mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-05-11 12:11:19 +00:00
treat ldap auth like database auth
count login failures, check for guest user, etc.
This commit is contained in:
Uwe Steinmann
parent
62c3d07842
commit
5d05057774
|
|
@ -28,13 +28,12 @@ include("../inc/inc.ClassUI.php");
|
|||
|
||||
include $settings->_rootDir . "languages/" . $settings->_language . "/lang.inc";
|
||||
|
||||
function _printMessage($heading, $message) {
|
||||
|
||||
function _printMessage($heading, $message) { /* {{{ */
|
||||
global $theme;
|
||||
$view = UI::factory($theme, 'ErrorDlg');
|
||||
$view->exitError($heading, $message, true);
|
||||
return;
|
||||
}
|
||||
} /* }}} */
|
||||
|
||||
if (isset($_REQUEST["sesstheme"]) && strlen($_REQUEST["sesstheme"])>0 && is_numeric(array_search($_REQUEST["sesstheme"],UI::getStyles())) ) {
|
||||
$theme = $_REQUEST["sesstheme"];
|
||||
|
|
@ -58,6 +57,7 @@ if(isset($_POST['pwd'])) {
|
|||
}
|
||||
}
|
||||
|
||||
/* The password may only be empty if the guest user tries to log in */
|
||||
if($settings->_enableGuestLogin && (int) $settings->_guestID) {
|
||||
$guestUser = $dms->getUser((int) $settings->_guestID);
|
||||
if ((!isset($pwd) || strlen($pwd)==0) && ($login != $guestUser->getLogin())) {
|
||||
|
|
@ -66,16 +66,13 @@ if($settings->_enableGuestLogin && (int) $settings->_guestID) {
|
|||
}
|
||||
}
|
||||
|
||||
//
|
||||
// LDAP Sign In
|
||||
//
|
||||
|
||||
/* Initialy set $user to false. It will contain a valid user record
|
||||
* if authentication against ldap succeeds.
|
||||
* _ldapHost will only have a value if the ldap connector has been enabled
|
||||
*/
|
||||
$user = false;
|
||||
|
||||
/* Authenticate against LDAP server {{{ */
|
||||
if (!$user && isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
|
||||
if (isset($settings->_ldapPort) && is_int($settings->_ldapPort)) {
|
||||
$ds = ldap_connect($settings->_ldapHost, $settings->_ldapPort);
|
||||
|
|
@ -140,11 +137,11 @@ if (!$user && isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
|
|||
|
||||
/* No do the actual authentication of the user */
|
||||
$bind = @ldap_bind($ds, $dn, $pwd);
|
||||
$user = $dms->getUserByLogin($login);
|
||||
if ($bind) {
|
||||
// Successfully authenticated. Now check to see if the user exists within
|
||||
// the database. If not, add them in if _restricted is not set,
|
||||
// but do not add their password.
|
||||
$user = $dms->getUserByLogin($login);
|
||||
if (is_bool($user) && !$settings->_restricted) {
|
||||
// Retrieve the user's LDAP information.
|
||||
if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) {
|
||||
|
|
@ -160,45 +157,52 @@ if (!$user && isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
|
|||
}
|
||||
}
|
||||
}
|
||||
if (!is_bool($user)) {
|
||||
$userid = $user->getID();
|
||||
} elseif($user) {
|
||||
$userid = $user->getID();
|
||||
if($settings->_loginFailure) {
|
||||
$failures = $user->addLoginFailure();
|
||||
if($failures >= $settings->_loginFailure)
|
||||
$user->setDisabled(true);
|
||||
}
|
||||
$user = false;
|
||||
}
|
||||
ldap_close($ds);
|
||||
}
|
||||
}
|
||||
} /* }}} */
|
||||
|
||||
if (is_bool($user)) {
|
||||
/* Authenticate against SeedDMS database {{{ */
|
||||
else {
|
||||
//
|
||||
// LDAP Authentication did not succeed or is not configured. Try internal
|
||||
// authentication system.
|
||||
//
|
||||
|
||||
// Try to find user with given login.
|
||||
$user = $dms->getUserByLogin($login);
|
||||
if (!$user) {
|
||||
_printMessage(getMLText("login_error_title"), getMLText("login_error_text"));
|
||||
exit;
|
||||
}
|
||||
|
||||
$userid = $user->getID();
|
||||
|
||||
if (($userid == $settings->_guestID) && (!$settings->_enableGuestLogin)) {
|
||||
_printMessage(getMLText("login_error_title"), getMLText("guest_login_disabled"));
|
||||
exit;
|
||||
}
|
||||
if($user = $dms->getUserByLogin($login)) {
|
||||
$userid = $user->getID();
|
||||
|
||||
// Check if password matches (if not a guest user)
|
||||
// Assume that the password has been sent via HTTP POST. It would be careless
|
||||
// (and dangerous) for passwords to be sent via GET.
|
||||
if (($userid != $settings->_guestID) && (md5($pwd) != $user->getPwd()) || ($userid == $settings->_guestID) && $user->getPwd() && (md5($pwd) != $user->getPwd())) {
|
||||
_printMessage(getMLText("login_error_title"), getMLText("login_error_text"));
|
||||
/* if counting of login failures is turned on, then increment its value */
|
||||
if($settings->_loginFailure) {
|
||||
$failures = $user->addLoginFailure();
|
||||
if($failures >= $settings->_loginFailure)
|
||||
$user->setDisabled(true);
|
||||
}
|
||||
$user = false;
|
||||
}
|
||||
}
|
||||
} /* }}} */
|
||||
|
||||
if(!$user) {
|
||||
_printMessage(getMLText("login_error_title"), getMLText("login_error_text"));
|
||||
exit;
|
||||
}
|
||||
|
||||
if (($userid == $settings->_guestID) && (!$settings->_enableGuestLogin)) {
|
||||
_printMessage(getMLText("login_error_title"), getMLText("guest_login_disabled"));
|
||||
exit;
|
||||
}
|
||||
|
||||
|
|
@ -218,8 +222,6 @@ if (is_bool($user)) {
|
|||
/* Clear login failures if login was successful */
|
||||
$user->clearLoginFailures();
|
||||
|
||||
}
|
||||
|
||||
// Capture the user's language and theme settings.
|
||||
if (isset($_REQUEST["lang"]) && strlen($_REQUEST["lang"])>0 && is_numeric(array_search($_REQUEST["lang"],getLanguages())) ) {
|
||||
$lang = $_REQUEST["lang"];
|
||||
|
|
@ -310,7 +312,4 @@ else {
|
|||
header("Location: ".$settings->_httpRoot.(isset($settings->_siteDefaultPage) && strlen($settings->_siteDefaultPage)>0 ? $settings->_siteDefaultPage : "out/out.ViewFolder.php?folderid=".$settings->_rootFolderID));
|
||||
}
|
||||
|
||||
//_printMessage(getMLText("login_ok"),
|
||||
// "<p><a href='".$settings->_httpRoot.(isset($settings->_siteDefaultPage) && strlen($settings->_siteDefaultPage)>0 ? $settings->_siteDefaultPage : "out/out.ViewFolder.php")."'>".getMLText("continue")."</a></p>");
|
||||
|
||||
?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user