You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
171 lines
7.2 KiB
171 lines
7.2 KiB
<?php
|
|
/*****************************************************************************
|
|
IP Reg, a PHP/MySQL IPAM tool
|
|
Copyright (C) 2007-2009 Wietse Warendorff
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
For more information, visit http://sourceforge.net/projects/ipreg,
|
|
or contact me at wietsew@users.sourceforge.net
|
|
*****************************************************************************/
|
|
|
|
class User {
|
|
function check_strlen($string) {
|
|
// check length
|
|
if(strlen($string)<1) {
|
|
return FALSE;
|
|
} else {
|
|
return TRUE;
|
|
}
|
|
}
|
|
|
|
function check_ldap_bind($user_name, $user_pass) {
|
|
global $config_ldap_host;
|
|
global $config_ldap_port;
|
|
global $config_ldap_base_dn;
|
|
global $config_ldap_bind_dn;
|
|
global $config_ldap_bind_pass;
|
|
global $config_ldap_login_attr;
|
|
$ldap_conn = NULL;
|
|
foreach ($config_ldap_host as $server) {
|
|
if ($ldap_conn = ldap_connect($server, $config_ldap_port)) {
|
|
if ($res = ldap_bind($ldap_conn, $config_ldap_bind_dn, $config_ldap_bind_pass)) {
|
|
ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);
|
|
ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
|
|
$filter = "(&(objectClass=user)($config_ldap_login_attr=$user_name))";
|
|
$res = ldap_search($ldap_conn, $config_ldap_base_dn, $filter, ['dn']);
|
|
if ($res) {
|
|
$info = ldap_get_entries($ldap_conn, $res);
|
|
$user_dn = $info[0]['dn'];
|
|
$res = ldap_bind($ldap_conn, $user_dn, $user_pass);
|
|
if ($res) {
|
|
return TRUE;
|
|
}
|
|
}
|
|
}
|
|
return FALSE;
|
|
}
|
|
}
|
|
return FALSE;
|
|
}
|
|
|
|
function user_login($user_name, $user_pass) {
|
|
global $dblink;
|
|
// check user_name length
|
|
if($this->check_strlen($user_name)==FALSE) {
|
|
return FALSE;
|
|
}
|
|
|
|
// check user_pass length
|
|
if($this->check_strlen($user_pass)==FALSE) {
|
|
return FALSE;
|
|
}
|
|
|
|
// get user data
|
|
// initiate class
|
|
$db = new Db($dblink);
|
|
|
|
// build query
|
|
$query = "SELECT
|
|
user.user_id,
|
|
user.user_pass,
|
|
user.user_realm,
|
|
user.user_displayname,
|
|
user.user_language,
|
|
user.user_imagesize,
|
|
user.user_imagecount,
|
|
user.user_mac,
|
|
user.user_dateformat,
|
|
user.user_dns1suffix,
|
|
user.user_dns2suffix,
|
|
user.user_menu_assets,
|
|
user.user_menu_assetclasses,
|
|
user.user_menu_assetclassgroups,
|
|
user.user_menu_locations,
|
|
user.user_menu_nodes,
|
|
user.user_menu_subnets,
|
|
user.user_menu_users,
|
|
user.user_menu_vlans,
|
|
user.user_menu_zones,
|
|
user.user_tooltips
|
|
FROM
|
|
user
|
|
WHERE
|
|
user.user_name='" . $user_name . "'";
|
|
|
|
// run query
|
|
$users = $db->db_select($query);
|
|
|
|
// count results
|
|
$user_counter = count($users);
|
|
|
|
// any users?
|
|
if ($user_counter>0) {
|
|
if ($users[0]['user_realm'] == 'ldap') {
|
|
// check LDAP auth
|
|
if (! $this->check_ldap_bind($user_name, $user_pass)) {
|
|
return FALSE;
|
|
}
|
|
// TODO sync LDAP data to local
|
|
} else {
|
|
// compare local passwords
|
|
if(!strcmp(md5($user_pass), rtrim($users[0]['user_pass']))) {
|
|
// all ok: user is logged in
|
|
|
|
// md5 match but outdated. rewrite with new algo
|
|
$newhash = password_hash($user_pass, PASSWORD_BCRYPT);
|
|
$query = "UPDATE user SET user_pass='" . $newhash. "' WHERE user_id=" . $users[0]['user_id'];
|
|
$db->db_update($query);
|
|
|
|
} else {
|
|
if (! password_verify($user_pass, $users[0]['user_pass'])) {
|
|
return FALSE;
|
|
}
|
|
}
|
|
}
|
|
} else {
|
|
return FALSE;
|
|
}
|
|
|
|
// register session data
|
|
$_SESSION['suser_id'] = $users[0]['user_id'];
|
|
$_SESSION['suser_displayname'] = $users[0]['user_displayname'];
|
|
$_SESSION['suser_language'] = $users[0]['user_language'];
|
|
$_SESSION['suser_imagesize'] = $users[0]['user_imagesize'];
|
|
$_SESSION['suser_imagecount'] = $users[0]['user_imagecount'];
|
|
$_SESSION['suser_mac'] = $users[0]['user_mac'];
|
|
$_SESSION['suser_dateformat'] = $users[0]['user_dateformat'];
|
|
$_SESSION['suser_dns1suffix'] = $users[0]['user_dns1suffix'];
|
|
$_SESSION['suser_dns2suffix'] = $users[0]['user_dns2suffix'];
|
|
$_SESSION['suser_menu_assets'] = $users[0]['user_menu_assets'];
|
|
$_SESSION['suser_menu_assetclasses'] = $users[0]['user_menu_assetclasses'];
|
|
$_SESSION['suser_menu_assetclassgroups'] = $users[0]['user_menu_assetclassgroups'];
|
|
$_SESSION['suser_menu_locations'] = $users[0]['user_menu_locations'];
|
|
$_SESSION['suser_menu_nodes'] = $users[0]['user_menu_nodes'];
|
|
$_SESSION['suser_menu_subnets'] = $users[0]['user_menu_subnets'];
|
|
$_SESSION['suser_menu_users'] = $users[0]['user_menu_users'];
|
|
$_SESSION['suser_menu_vlans'] = $users[0]['user_menu_vlans'];
|
|
$_SESSION['suser_menu_zones'] = $users[0]['user_menu_zones'];
|
|
$_SESSION['suser_tooltips'] = $users[0]['user_tooltips'];
|
|
|
|
// no errors found, return
|
|
return TRUE;
|
|
}
|
|
|
|
function user_logout() {
|
|
// clear and destroy session
|
|
$_SESSION = array();
|
|
}
|
|
}
|
|
?>
|
|
|