| [ Index ] |
PHP Cross Reference of Joomla 1.5.26 DE |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * @version $Id: ldap.php 14401 2010-01-26 14:10:00Z louis $ 4 * @package Joomla 5 * @subpackage JFramework 6 * @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved. 7 * @license GNU/GPL, see LICENSE.php 8 * Joomla! is free software. This version may have been modified pursuant 9 * to the GNU General Public License, and as distributed it includes or 10 * is derivative of works licensed under the GNU General Public License or 11 * other free or open source software licenses. 12 * See COPYRIGHT.php for copyright notices and details. 13 */ 14 15 // Check to ensure this file is included in Joomla! 16 defined('_JEXEC') or die( 'Restricted access' ); 17 18 jimport( 'joomla.plugin.plugin' ); 19 20 /** 21 * LDAP Authentication Plugin 22 * 23 * @package Joomla 24 * @subpackage JFramework 25 * @since 1.5 26 */ 27 28 class plgAuthenticationLdap extends JPlugin 29 { 30 /** 31 * Constructor 32 * 33 * For php4 compatability we must not use the __constructor as a constructor for plugins 34 * because func_get_args ( void ) returns a copy of all passed arguments NOT references. 35 * This causes problems with cross-referencing necessary for the observer design pattern. 36 * 37 * @param object $subject The object to observe 38 * @param array $config An array that holds the plugin configuration 39 * @since 1.5 40 */ 41 function plgAuthenticationLdap(& $subject, $config) 42 { 43 parent::__construct($subject, $config); 44 } 45 46 /** 47 * This method should handle any authentication and report back to the subject 48 * 49 * @access public 50 * @param array $credentials Array holding the user credentials 51 * @param array $options Array of extra options 52 * @param object $response Authentication response object 53 * @return object boolean 54 * @since 1.5 55 */ 56 function onAuthenticate( $credentials, $options, &$response ) 57 { 58 // Initialize variables 59 $userdetails = null; 60 $success = 0; 61 $userdetails = Array(); 62 63 // For JLog 64 $response->type = 'LDAP'; 65 // LDAP does not like Blank passwords (tries to Anon Bind which is bad) 66 if (empty($credentials['password'])) 67 { 68 $response->status = JAUTHENTICATE_STATUS_FAILURE; 69 $response->error_message = 'LDAP can not have blank password'; 70 return false; 71 } 72 73 // load plugin params info 74 $ldap_email = $this->params->get('ldap_email'); 75 $ldap_fullname = $this->params->get('ldap_fullname'); 76 $ldap_uid = $this->params->get('ldap_uid'); 77 $auth_method = $this->params->get('auth_method'); 78 79 jimport('joomla.client.ldap'); 80 $ldap = new JLDAP($this->params); 81 82 if (!$ldap->connect()) 83 { 84 $response->status = JAUTHENTICATE_STATUS_FAILURE; 85 $response->error_message = 'Unable to connect to LDAP server'; 86 return; 87 } 88 89 switch($auth_method) 90 { 91 case 'search': 92 { 93 // Bind using Connect Username/password 94 // Force anon bind to mitigate misconfiguration like [#7119] 95 if(strlen($this->params->get('username'))) $bindtest = $ldap->bind(); 96 else $bindtest = $ldap->anonymous_bind(); 97 98 99 if($bindtest) 100 { 101 // Search for users DN 102 $binddata = $ldap->simple_search(str_replace("[search]", $credentials['username'], $this->params->get('search_string'))); 103 if(isset($binddata[0]) && isset($binddata[0]['dn'])) { 104 // Verify Users Credentials 105 $success = $ldap->bind($binddata[0]['dn'],$credentials['password'],1); 106 // Get users details 107 $userdetails = $binddata; 108 } else { 109 $response->status = JAUTHENTICATE_STATUS_FAILURE; 110 $response->error_message = 'Unable to find user'; 111 } 112 } 113 else 114 { 115 $response->status = JAUTHENTICATE_STATUS_FAILURE; 116 $response->error_message = 'Unable to bind to LDAP'; 117 } 118 } break; 119 120 case 'bind': 121 { 122 // We just accept the result here 123 $success = $ldap->bind($credentials['username'],$credentials['password']); 124 if($success) { 125 $userdetails = $ldap->simple_search(str_replace("[search]", $credentials['username'], $this->params->get('search_string'))); 126 } else { 127 $response->status = JAUTHENTICATE_STATUS_FAILURE; 128 $response->error_message = 'Failed binding to LDAP server'; 129 } 130 } break; 131 } 132 133 if(!$success) 134 { 135 $response->status = JAUTHENTICATE_STATUS_FAILURE; 136 if(!strlen($response->error_message)) $response->error_message = 'Incorrect username/password'; 137 } 138 else 139 { 140 // Grab some details from LDAP and return them 141 if (isset($userdetails[0][$ldap_uid][0])) { 142 $response->username = $userdetails[0][$ldap_uid][0]; 143 } 144 145 if (isset($userdetails[0][$ldap_email][0])) { 146 $response->email = $userdetails[0][$ldap_email][0]; 147 } 148 149 if(isset($userdetails[0][$ldap_fullname][0])) { 150 $response->fullname = $userdetails[0][$ldap_fullname][0]; 151 } else { 152 $response->fullname = $credentials['username']; 153 } 154 155 // Were good - So say so. 156 $response->status = JAUTHENTICATE_STATUS_SUCCESS; 157 $response->error_message = ''; 158 } 159 160 $ldap->close(); 161 } 162 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Mar 28 15:54:07 2012 | Cross-referenced by PHPXref 0.7.1 |