Add ldap connection

67bb8288 · jlopez · 33da23ea · 67bb8288 · 67bb8288 · 67bb8288
Commit 67bb8288 authored Apr 25, 2019 by jlopez
--- a/action/action_login.php
+++ b/action/action_login.php
@@ -10,12 +10,14 @@ session_start ();

 require_once '../dao/DBquery.php';

-$db = new DBquery();
+require_once '../dao/LDAPquery.php';

-$today = date("Y-m-d G:i:s");
+$db = new DBquery();

 session_start ();

+$today = date("Y-m-d G:i:s");
+
 $login = $db->escape($_POST['username']);
 $pwd   = $db->escape($_POST['password']);

@@ -24,12 +26,25 @@ $passcode = $db->verifyPass($login, $pwd);
 if($passcode == 1) {
    $_SESSION['username'] = $login;
    $_SESSION['usercode'] = 1;
+    $_SESSION['gestion'] = 1;
    header("Location: ../gestion.php");

 } elseif ($passcode == 2) {
    $_SESSION['username'] = "guest";
    $_SESSION['usercode'] = 2;
+    $_SESSION['gestion'] = 1;
    header("Location: ../gestion.php");
 } else {
-    header("Location: ../login.php");
+
+    $ldap = new LDAPquery();
+
+    $ldappasscode = $ldap->verifyPass($login, $pwd);
+    
+    if($ldappasscode == 1) {
+        $_SESSION['username'] = $login;
+        $_SESSION['usercode'] = 3;
+        header("Location: ../index.php");
+    } else {
+       header("Location: ../login.php");
+    }
 }
--- a/conf/Conf.php.sample
+++ b/conf/Conf.php.sample
@@ -13,5 +13,22 @@ class Conf {
        // generate an admin password with: echo password|sha1sum|awk '{print $1}';
        public static $KK            = "to_replace_with_your_admin_pass";

+        public static $LDAP_HOSTNAME = '';
+        public static $LDAP_PORT     = 0;
+        public static $LDAP_ADMIN    = 'cn=X,dc=X,dc=X,dc=X';
+        public static $LDAP_USER     = 'ou=people,dc=X,dc=X,dc=X';
+        public static $LDAP_PP       = '';
+
+        public static function dbEncodePass($p) {
+                # exemple md5, sha1, etc...
+                return $p;
+        } 
+
+        # encoding ldap password
+        public static function ldapEncodePass($p) {
+                
+                return $p;
+        } 
+
 }

--- a/dao/DBquery.php
+++ b/dao/DBquery.php
@@ -258,14 +258,15 @@ class DBquery
    }

    public function verifyPass($username, $pass) {
-        if($username == "admin" && sha1($pass)==Conf::$KK) {
+        if($username == "admin" && Conf::dbEncodePass($pass)==Conf::$KK) {
            return 1;
        } else {
-            if($username == "guest" && $pass == "2019mbb") {
-                return 2;
-            } else {
+            # if you want guest admin
+            //if($username == "guest" && $pass == "2019mbb") {
+            //    return 2;
+            //} else {
                return 0;
-            }
+            //}
        }
    }


--- a/dao/LDAPquery.php
+++ b/dao/LDAPquery.php
+<?php
+
+/**
+ * Connection to ldap
+ */
+
+require_once(__DIR__.'/../conf/Conf.php');
+
+class LDAPquery {
+
+    var $ldaph = NULL;
+
+    public function __construct() {
+        $this->openConnection();
+    }
+
+    public function openConnection() {
+        $this->ldaph = ldap_connect(Conf::$LDAP_HOSTNAME);
+        if(!$this->ldaph) {
+            die("Impossible de se connecter au serveur LDAP ".Conf::$LDAP_HOSTNAME);
+        }
+    }
+
+    public function bind() {
+        ldap_set_option($this->ldaph, LDAP_OPT_PROTOCOL_VERSION, 3);
+        $r = ldap_bind($this->ldaph, Conf::$LDAP_ADMIN, Conf::$LDAP_PP);
+        return $r;
+    }
+
+    public function verifyPass($ul, $up) {
+        $r = $this->bind();
+        if($r) {
+            $sr=ldap_search($this->ldaph, Conf::$LDAP_USER, "(cn=*)");
+            $info = ldap_get_entries($this->ldaph, $sr);
+            for ($i=0; $i<$info["count"]; $i++) {
+
+                $login = $info[$i]["cn"][0];
+
+                if($login == $ul) {
+                    if($info[$i]["userpassword"][0] == Conf::ldapEncodePass($up)) {
+                        return 1;
+                    };
+                }
+            }
+        }
+
+        return 0;
+    }
+
+}
\ No newline at end of file
--- a/gestion.php
+++ b/gestion.php
@@ -8,8 +8,8 @@

 session_start ();

-if(!isset($_SESSION['username'])) {
-    header("Location: ../login.php");
+if(!isset($_SESSION['gestion'])) {
+    header("Location: ./login.php");
 }

 require_once "./dao/DBquery.php";

--- a/index.php
+++ b/index.php
@@ -12,6 +12,10 @@

 session_start ();

+if(!isset($_SESSION['username'])) {
+   header("Location: ./login.php");
+}
+
 require_once "./dao/DBquery.php";

 $db = new DBquery();
@@ -108,7 +112,11 @@ function printPanel($name) {
                if(isset($_SESSION['username']) && !empty($_SESSION['username']))
                {
                    echo ' <a class="nav-item nav-link active" href="./index.php"> Home </a>';
-                    echo ' <a class="nav-item nav-link" href="./gestion.php"> Gestion </a>';
+
+                    if(isset($_SESSION['gestion']) && !empty($_SESSION['gestion']))
+                    {
+                        echo ' <a class="nav-item nav-link" href="./gestion.php"> Gestion </a>';
+                    }
                }
                ?>