".getMLText("login_error_text")."
\n". "\n"); exit; } // // LDAP Sign In // /* new code by doudoux - TO BE TESTED */ $ldapSearchAttribut = "uid="; $tmpDN = "uid=".$login.",".$settings->_ldapBaseDN; if (isset($settings->_ldapType)) { if ($settings->_ldapType==1) { $ldapSearchAttribut = "sAMAccountName="; $tmpDN = $login.'@'.$settings->_ldapAccountDomainName; } } /* end of new code */ $user = false; if (isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) { if (isset($settings->_ldapPort) && is_int($settings->_ldapPort)) { $ds = ldap_connect($settings->_ldapHost, $settings->_ldapPort); } else { $ds = ldap_connect($settings->_ldapHost); } if (!is_bool($ds)) { // Ensure that the LDAP connection is set to use version 3 protocol. // Required for most authentication methods, including SASL. ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); // try an anonymous bind first. If it succeeds, get the DN for the user. $bind = @ldap_bind($ds); $dn = false; /* new code by doudoux - TO BE TESTED */ if ($bind) { $search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$login); if (!is_bool($search)) { $info = ldap_get_entries($ds, $search); if (!is_bool($info) && $info["count"]>0) { $dn = $info[0]['dn']; } } } /* end of new code */ /* old code */ if ($bind) { $search = ldap_search($ds, $settings->_ldapBaseDN, "uid=".$login); if (!is_bool($search)) { $info = ldap_get_entries($ds, $search); if (!is_bool($info) && $info["count"]>0) { $dn = $info[0]['dn']; } } } /* end of old code */ if (is_bool($dn)) { // This is the fallback position, in case the anonymous bind does not // succeed. /* new code by doudoux - TO BE TESTED */ $dn = $tmpDN; /* old code */ //$dn = "uid=".$login.",".$settings->_ldapBaseDN; } $bind = @ldap_bind($ds, $dn, $pwd); if ($bind) { // Successfully authenticated. Now check to see if the user exists within // the database. If not, add them in, but do not add their password. $user = getUserByLogin($login); if (is_bool($user) && !$settings->_restricted) { // Retrieve the user's LDAP information. /* new code by doudoux - TO BE TESTED */ $search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut . $login); /* old code */ //$search = ldap_search($ds, $dn, "uid=".$login); if (!is_bool($search)) { $info = ldap_get_entries($ds, $search); if (!is_bool($info) && $info["count"]==1 && $info[0]["count"]>0) { $user = addUser($login, null, $info[0]['cn'][0], $info[0]['mail'][0], $settings->_language, $settings->_theme, ""); } } } if (!is_bool($user)) { $userid = $user->getID(); } } ldap_close($ds); } } if (is_bool($user)) { // // LDAP Authentication did not succeed or is not configured. Try internal // authentication system. // //Retrieve user information from the database. $queryStr = "SELECT * FROM tblUsers WHERE login = '".$login."'"; $resArr = $db->getResultArray($queryStr); if (is_bool($resArr) && $resArr == false) { _printMessage(getMLText("login_error_title"), "".getMLText("internal_error")." - database: " . $db->getErrorMsg(). "
\n\n"); exit; } if (count($resArr) == 0) { _printMessage(getMLText("login_error_title"), "".getMLText("login_error_text")."
\n". "\n"); exit; } $resArr = $resArr[0]; if (($resArr["id"] == $settings->_guestID) && (!$settings->_enableGuestLogin)) { _printMessage(getMLText("login_error_title"), "".getMLText("guest_login_disabled"). "
\n\n"); exit; } //Vergleichen des Passwortes (falls kein guest-login) // Assume that the password has been sent via HTTP POST. It would be careless // (and dangerous) for passwords to be sent via GET. if (($resArr["id"] != $settings->_guestID) && (md5($pwd) != $resArr["pwd"])) { _printMessage(getMLText("login_error_title"), "".getMLText("login_error_text"). "
\n\n"); exit; } $userid = $resArr["id"]; $user = getUser($userid); } // Löschen von Sitzungen, die älter als 24h sind // Delete any sessions that are more than 24 hours old. Probably not the most // reliable place to put this check -- move to inc.Authentication.php? $queryStr = "DELETE FROM tblSessions WHERE " . mktime() . " - lastAccess > 86400"; if (!$db->getResult($queryStr)) { _printMessage(getMLText("login_error_title"), "".getMLText("error_occured").": ".$db->getErrorMsg()."
"); exit; } //Erstellen einer Sitzungs-ID $id = "" . rand() . mktime() . rand() . ""; $id = md5($id); // Capture the user's language and theme settings. if (isset($_POST["lang"]) && strlen($_POST["lang"])>0 && is_numeric(array_search($_POST["lang"],getLanguages())) ) { $lang = sanitizeString($_POST["lang"]); $user->setLanguage($lang); } else if (isset($_GET["lang"]) && strlen($_GET["lang"])>0 && is_numeric(array_search($_GET["lang"],getLanguages())) ) { $lang = sanitizeString($_GET["lang"]); $user->setLanguage($lang); } else { $lang = $user->getLanguage(); if (strlen($lang)==0) { $lang = $settings->_language; $user->setLanguage($lang); } } if (isset($_POST["sesstheme"]) && strlen($_POST["sesstheme"])>0 && is_numeric(array_search($_POST["sesstheme"],UI::getStyles())) ) { $sesstheme = sanitizeString($_POST["sesstheme"]); $user->setTheme($sesstheme); } else if (isset($_GET["sesstheme"]) && strlen($_GET["sesstheme"])>0 && is_numeric(array_search($_GET["sesstheme"],UI::getStyles())) ) { $sesstheme = sanitizeString($_GET["sesstheme"]); $user->setTheme($sesstheme); } else { $sesstheme = $user->getTheme(); if (strlen($sesstheme)==0) { $sesstheme = $settings->_theme; $user->setTheme($sesstheme); } } //Einfügen eines neuen Datensatzes in tblSessions $queryStr = "INSERT INTO tblSessions (id, userID, lastAccess, theme, language) ". "VALUES ('".$id."', ".$userid.", ".mktime().", '".$sesstheme."', '".$lang."')"; if (!$db->getResult($queryStr)) { _printMessage(getMLText("login_error_title"), "".getMLText("error_occured").": ".$db->getErrorMsg()."
"); exit; } //Setzen des Sitzungs-Cookies // Set the session cookie. setcookie("mydms_session", $id, 0, $settings->_httpRoot); // TODO: by the PHP manual: The superglobals $_GET and $_REQUEST are already decoded. // Using urldecode() on an element in $_GET or $_REQUEST could have unexpected and dangerous results. if (isset($_POST["referuri"]) && strlen($_POST["referuri"])>0) { $referuri = urldecode($_POST["referuri"]); } else if (isset($_GET["referuri"]) && strlen($_GET["referuri"])>0) { $referuri = urldecode($_GET["referuri"]); } add_log_line(); if (isset($referuri) && strlen($referuri)>0) { header("Location: http".((isset($_SERVER['HTTPS']) && (strcmp($_SERVER['HTTPS'],'off')!=0)) ? "s" : "")."://".$_SERVER['HTTP_HOST'] . $referuri); } else { header("Location: ../".(isset($settings->_siteDefaultPage) && strlen($settings->_siteDefaultPage)>0 ? $settings->_siteDefaultPage : "out/out.ViewFolder.php?folderid=1")); } //_printMessage(getMLText("login_ok"), // ""); ?>