thooge
/
ipreg
Archived
1
0
Fork 0
Code Pull Requests Packages Projects Releases Activity

Added LDAP auth

Browse Source
master
Thomas Hooge 1 year ago
parent 7d6450706f
commit b144555e46
11 changed files with 89 additions and 16 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 1
      lang/de.php
  2. 1
      lang/en.php
  3. 1
      lib/db.class.php
  4. 61
      lib/user.class.php
  5. 4
      submit.php
  6. 6
      tpl/user.tpl
  7. 8
      tpl/useredit.tpl
  8. 8
      tpl/userview.tpl
  9. 3
      user.php
  10. 8
      useredit.php
  11. 4
      userview.php

1
lang/de.php
Unescape View File

@ -144,6 +144,7 @@ $lang = array(
'lang_user_name' => 'Benutzername', 'lang_user_name' => 'Benutzername',
'lang_user_password' => 'Kennwort', 'lang_user_password' => 'Kennwort',
'lang_user_language' => 'Sprache', 'lang_user_language' => 'Sprache',
'lang_user_realm' => 'Realm',
'lang_zone_add' => 'Zone hinzufügen', 'lang_zone_add' => 'Zone hinzufügen',
'lang_zone_del' => 'Zone löschen', 'lang_zone_del' => 'Zone löschen',

1
lang/en.php
Unescape View File

@ -143,6 +143,7 @@ $lang = array(
'lang_user_edit' => 'Mofidy user', 'lang_user_edit' => 'Mofidy user',
'lang_user_name' => 'Username', 'lang_user_name' => 'Username',
'lang_user_password' => 'Password', 'lang_user_password' => 'Password',
'lang_user_realm' => 'Realm',
'lang_zone_add' => 'Add zone', 'lang_zone_add' => 'Add zone',
'lang_zone_del' => 'Delete zone', 'lang_zone_del' => 'Delete zone',

1
lib/db.class.php
Unescape View File

@ -35,7 +35,6 @@
function db_insert($query) { function db_insert($query) {
// run query // run query
echo "<pre>$query</pre>";
$sql = mysqli_query($this->dblink, $query) or die(mysqli_error($this->dblink)); $sql = mysqli_query($this->dblink, $query) or die(mysqli_error($this->dblink));
// return result // return result

61
lib/user.class.php
Unescape View File

@ -30,6 +30,36 @@
} }
} }
function check_ldap_bind($user_name, $user_pass) {
global $config_ldap_host;
global $config_ldap_port;
global $config_ldap_base_dn;
global $config_ldap_bind_dn;
global $config_ldap_bind_pass;
global $config_ldap_login_attr;
$ldap_conn = NULL;
foreach ($config_ldap_host as $server) {
if ($ldap_conn = ldap_connect($server, $config_ldap_port)) {
if ($res = ldap_bind($ldap_conn, $config_ldap_bind_dn, $config_ldap_bind_pass)) {
ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
$filter = "(&(objectClass=user)($config_ldap_login_attr=$user_name))";
$res = ldap_search($ldap_conn, $config_ldap_base_dn, $filter, ['dn']);
if ($res) {
$info = ldap_get_entries($ldap_conn, $res);
$user_dn = $info[0]['dn'];
$res = ldap_bind($ldap_conn, $user_dn, $user_pass);
if ($res) {
return TRUE;
}
}
}
return FALSE;
}
}
return FALSE;
}
function user_login($user_name, $user_pass) { function user_login($user_name, $user_pass) {
global $dblink; global $dblink;
// check user_name length // check user_name length
@ -50,6 +80,7 @@
$query = "SELECT $query = "SELECT
user.user_id, user.user_id,
user.user_pass, user.user_pass,
user.user_realm,
user.user_displayname, user.user_displayname,
user.user_language, user.user_language,
user.user_imagesize, user.user_imagesize,
@ -81,19 +112,27 @@
// any users? // any users?
if ($user_counter>0) { if ($user_counter>0) {
// compare passwords if ($users[0]['user_realm'] == 'ldap') {
if(!strcmp(md5($user_pass), rtrim($users[0]['user_pass']))) { // check LDAP auth
// all ok: user is logged in if (! $this->check_ldap_bind($user_name, $user_pass)) {
// md5 match but outdated. rewrite with new algo
$newhash = password_hash($user_pass, PASSWORD_BCRYPT);
$query = "UPDATE user SET user_pass='" . $newhash. "' WHERE user_id=" . $users[0]['user_id'];
$db->db_update($query);
} else {
if (! password_verify($user_pass, $users[0]['user_pass'])) {
return FALSE; return FALSE;
} }
// TODO sync LDAP data to local
} else {
// compare local passwords
if(!strcmp(md5($user_pass), rtrim($users[0]['user_pass']))) {
// all ok: user is logged in
// md5 match but outdated. rewrite with new algo
$newhash = password_hash($user_pass, PASSWORD_BCRYPT);
$query = "UPDATE user SET user_pass='" . $newhash. "' WHERE user_id=" . $users[0]['user_id'];
$db->db_update($query);
} else {
if (! password_verify($user_pass, $users[0]['user_pass'])) {
return FALSE;
}
}
} }
} else { } else {
return FALSE; return FALSE;

4
submit.php
Unescape View File

@ -1000,12 +1000,14 @@ if (isset($_POST['edit'])) {
$user_id = sanitize($_POST['user_id']); $user_id = sanitize($_POST['user_id']);
$user_name = sanitize($_POST['user_name']); $user_name = sanitize($_POST['user_name']);
$user_displayname = sanitize($_POST['user_displayname']); $user_displayname = sanitize($_POST['user_displayname']);
$user_realm = sanitize($_POST['user_realm']);
$query = "UPDATE $query = "UPDATE
user user
SET SET
user_name='" . $user_name . "', user_name='" . $user_name . "',
user_displayname='" . $user_displayname . "' user_displayname='" . $user_displayname . "',
user_realm='" . $user_realm . "'
WHERE WHERE
user_id=" . $user_id; user_id=" . $user_id;

6
tpl/user.tpl
Unescape View File

@ -15,6 +15,9 @@
<td class="header"> <td class="header">
{$lang_user_name} {$lang_user_name}
</td> </td>
<td class="header">
{$lang_user_realm}
</td>
<td class="header"> <td class="header">
{$lang_user_displayname} {$lang_user_displayname}
</td> </td>
@ -24,6 +27,9 @@
<td class="label"> <td class="label">
<a href="userview.php?user_id={$user.user_id}">{$user.user_name}</a> <a href="userview.php?user_id={$user.user_id}">{$user.user_name}</a>
</td> </td>
<td class="value">
{$user.user_realm}
</td>
<td class="value"> <td class="value">
{$user.user_displayname} {$user.user_displayname}
</td> </td>

8
tpl/useredit.tpl
Unescape View File

@ -40,6 +40,14 @@
<input type="text" name="user_displayname" value="{$user_displayname}"> <input type="text" name="user_displayname" value="{$user_displayname}">
</td> </td>
</tr> </tr>
<tr>
<td class="label">
{$lang_user_realm}
</td>
<td class="value">
{html_radios name=user_realm values=$realm_ids output=$realm_names selected=$realm_selected}
</td>
</tr>
</table> </table>
</form> </form>

8
tpl/userview.tpl
Unescape View File

@ -36,4 +36,12 @@
{$user_displayname} {$user_displayname}
</td> </td>
</tr> </tr>
<tr>
<td class="label">
{$lang_user_realm}
</td>
<td class="value">
{$user_realm}
</td>
</tr>
</table> </table>

3
user.php
Unescape View File

@ -13,7 +13,8 @@ include("header.php");
$query = "SELECT $query = "SELECT
user_id, user_id,
user_name, user_name,
user_displayname user_displayname,
user_realm
FROM FROM
user user
ORDER BY ORDER BY

8
useredit.php
Unescape View File

@ -15,7 +15,8 @@ include("header.php");
$query = "SELECT $query = "SELECT
user_name, user_name,
user_displayname user_displayname,
user_realm
FROM FROM
user user
WHERE WHERE
@ -26,6 +27,11 @@ $user = $db->db_select($query);
$smarty->assign("user_id", $user_id); $smarty->assign("user_id", $user_id);
$smarty->assign("user_name", $user[0]['user_name']); $smarty->assign("user_name", $user[0]['user_name']);
$smarty->assign("user_displayname", $user[0]['user_displayname']); $smarty->assign("user_displayname", $user[0]['user_displayname']);
// auth realms
$smarty->assign("realm_ids", ['local', 'ldap']);
$smarty->assign("realm_names", ['Local', 'LDAP']);
$smarty->assign("realm_selected", $user[0]['user_realm']);
$smarty->display("useredit.tpl"); $smarty->display("useredit.tpl");

4
userview.php
Unescape View File

@ -15,7 +15,8 @@ include("header.php");
$query = "SELECT $query = "SELECT
user_name, user_name,
user_displayname user_displayname,
user_realm
FROM FROM
user user
WHERE WHERE
@ -28,6 +29,7 @@ $user = $db->db_select($query);
$smarty->assign("user_id", $user_id); $smarty->assign("user_id", $user_id);
$smarty->assign("user_name", $user[0]['user_name']); $smarty->assign("user_name", $user[0]['user_name']);
$smarty->assign("user_displayname", $user[0]['user_displayname']); $smarty->assign("user_displayname", $user[0]['user_displayname']);
$smarty->assign("user_realm", $user[0]['user_realm']);
$smarty->display("userview.tpl"); $smarty->display("userview.tpl");