diff --git a/lang/de.php b/lang/de.php
index 5ee409e..91d7f39 100644
--- a/lang/de.php
+++ b/lang/de.php
@@ -144,6 +144,7 @@ $lang = array(
'lang_user_name' => 'Benutzername',
'lang_user_password' => 'Kennwort',
'lang_user_language' => 'Sprache',
+ 'lang_user_realm' => 'Realm',
'lang_zone_add' => 'Zone hinzufügen',
'lang_zone_del' => 'Zone löschen',
diff --git a/lang/en.php b/lang/en.php
index fb11d81..480a36b 100644
--- a/lang/en.php
+++ b/lang/en.php
@@ -143,6 +143,7 @@ $lang = array(
'lang_user_edit' => 'Mofidy user',
'lang_user_name' => 'Username',
'lang_user_password' => 'Password',
+ 'lang_user_realm' => 'Realm',
'lang_zone_add' => 'Add zone',
'lang_zone_del' => 'Delete zone',
diff --git a/lib/db.class.php b/lib/db.class.php
index b64247b..bbf49cb 100644
--- a/lib/db.class.php
+++ b/lib/db.class.php
@@ -35,7 +35,6 @@
function db_insert($query) {
// run query
- echo "$query ";
$sql = mysqli_query($this->dblink, $query) or die(mysqli_error($this->dblink));
// return result
diff --git a/lib/user.class.php b/lib/user.class.php
index 8f5383c..1a3921e 100644
--- a/lib/user.class.php
+++ b/lib/user.class.php
@@ -30,6 +30,36 @@
}
}
+ function check_ldap_bind($user_name, $user_pass) {
+ global $config_ldap_host;
+ global $config_ldap_port;
+ global $config_ldap_base_dn;
+ global $config_ldap_bind_dn;
+ global $config_ldap_bind_pass;
+ global $config_ldap_login_attr;
+ $ldap_conn = NULL;
+ foreach ($config_ldap_host as $server) {
+ if ($ldap_conn = ldap_connect($server, $config_ldap_port)) {
+ if ($res = ldap_bind($ldap_conn, $config_ldap_bind_dn, $config_ldap_bind_pass)) {
+ ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);
+ ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
+ $filter = "(&(objectClass=user)($config_ldap_login_attr=$user_name))";
+ $res = ldap_search($ldap_conn, $config_ldap_base_dn, $filter, ['dn']);
+ if ($res) {
+ $info = ldap_get_entries($ldap_conn, $res);
+ $user_dn = $info[0]['dn'];
+ $res = ldap_bind($ldap_conn, $user_dn, $user_pass);
+ if ($res) {
+ return TRUE;
+ }
+ }
+ }
+ return FALSE;
+ }
+ }
+ return FALSE;
+ }
+
function user_login($user_name, $user_pass) {
global $dblink;
// check user_name length
@@ -50,6 +80,7 @@
$query = "SELECT
user.user_id,
user.user_pass,
+ user.user_realm,
user.user_displayname,
user.user_language,
user.user_imagesize,
@@ -81,19 +112,27 @@
// any users?
if ($user_counter>0) {
- // compare passwords
- if(!strcmp(md5($user_pass), rtrim($users[0]['user_pass']))) {
- // all ok: user is logged in
-
- // md5 match but outdated. rewrite with new algo
- $newhash = password_hash($user_pass, PASSWORD_BCRYPT);
- $query = "UPDATE user SET user_pass='" . $newhash. "' WHERE user_id=" . $users[0]['user_id'];
- $db->db_update($query);
-
- } else {
- if (! password_verify($user_pass, $users[0]['user_pass'])) {
+ if ($users[0]['user_realm'] == 'ldap') {
+ // check LDAP auth
+ if (! $this->check_ldap_bind($user_name, $user_pass)) {
return FALSE;
}
+ // TODO sync LDAP data to local
+ } else {
+ // compare local passwords
+ if(!strcmp(md5($user_pass), rtrim($users[0]['user_pass']))) {
+ // all ok: user is logged in
+
+ // md5 match but outdated. rewrite with new algo
+ $newhash = password_hash($user_pass, PASSWORD_BCRYPT);
+ $query = "UPDATE user SET user_pass='" . $newhash. "' WHERE user_id=" . $users[0]['user_id'];
+ $db->db_update($query);
+
+ } else {
+ if (! password_verify($user_pass, $users[0]['user_pass'])) {
+ return FALSE;
+ }
+ }
}
} else {
return FALSE;
diff --git a/submit.php b/submit.php
index 05cc260..fa32b57 100644
--- a/submit.php
+++ b/submit.php
@@ -1000,12 +1000,14 @@ if (isset($_POST['edit'])) {
$user_id = sanitize($_POST['user_id']);
$user_name = sanitize($_POST['user_name']);
$user_displayname = sanitize($_POST['user_displayname']);
+ $user_realm = sanitize($_POST['user_realm']);
$query = "UPDATE
user
SET
user_name='" . $user_name . "',
- user_displayname='" . $user_displayname . "'
+ user_displayname='" . $user_displayname . "',
+ user_realm='" . $user_realm . "'
WHERE
user_id=" . $user_id;
diff --git a/tpl/user.tpl b/tpl/user.tpl
index 9d56c6a..ca84524 100644
--- a/tpl/user.tpl
+++ b/tpl/user.tpl
@@ -15,6 +15,9 @@
+
@@ -24,6 +27,9 @@
{$user.user_name}
+
+ {$user.user_realm}
+
{$user.user_displayname}
diff --git a/tpl/useredit.tpl b/tpl/useredit.tpl
index 5f203af..812a55f 100644
--- a/tpl/useredit.tpl
+++ b/tpl/useredit.tpl
@@ -40,6 +40,14 @@
+
+ {$lang_user_realm}
+
+
+{html_radios name=user_realm values=$realm_ids output=$realm_names selected=$realm_selected}
+
+
\ No newline at end of file
diff --git a/tpl/userview.tpl b/tpl/userview.tpl
index 28ac7fe..67fe7c3 100644
--- a/tpl/userview.tpl
+++ b/tpl/userview.tpl
@@ -36,4 +36,12 @@
{$user_displayname}
+
+
+ {$lang_user_realm}
+
+
+ {$user_realm}
+
+
diff --git a/user.php b/user.php
index dfc96d2..bd7fa4d 100644
--- a/user.php
+++ b/user.php
@@ -13,7 +13,8 @@ include("header.php");
$query = "SELECT
user_id,
user_name,
- user_displayname
+ user_displayname,
+ user_realm
FROM
user
ORDER BY
diff --git a/useredit.php b/useredit.php
index 5ad7fdd..86fd429 100644
--- a/useredit.php
+++ b/useredit.php
@@ -15,7 +15,8 @@ include("header.php");
$query = "SELECT
user_name,
- user_displayname
+ user_displayname,
+ user_realm
FROM
user
WHERE
@@ -26,6 +27,11 @@ $user = $db->db_select($query);
$smarty->assign("user_id", $user_id);
$smarty->assign("user_name", $user[0]['user_name']);
$smarty->assign("user_displayname", $user[0]['user_displayname']);
+
+// auth realms
+$smarty->assign("realm_ids", ['local', 'ldap']);
+$smarty->assign("realm_names", ['Local', 'LDAP']);
+$smarty->assign("realm_selected", $user[0]['user_realm']);
$smarty->display("useredit.tpl");
diff --git a/userview.php b/userview.php
index cff83cc..b150028 100644
--- a/userview.php
+++ b/userview.php
@@ -15,7 +15,8 @@ include("header.php");
$query = "SELECT
user_name,
- user_displayname
+ user_displayname,
+ user_realm
FROM
user
WHERE
@@ -28,6 +29,7 @@ $user = $db->db_select($query);
$smarty->assign("user_id", $user_id);
$smarty->assign("user_name", $user[0]['user_name']);
$smarty->assign("user_displayname", $user[0]['user_displayname']);
+$smarty->assign("user_realm", $user[0]['user_realm']);
$smarty->display("userview.tpl");