<?php /* Plugin Name: Ldap_Login Version: auto Description: Allow piwigo authentication along an ldap Plugin URI: http://piwigo.org/ext/extension_view.php?eid=650 Author: 22decembre Author URI: http://www.22decembre.eu */ if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!'); // +-----------------------------------------------------------------------+ // | Define plugin constants | // +-----------------------------------------------------------------------+ define('LDAP_LOGIN_ID', basename(dirname(__FILE__))); define('LDAP_LOGIN_PATH' , PHPWG_PLUGINS_PATH . LDAP_LOGIN_ID . '/'); define('LDAP_LOGIN_ADMIN', get_root_url() . 'admin.php?page=plugin-' . LDAP_LOGIN_ID); define('LDAP_LOGIN_VERSION', '1.2'); include_once(LDAP_LOGIN_PATH.'/class.ldap.php'); // +-----------------------------------------------------------------------+ // | Event handlers | // +-----------------------------------------------------------------------+ add_event_handler('init', 'ld_init'); add_event_handler('try_log_user','login', 0, 4); add_event_handler('get_admin_plugin_menu_links', array(&$ldap, 'ldap_admin_menu')); // +-----------------------------------------------------------------------+ // | Admin menu loading | // +-----------------------------------------------------------------------+ $ldap = new Ldap(); $ldap->load_config(); set_plugin_data($plugin['id'], $ldap); unset($ldap); // +-----------------------------------------------------------------------+ // | functions | // +-----------------------------------------------------------------------+ function random_password( $length = 8 ) { $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_-=+;:,.?"; $password = substr( str_shuffle( $chars ), 0, $length ); return $password; } function ld_init(){ load_language('plugin.lang', LDAP_LOGIN_PATH); } function login($success, $username, $password, $remember_me){ global $conf; $obj = new Ldap(); $obj->load_config(); $obj->ldap_conn() or die("Unable to connect LDAP server : ".$ldap->getErrorString()); $user_dn = $obj->ldap_search_dn($username); // retrieve the userdn // If we have userdn, attempt to login an check user's group access if (!($user_dn && $obj->ldap_bind_as($user_dn,$password) && $obj->check_ldap_group_membership($user_dn, $username))) { trigger_notify('login_failure', stripslashes($username)); return false; // wrong user/password or no group access } // search user in piwigo database $query = 'SELECT '.$conf['user_fields']['id'].' AS id FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['username'].' = \''.pwg_db_real_escape_string($username).'\' ;'; $row = pwg_db_fetch_assoc(pwg_query($query)); // if query is not empty, it means everything is ok and we can continue, auth is done ! if (!empty($row['id'])) { log_user($row['id'], $remember_me); trigger_notify('login_success', stripslashes($username)); return true; } // if query is empty but ldap auth is done we can create a piwigo user if it's said so ! else { // this is where we check we are allowed to create new users upon that. if ($obj->config['allow_newusers']) { // retrieve LDAP e-mail address and create a new user $mail = $obj->ldap_get_email($user_dn); $new_id = register_user($username,random_password(8),$mail); // Login user log_user($new_id, False); trigger_notify('login_success', stripslashes($username)); // in case the e-mail address is empty, redirect to profile page if($mail==NULL) { redirect('profile.php'); } return true; } // else : this is the normal behavior ! user is not created. else { trigger_notify('login_failure', stripslashes($username)); return false; } } } ?>