we check we are allowed to create new users upon that. | ||
| 85 | + if ($obj->config['allow_newusers']) { | ||
| 86 | + | ||
| 87 | + // we got the email address | ||
| 88 | + if ($obj->ldap_mail($username)) { | ||
| 89 | + $mail = $obj->ldap_mail($username); | ||
| 90 | + } | ||
| 91 | + else { | ||
| 92 | + $mail = NULL; | ||
| 93 | + } | ||
| 94 | + | ||
| 95 | + // we actually register the new user | ||
| 96 | + $new_id = register_user($username,random_password(8),$mail); | ||
| 97 | + | ||
| 98 | + // now we fetch again his id in the piwigo db, and we get them, as we just created him ! | ||
| 99 | + //$query = 'SELECT '.$conf['user_fields']['id'].' AS id FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\' ;'; | ||
| 100 | + //$row = pwg_db_fetch_assoc(pwg_query($query)); | ||
| 101 | + | ||
| 102 | + log_user($new_id, False); | ||
| 103 | + trigger_notify('login_success', stripslashes($username)); | ||
| 104 | + redirect('profile.php'); | ||
| 105 | + return true; | ||
| 106 | + } | ||
| 107 | + // else : this is the normal behavior ! user is not created. | ||
| 108 | + else { | ||
| 109 | + trigger_notify('login_failure', stripslashes($username)); | ||
| 110 | + return false; | ||
| 111 | + } | ||
| 112 | + } | ||
| 113 | +} | ||
| 114 | + | ||
| 115 | +?> |