Has anyone used Trellis Desk? I am trying to rewrite the coding to work with LDAP User Authentication. Does anyone have experience in integrating LDAP into scripts?
Thanks
+ Reply to Thread
Results 1 to 15 of 18
Thread: LDAP Stuff
-
09-24-2007 05:58 AM #1Master of Cheese
- Join Date
- Jun 2006
- Location
- Cambridge, UK
- Posts
- 72
LDAP Stuff
-
09-24-2007 07:52 AM #2Community Leader
- Join Date
- Sep 2001
- Location
- Rochester, NY
- Posts
- 5,954
I frequently do LDAP authentication in PHP scripts at work. Do you have specific questions, need to see sample code, or what?
I've never used Trellis Desk.
--Jason
-
09-24-2007 12:58 PM #3Master of Cheese
- Join Date
- Jun 2006
- Location
- Cambridge, UK
- Posts
- 72
I basically want to know how to do it. I have found what i think is the authentication page. I then need a configurable LDAP script that will contain all the LDAP settings. Then hopefully it will all work fine. I have attached the file that i think would be the file i need to edit.
Thanks
J
FIle: class_session.php
FIle: class_session.phpPHP Code:<?php
/*
#======================================================
| Trellis Desk
| =====================================
| By DJ "someotherguy" (sog@accord5.com)
| © 2007 ACCORD5
| http://www.accord.com/products/trellis/
| =====================================
| Email: sales@accord5.com
#======================================================
| @ Version: v1.0 RC 1 Build 10031234
| @ Version Int: 100.3.1.234
| @ Version Num: 10031234
| @ Build: 0234
#======================================================
| | Session Class :: Session Handler
#======================================================
*/
class session {
var $member = array();
#=======================================
# @ Load Session
# Loads the session. What else? :D
#=======================================
function load_session()
{
$authorized = 0; // Initialize for Security
#=============================
# Kill Any Bad Sessions
#=============================
$this->kill_old_sessions();
$this->kill_old_tokens();
#=============================
# Get Information
#=============================
$cookie_sid = $this->ifthd->get_cookie('hdsid');
$cookie_mid = intval( $this->ifthd->get_cookie('hdmid') );
$cookie_hash = $this->ifthd->get_cookie('hdphash');
#=============================
# If We Have A Session Cookie
#=============================
if ( $cookie_sid )
{
#=============================
# Load Member
#=============================
$this->ifthd->core->db->construct( array(
'select' => array( 's' => 'all',
'm' => array( 'id', 'name', 'email', 'login_key', 'mgroup', 'title', 'joined', 'ipadd', 'open_tickets', 'tickets', 'email_notify', 'email_html', 'email_new_ticket', 'email_ticket_reply', 'email_announce', 'email_staff_ticket_reply', 'email_staff_new_ticket', 'ban_ticket_center', 'ban_ticket_open', 'ban_ticket_escalate', 'ban_ticket_rate', 'ban_kb', 'ban_kb_comment', 'ban_kb_rate', 'time_zone', 'dst_active', 'lang', 'skin', 'use_rte', 'cpfields' ),
'g' => 'all',
),
'from' => array( 's' => 'sessions' ),
'join' => array( array( 'from' => array( 'm' => 'members' ), 'where' => array( 's' => 's_mid', '=', 'm' => 'id' ) ), array( 'from' => array( 'g' => 'groups' ), 'where' => array( 'g' => 'g_id', '=', 'm' => 'mgroup' ) ) ),
'where' => array( array( 's' => 's_id' ), '=', $cookie_sid ),
'limit' => array( 0, 1 ),
) );
$this->ifthd->core->db->execute();
if ( $this->ifthd->core->db->get_num_rows() == 1 )
{
$this->member = $this->ifthd->core->db->fetch_row();
#=============================
# Update Session
#=============================
$this->ifthd->core->db->construct( array(
'update' => 'sessions',
'set' => array( 's_location' => $this->ifthd->input['act'], 's_time' => time() ),
'where' => array( 's_id', '=', $cookie_sid ),
'limit' => array( 1 ),
) );
$this->ifthd->core->db->next_shutdown();
$this->ifthd->core->db->execute();
$this->ifthd->set_cookie( 'hdsid', $cookie_sid, time() + ( $this->ifthd->core->cache['config']['session_timeout'] * 60 ) );
if ( $this->member['s_guest'] )
{
$this->member['id'] = 0;
$this->member['name'] = 'Guest';
$this->member['mgroup'] = 2;
$this->member = array_merge( $this->member, $this->ifthd->core->cache['group'][2] );
}
$authorized = 1;
}
}
#=============================
# If We Have A Remember Cookie
#=============================
if ( $cookie_mid && $cookie_hash && ! $authorized )
{
#=============================
# Load Member
#=============================
$this->ifthd->core->db->construct( array(
'select' => array( 'm' => array( 'id', 'name', 'email', 'login_key', 'mgroup', 'title', 'joined', 'ipadd', 'open_tickets', 'tickets', 'email_notify', 'email_html', 'email_new_ticket', 'email_ticket_reply', 'email_announce', 'email_staff_new_ticket', 'email_staff_ticket_reply', 'ban_ticket_center', 'ban_ticket_open', 'ban_ticket_escalate', 'ban_ticket_rate', 'ban_kb', 'ban_kb_comment', 'ban_kb_rate', 'time_zone', 'dst_active', 'lang', 'skin', 'use_rte', 'cpfields' ),
'g' => 'all',
),
'from' => array( 'm' => 'members' ),
'join' => array( array( 'from' => array( 'g' => 'groups' ), 'where' => array( 'g' => 'g_id', '=', 'm' => 'mgroup' ) ) ),
'where' => array( array( 'm' => 'id' ), '=', $cookie_mid ),
'limit' => array( 0, 1 ),
) );
$this->ifthd->core->db->execute();
$this->member = $this->ifthd->core->db->fetch_row();
#=============================
# Checkie Checkie
#=============================
if ( $this->member['login_key'] == $cookie_hash )
{
#=============================
# Create Session
#=============================
$new_session = md5( 's' . time() . $this->member['id'] . uniqid( rand(), true ) );
$db_array = array(
's_id' => $new_session,
's_mid' => $this->member['id'],
's_mname' => $this->member['name'],
's_ipadd' => $this->ifthd->input['ip_address'],
's_location' => $this->ifthd->input['act'],
's_time' => time(),
);
$this->ifthd->core->db->construct( array(
'insert' => 'sessions',
'set' => $db_array,
) );
$this->ifthd->core->db->execute();
$this->ifthd->set_cookie( 'hdsid', $new_session, time() + ( $this->ifthd->core->cache['config']['session_timeout'] * 60 ) );
$authorized = 1;
}
else
{
$this->ifthd->delete_cookie('hdmid');
$this->ifthd->delete_cookie('hdphash');
}
}
#=============================
# If We Are Not Authorized
#=============================
if ( ! $authorized )
{
$this->member['id'] = 0;
$this->member['name'] = 'Guest';
$this->member['mgroup'] = 2;
$this->member['guest'] = 1;
#=============================
# Create Session
#=============================
$new_session = md5( 's' . time() . $this->member['id'] . uniqid( rand(), true ) );
$db_array = array(
's_id' => $new_session,
's_mid' => $this->member['id'],
's_mname' => $this->member['name'],
's_ipadd' => $this->ifthd->input['ip_address'],
's_location' => $this->ifthd->input['act'],
's_time' => time(),
's_guest' => 1,
);
$this->ifthd->core->db->construct( array(
'insert' => 'sessions',
'set' => $db_array,
) );
$this->ifthd->core->db->execute();
$this->ifthd->set_cookie( 'hdsid', $new_session, time() + ( $this->ifthd->core->cache['config']['session_timeout'] * 60 ) );
$this->member['s_id'] = $new_session;
$this->member = array_merge( $this->member, $this->ifthd->core->cache['group'][2] );
}
return $this->member;
}
#=======================================
# @ Do Login
# Attempt to login.
#=======================================
function do_login()
{
#=============================
# Security Checks
#=============================
$this->ifthd->check_token('login');
if ( ! $this->ifthd->input['username'] || ! $this->ifthd->input['password'] )
{
$this->ifthd->skin->error('fill_form_completely', 1);
}
#=============================
# Select Member
#=============================
$this->ifthd->core->db->construct( array(
'select' => array( 'id', 'name', 'email', 'password', 'pass_salt', 'login_key', 'email_val', 'admin_val' ),
'from' => 'members',
'where' => array( 'name|lower', '=', strtolower( $this->ifthd->input['username'] ) ),
'limit' => array( 0, 1 ),
) );
$this->ifthd->core->db->execute();
if ( ! $this->ifthd->core->db->get_num_rows() )
{
$this->ifthd->skin->error('login_no_user', 1);
}
$mem = $this->ifthd->core->db->fetch_row();
#=============================
# Compare Password
#=============================
if ( sha1( md5( $this->ifthd->input['password'] . $mem['pass_salt'] ) ) == $mem['password'] )
{
#=============================
# Validation Check
#=============================
if ( ! $mem['email_val'] )
{
$this->ifthd->skin->error('login_must_val');
}
if ( ! $mem['admin_val'] )
{
$this->ifthd->skin->error('login_must_val_admin');
}
#=============================
# Delete Old Sessoin
#=============================
if ( $this->member['s_id'] )
{
$this->ifthd->core->db->construct( array(
'delete' => 'sessions',
'where' => array( 's_id', '=', $this->member['s_id'] ),
'limit' => array( 1 ),
) );
$this->ifthd->core->db->execute();
}
#=============================
# Create Session
#=============================
$new_session = md5( time() . $mem['id'] . uniqid( rand(), true ) );
$db_array = array(
's_id' => $new_session,
's_mid' => $mem['id'],
's_mname' => $mem['name'],
's_email' => $mem['email'],
's_ipadd' => $this->ifthd->input['ip_address'],
's_location' => $this->ifthd->input['act'],
's_time' => time(),
);
$this->ifthd->core->db->construct( array(
'insert' => 'sessions',
'set' => $db_array,
) );
$this->ifthd->core->db->execute();
$this->ifthd->set_cookie( 'hdsid', $new_session, time() + ( $this->ifthd->core->cache['config']['session_timeout'] * 60 ) );
#=============================
# Remember Me?
#=============================
if ( $this->ifthd->input['remember'] )
{
$this->ifthd->set_cookie( 'hdmid', $mem['id'] );
$this->ifthd->set_cookie( 'hdphash', $mem['login_key'] );
}
#=============================
# Redirect
#=============================
if ( $this->ifthd->input['extra_l'] )
{
$this->ifthd->skin->redirect( '?'. str_replace( "&", "&", $this->ifthd->input['extra_l'] ), 'login_success' );
}
else
{
$this->ifthd->skin->redirect( '?act=portal', 'login_success' );
}
}
else
{
$this->ifthd->skin->error('login_no_pass', 1);
}
}
#=======================================
# @ Do Guest Login
# Attempt to login a guest.
#=======================================
function do_guest_login($onthefly=0)
{
#=============================
# Security Checks
#=============================
if ( $onthefly )
{
$this->ifthd->input['email_address'] = $this->ifthd->input['email'];
$this->ifthd->input['ticket_key'] = $this->ifthd->input['key'];
}
else
{
$this->ifthd->check_token('glogin');
}
if ( ! $this->ifthd->validate_email( $this->ifthd->input['email_address'] ) )
{
$this->ifthd->skin->error('no_valid_email');
}
if ( strlen( $this->ifthd->input['ticket_key'] ) != 11 )
{
$this->ifthd->skin->error('no_valid_tkey');
}
#=============================
# Select Ticket
#=============================
$this->ifthd->core->db->construct( array(
'select' => array( 'id', 'mname', 'email' ),
'from' => 'tickets',
'where' => array( array( 'tkey', '=', $this->ifthd->input['ticket_key'] ), array( 'email', '=', $this->ifthd->input['email_address'], 'and' ), array( 'guest', '=', 1, 'and' ) ),
) );
$this->ifthd->core->db->execute();
if ( $this->ifthd->core->db->get_num_rows() != 1 )
{
$this->ifthd->skin->error('no_ticket_guest');
}
$ticket = $this->ifthd->core->db->fetch_row();
#=============================
# Update Session
#=============================
$new_session = md5( time() . $mem['id'] . uniqid( rand(), true ) );
$db_array = array( 's_mname' => $ticket['mname'], 's_email' => $ticket['email'], 's_tkey' => $this->ifthd->input['ticket_key'] );
$this->ifthd->core->db->construct( array(
'update' => 'sessions',
'set' => $db_array,
'where' => array( 's_id', '=', $this->member['s_id'] ),
'limit' => array( 1 ),
) );
$this->ifthd->core->db->execute();
$this->ifthd->member = array_merge( $this->ifthd->member, $db_array );
if ( ! $onthefly ) $this->ifthd->skin->redirect( '?act=tickets&code=view&id='. $ticket['id'], 'login_success' );
}
#=======================================
# @ Do Logout
# Attempt to logout.
#=======================================
function do_logout()
{
if ( $this->ifthd->member['id'] )
{
#=============================
# Security Checks
#=============================
$this->ifthd->core->db->construct( array(
'select' => array( 'id' ),
'from' => 'members',
'where' => array( 'login_key', '=', $this->ifthd->input['key'] ),
'limit' => array( 0, 1 ),
) );
$this->ifthd->core->db->execute();
if ( ! $this->ifthd->core->db->get_num_rows() )
{
$this->ifthd->skin->error('logout_no_key');
}
$lk = $this->ifthd->core->db->fetch_row();
if ( $this->ifthd->member['id'] != $lk['id'] )
{
$this->ifthd->skin->error('logout_no_key');
}
}
#=============================
# Delete Cookies
#=============================
$this->ifthd->delete_cookie('hdsid');
$this->ifthd->delete_cookie('hdmid');
$this->ifthd->delete_cookie('hdphash');
#=============================
# Delete Session
#=============================
$this->ifthd->core->db->construct( array(
'delete' => 'sessions',
'where' => array( 's_id', '=', $this->member['s_id'] ),
'limit' => array( 1 ),
) );
$this->ifthd->core->db->execute();
#=============================
# Redirect
#=============================
$this->ifthd->skin->redirect( '?act=portal', 'logout_success' );
}
#=======================================
# @ Kill Old Sessions
# Kills sessions older than the session
# timeout (defined in ACP).
#=======================================
function kill_old_sessions()
{
$timeout = time() - ( $this->ifthd->core->cache['config']['session_timeout'] * 60 );
$this->ifthd->core->db->construct( array(
'delete' => 'sessions',
'where' => array( 's_time', '<=', $timeout ),
) );
$this->ifthd->core->db->next_shutdown();
$this->ifthd->core->db->execute();
$num_killed = $this->ifthd->core->db->get_num_rows();
return $num_killed;
}
#=======================================
# @ Kill Old Tokens
# Kills tokens older than 1 hour.
#=======================================
function kill_old_tokens()
{
if ( $this->ifthd->core->cache['config']['use_form_tokens'] )
{
$timeout = time() - ( 60 * 60 );
$this->ifthd->core->db->construct( array(
'delete' => 'tokens',
'where' => array( 'date', '<=', $timeout ),
) );
$this->ifthd->core->db->next_shutdown();
$this->ifthd->core->db->execute();
$num_killed = $this->ifthd->core->db->get_num_rows();
return $num_killed;
}
}
}
?>
PHP Code:<?php
/*
#======================================================
| Trellis Desk
| =====================================
| By DJ "someotherguy" (sog@accord5.com)
| © 2007 ACCORD5
| http://www.accord.com/products/trellis/
| =====================================
| Email: sales@accord5.com
#======================================================
| @ Version: v1.0 RC 1 Build 10031234
| @ Version Int: 100.3.1.234
| @ Version Num: 10031234
| @ Build: 0234
#======================================================
| | Admin Session Class :: Session Handler
#======================================================
*/
class asession {
var $member = array();
#=======================================
# @ Load Session
# Loads the session. What else? :D
#=======================================
function load_session()
{
$authorized = 0; // Initialize for Security
#=============================
# Kill Any Bad Sessions
#=============================
$this->kill_old_sessions();
$this->kill_old_tokens();
#=============================
# Get Information
#=============================
$cookie_sid = $this->ifthd->get_cookie('hdasid');
#=============================
# If We Have A Session Cookie
#=============================
if ( $cookie_sid )
{
#=============================
# Load Member
#=============================
$this->ifthd->core->db->construct( array(
'select' => array( 's' => 'all',
'm' => array( 'id', 'name', 'email', 'login_key', 'mgroup', 'title', 'joined', 'ipadd', 'time_zone', 'dst_active', 'lang', 'skin', 'use_rte', 'cpfields', 'rss_key', 'signature', 'auto_sig', 'assigned' ),
'g' => 'all',
),
'from' => array( 's' => 'asessions' ),
'join' => array( array( 'from' => array( 'm' => 'members' ), 'where' => array( 's' => 's_mid', '=', 'm' => 'id' ) ), array( 'from' => array( 'g' => 'groups' ), 'where' => array( 'g' => 'g_id', '=', 'm' => 'mgroup' ) ) ),
'where' => array( array( 's' => 's_id' ), '=', $cookie_sid ),
'limit' => array( 0, 1 ),
) );
$this->ifthd->core->db->execute();
if ( $this->ifthd->core->db->get_num_rows() )
{
$this->member = $this->ifthd->core->db->fetch_row();
if ( $this->member['g_acp_access'] )
{
#=============================
# Update Ticket
#=============================
if ( $this->ifthd->input['section'] != 'manage' || $this->ifthd->input['act'] != 'tickets' || $this->ifthd->input['code'] != 'view' )
{
if ( $this->member['s_inticket'] )
{
$this->ifthd->core->db->construct( array(
'select' => array( 'status' ),
'from' => 'tickets',
'where' => array( 'id', '=', $this->member['s_inticket'] ),
'limit' => array( 0, 1 ),
) );
$this->ifthd->core->db->execute();
if ( $this->ifthd->core->db->get_num_rows() )
{
$t = $this->ifthd->core->db->fetch_row();
if ( $t['status'] == 2 )
{
$this->ifthd->core->db->construct( array(
'update' => 'tickets',
'set' => array( 'status' => 1 ),
'where' => array( 'id', '=', $this->member['s_inticket'] ),
'limit' => array( 1 ),
) );
$this->ifthd->core->db->execute();
}
}
}
}
#=============================
# Update Session
#=============================
$db_array = array(
's_location' => $this->ifthd->input['act'],
's_time' => time(),
);
if ( $this->ifthd->input['section'] == 'manage' && $this->ifthd->input['act'] == 'tickets' && $this->ifthd->input['code'] == 'view' )
{
$db_array['s_inticket'] = $this->ifthd->input['id'];
}
else
{
$db_array['s_inticket'] = 0;
}
$this->ifthd->core->db->construct( array(
'update' => 'asessions',
'set' => $db_array,
'where' => array( 's_id', '=', $cookie_sid ),
'limit' => array( 1 ),
) );
$this->ifthd->core->db->next_shutdown();
$this->ifthd->core->db->execute();
$this->ifthd->set_cookie( 'hdasid', $cookie_sid, time() + ( $this->ifthd->core->cache['config']['acp_session_timeout'] * 60 * 60 ) );
#=============================
# ACP Permissions
#=============================
if ( $this->member['id'] == 1 )
{
$this->member['acp'] = unserialize('a:76:{s:5:"admin";i:1;s:10:"admin_logs";i:1;s:16:"admin_logs_admin";i:1;s:17:"admin_logs_member";i:1;s:16:"admin_logs_email";i:1;s:16:"admin_logs_error";i:1;s:19:"admin_logs_security";i:1;s:17:"admin_logs_ticket";i:1;s:16:"admin_logs_prune";i:1;s:6:"manage";i:1;s:13:"manage_ticket";i:1;s:19:"manage_ticket_reply";i:1;s:25:"manage_ticket_assign_self";i:1;s:24:"manage_ticket_assign_any";i:1;s:18:"manage_ticket_hold";i:1;s:22:"manage_ticket_escalate";i:1;s:18:"manage_ticket_move";i:1;s:19:"manage_ticket_close";i:1;s:20:"manage_ticket_delete";i:1;s:20:"manage_ticket_reopen";i:1;s:13:"manage_canned";i:1;s:17:"manage_canned_add";i:1;s:18:"manage_canned_edit";i:1;s:20:"manage_canned_delete";i:1;s:13:"manage_depart";i:1;s:17:"manage_depart_add";i:1;s:18:"manage_depart_edit";i:1;s:20:"manage_depart_delete";i:1;s:21:"manage_depart_reorder";i:1;s:21:"manage_depart_cfields";i:1;s:15:"manage_announce";i:1;s:19:"manage_announce_add";i:1;s:20:"manage_announce_edit";i:1;s:22:"manage_announce_delete";i:1;s:13:"manage_member";i:1;s:17:"manage_member_add";i:1;s:18:"manage_member_edit";i:1;s:20:"manage_member_delete";i:1;s:21:"manage_member_approve";i:1;s:21:"manage_member_cfields";i:1;s:12:"manage_group";i:1;s:16:"manage_group_add";i:1;s:17:"manage_group_edit";i:1;s:19:"manage_group_delete";i:1;s:14:"manage_article";i:1;s:18:"manage_article_add";i:1;s:19:"manage_article_edit";i:1;s:21:"manage_article_delete";i:1;s:10:"manage_cat";i:1;s:14:"manage_cat_add";i:1;s:15:"manage_cat_edit";i:1;s:17:"manage_cat_delete";i:1;s:12:"manage_pages";i:1;s:16:"manage_pages_add";i:1;s:17:"manage_pages_edit";i:1;s:19:"manage_pages_delete";i:1;s:15:"manage_settings";i:1;s:22:"manage_settings_update";i:1;s:4:"look";i:1;s:9:"look_skin";i:1;s:16:"look_skin_manage";i:1;s:15:"look_skin_tools";i:1;s:16:"look_skin_import";i:1;s:16:"look_skin_export";i:1;s:9:"look_lang";i:1;s:16:"look_lang_manage";i:1;s:15:"look_lang_tools";i:1;s:16:"look_lang_import";i:1;s:16:"look_lang_export";i:1;s:5:"tools";i:1;s:11:"tools_maint";i:1;s:19:"tools_maint_recount";i:1;s:17:"tools_maint_clean";i:1;s:16:"tools_maint_optm";i:1;s:20:"tools_maint_syscheck";i:1;s:12:"tools_backup";i:1;}');
}
else
{
$this->member['acp'] = unserialize( $this->member['g_acp_perm'] );
}
$authorized = 1;
}
}
}
#=============================
# If We Are Not Authorized
#=============================
if ( ! $authorized )
{
$this->member['id'] = 0;
$this->ifthd->delete_cookie( 'hdasid' );
$this->ifthd->skin->error( 'must_login', 1 );
}
return $this->member;
}
#=======================================
# @ Do Login
# Attempt to login.
#=======================================
function do_login()
{
#=============================
# Security Checks
#=============================
if ( ! isset( $this->ifthd->input['username'] ) || ! isset( $this->ifthd->input['password'] ) )
{
$this->ifthd->skin->error( 'fill_form_completely', 1 );
}
#=============================
# Select Member
#=============================
$this->ifthd->core->db->construct( array(
'select' => array( 'm' => array( 'id', 'name', 'email', 'password', 'pass_salt', 'login_key', 'mgroup', 'title', 'joined', 'ipadd', 'time_zone', 'dst_active', 'lang', 'skin', 'use_rte', 'cpfields', 'rss_key', 'signature', 'auto_sig', 'assigned' ),
'g' => 'all',
),
'from' => array( 'm' => 'members' ),
'join' => array( array( 'from' => array( 'g' => 'groups' ), 'where' => array( 'g' => 'g_id', '=', 'm' => 'mgroup' ) ) ),
'where' => array( array( 'm' => 'name|lower' ), '=', strtolower( $this->ifthd->input['username'] ) ),
'limit' => array( 0, 1 ),
) );
$this->ifthd->core->db->execute();
if ( ! $this->ifthd->core->db->get_num_rows() )
{
$this->ifthd->log( 'admin', "ACP Failed Login Attempt '". $this->ifthd->input['username'] ."'", 2 );
$this->ifthd->log( 'security', "ACP Failed Login Attempt '". $this->ifthd->input['username'] ."'", 2 );
$this->ifthd->skin->error( 'login_no_user', 1 );
}
$mem = $this->ifthd->core->db->fetch_row();
#=============================
# Compare Password
#=============================
if ( sha1( md5( $this->ifthd->input['password'] . $mem['pass_salt'] ) ) == $mem['password'] )
{
// Permission
if ( ! $mem['g_acp_access'] )
{
$this->ifthd->log( 'admin', "ACP Login Blocked Access '". $mem['name'] ."'", 2, $mem['id'] );
$this->ifthd->log( 'security', "ACP Login Blocked Access '". $mem['name'] ."'", 2, $mem['id'] );
$this->ifthd->skin->error( 'login_no_admin', 1 );
}
#=============================
# Create Session
#=============================
$new_session = md5( 's' . time() . $mem['id'] . uniqid( rand(), true ) );
$db_array = array(
's_id' => $new_session,
's_mid' => $mem['id'],
's_mname' => $mem['name'],
's_ipadd' => $this->ifthd->input['ip_address'],
's_location' => $this->ifthd->input['act'],
's_time' => time(),
);
if ( $this->ifthd->input['section'] == 'manage' && $this->ifthd->input['act'] == 'tickets' && $this->ifthd->input['code'] == 'view' )
{
$db_array['s_inticket'] = $this->ifthd->input['id'];
}
else
{
$db_array['s_inticket'] = 0;
}
$this->ifthd->core->db->construct( array(
'insert' => 'asessions',
'set' => $db_array,
) );
$this->ifthd->core->db->execute();
$this->ifthd->set_cookie( 'hdasid', $new_session, time() + ( $this->ifthd->core->cache['config']['acp_session_timeout'] * 60 * 60 ) );
$this->ifthd->log( 'admin', "ACP Successful Login '". $mem['name'] ."'", 1, $mem['id'] );
// Play It Safe
$mem['password'] = $mem['pass_salt'] = $mem['login_key'] = "";
$mem = array_merge( $mem, $db_array );
$this->member = $mem;
#=============================
# ACP Permissions
#=============================
if ( $this->member['id'] == 1 )
{
$this->member['acp'] = unserialize('a:76:{s:5:"admin";i:1;s:10:"admin_logs";i:1;s:16:"admin_logs_admin";i:1;s:17:"admin_logs_member";i:1;s:16:"admin_logs_email";i:1;s:16:"admin_logs_error";i:1;s:19:"admin_logs_security";i:1;s:17:"admin_logs_ticket";i:1;s:16:"admin_logs_prune";i:1;s:6:"manage";i:1;s:13:"manage_ticket";i:1;s:19:"manage_ticket_reply";i:1;s:25:"manage_ticket_assign_self";i:1;s:24:"manage_ticket_assign_any";i:1;s:18:"manage_ticket_hold";i:1;s:22:"manage_ticket_escalate";i:1;s:18:"manage_ticket_move";i:1;s:19:"manage_ticket_close";i:1;s:20:"manage_ticket_delete";i:1;s:20:"manage_ticket_reopen";i:1;s:13:"manage_canned";i:1;s:17:"manage_canned_add";i:1;s:18:"manage_canned_edit";i:1;s:20:"manage_canned_delete";i:1;s:13:"manage_depart";i:1;s:17:"manage_depart_add";i:1;s:18:"manage_depart_edit";i:1;s:20:"manage_depart_delete";i:1;s:21:"manage_depart_reorder";i:1;s:21:"manage_depart_cfields";i:1;s:15:"manage_announce";i:1;s:19:"manage_announce_add";i:1;s:20:"manage_announce_edit";i:1;s:22:"manage_announce_delete";i:1;s:13:"manage_member";i:1;s:17:"manage_member_add";i:1;s:18:"manage_member_edit";i:1;s:20:"manage_member_delete";i:1;s:21:"manage_member_approve";i:1;s:21:"manage_member_cfields";i:1;s:12:"manage_group";i:1;s:16:"manage_group_add";i:1;s:17:"manage_group_edit";i:1;s:19:"manage_group_delete";i:1;s:14:"manage_article";i:1;s:18:"manage_article_add";i:1;s:19:"manage_article_edit";i:1;s:21:"manage_article_delete";i:1;s:10:"manage_cat";i:1;s:14:"manage_cat_add";i:1;s:15:"manage_cat_edit";i:1;s:17:"manage_cat_delete";i:1;s:12:"manage_pages";i:1;s:16:"manage_pages_add";i:1;s:17:"manage_pages_edit";i:1;s:19:"manage_pages_delete";i:1;s:15:"manage_settings";i:1;s:22:"manage_settings_update";i:1;s:4:"look";i:1;s:9:"look_skin";i:1;s:16:"look_skin_manage";i:1;s:15:"look_skin_tools";i:1;s:16:"look_skin_import";i:1;s:16:"look_skin_export";i:1;s:9:"look_lang";i:1;s:16:"look_lang_manage";i:1;s:15:"look_lang_tools";i:1;s:16:"look_lang_import";i:1;s:16:"look_lang_export";i:1;s:5:"tools";i:1;s:11:"tools_maint";i:1;s:19:"tools_maint_recount";i:1;s:17:"tools_maint_clean";i:1;s:16:"tools_maint_optm";i:1;s:20:"tools_maint_syscheck";i:1;s:12:"tools_backup";i:1;}');
}
else
{
$this->member['acp'] = unserialize( $this->member['g_acp_perm'] );
}
#=============================
# Redirect
#=============================
/*if ( $this->ifthd->input['extra_l'] )
{
$this->ifthd->skin->redirect( '?'. str_replace( "&", "&", $this->ifthd->input['extra_l'] ), 'login_success' );
}
else
{
$this->ifthd->skin->redirect( '?act=admin', 'login_success' );
}*/
return $this->member;
}
else
{
$this->ifthd->log( 'admin', "ACP Failed Login Attempt '". $mem['name'] ."'", 2, $mem['id'] );
$this->ifthd->log( 'security', "ACP Failed Login Attempt '". $mem['name'] ."'", 2, $mem['id'] );
$this->ifthd->skin->error( 'login_no_pass', 1 );
}
}
#=======================================
# @ Do Logout
# Attempt to logout.
#=======================================
function do_logout()
{
#=============================
# Delete Cookie
#=============================
$this->ifthd->delete_cookie('hdasid');
#=============================
# Update Ticket
#=============================
if ( $this->member['s_inticket'] )
{
$this->ifthd->core->db->construct( array(
'update' => 'tickets',
'set' => array( 'status' => 1 ),
'where' => array( array( 'id', '=', $this->member['s_inticket'] ), array( 'status', '=', 2, 'and' ) ),
) );
$this->ifthd->core->db->next_shutdown();
$this->ifthd->core->db->execute();
}
#=============================
# Delete Session
#=============================
$this->ifthd->core->db->construct( array(
'delete' => 'asessions',
'where' => array( 's_id', '=', $this->member['s_id'] ),
'limit' => array( 1 ),
) );
$this->ifthd->core->db->execute();
#=============================
# Redirect
#=============================
$this->ifthd->skin->redirect( '?act=home', 'logout_success' );
}
#=======================================
# @ Kill Old Sessions
# Kills sessions older than the session
# timeout (defined in ACP).
#=======================================
function kill_old_sessions()
{
#=============================
# Grab Sessions
#=============================
$timeout = time() - ( $this->ifthd->core->cache['config']['acp_session_timeout'] * 60 * 60 );
$this->ifthd->core->db->construct( array(
'select' => array( 's_id', 's_inticket' ),
'from' => 'asessions',
'where' => array( 's_time' ,'<=', $timeout ),
) );
$this->ifthd->core->db->execute();
if ( $num_killed = $this->ifthd->core->db->get_num_rows() )
{
$sessions = array(); // Initialize For Security
$tickets = array(); // Initialize For Security
while ( $s = $this->ifthd->core->db->fetch_row() )
{
$sessions[] = $s['s_id'];
$tickets[] = $s['s_inticket'];
}
#=============================
# Update Tickets
#=============================
$this->ifthd->core->db->construct( array(
'update' => 'tickets',
'set' => array( 'status' => 1 ),
'where' => array( array( 'id', 'in', $tickets ), array( 'status', '=', 2, 'and' ) ),
) );
$this->ifthd->core->db->next_shutdown();
$this->ifthd->core->db->execute();
#=============================
# Delete Sessions
#=============================
$this->ifthd->core->db->construct( array(
'delete' => 'asessions',
'where' => array( 's_id' ,'in', $sessions ),
) );
$this->ifthd->core->db->next_shutdown();
$this->ifthd->core->db->execute();
}
return $num_killed;
}
#=======================================
# @ Kill Old Tokens
# Kills tokens older than 1 hour.
#=======================================
function kill_old_tokens()
{
if ( $this->ifthd->core->cache['config']['use_form_tokens'] )
{
$timeout = time() - ( 60 * 60 );
$this->ifthd->core->db->construct( array(
'delete' => 'tokens',
'where' => array( 'date', '<=', $timeout ),
) );
$this->ifthd->core->db->next_shutdown();
$this->ifthd->core->db->execute();
$num_killed = $this->ifthd->core->db->get_num_rows();
return $num_killed;
}
}
}
?>
-
01-20-2008 05:35 AM #4Master of Cheese
- Join Date
- Jun 2006
- Location
- Cambridge, UK
- Posts
- 72
Right what i am after is a sample LDAP Script to bind to a LDAP Server with a password. Check that the details are correct. After that it will get the user data using the username, if the user doesn't exist it would need to create it.
If this something you work on Jason what would it cost me to get you to code it for me!
Thanks
Jamie
-
01-21-2008 12:28 AM #5Community Leader
- Join Date
- Sep 2001
- Location
- Rochester, NY
- Posts
- 5,954
I got your PM the other day, but I've been too busy to find the code I have that does essentially what you want. I know exactly where it is on a machine that I can't get to boot right now. Its been quite a while since I used it in production, so I'll have to hunt around a bit to find it somewhere else. I'll see what I can find at work tomorrow.
--Jason
-
02-06-2008 11:59 AM #6JPC Senior Member
- Join Date
- Feb 2008
- Location
- Spotsy, Va.
- Posts
- 50
Just an Idea...
You take a look at some of the LDAP code in impresscms and xoops... Their is also the xhelp module which would run native with the cms and LDAP.
-
02-06-2008 12:11 PM #7Community Leader
- Join Date
- Sep 2001
- Location
- Rochester, NY
- Posts
- 5,954
Was the stuff I PMed you a while back helpful?
--Jason
-
04-01-2008 02:15 AM #8Master of Cheese
- Join Date
- Jun 2006
- Location
- Cambridge, UK
- Posts
- 72
Yes it was, but i'm still trying to work out how to fit it! I will work out how it needs to work then post and you may be able to help me understand
-
04-01-2008 08:57 AM #9Jag Veteran
- Join Date
- Sep 2001
- Location
- Albuquerque NM
- Posts
- 1,394
If its not too much trouble would it be possible for you to post the code example here Jason? I would love to be able to use active directory for authentication in one of my php scripts, until I saw this thread I didn't think it would be possible.
On edit. I did some more research on it:
http://us3.php.net/ldap
http://www.developer.com/lang/php/ar...0941_3100951_2
I'm sorry to hijack this thread but this is pretty interesting. Has anyone actually had success getting this to work with active directory? This might be a dumb question since I don't even know if you could join a linux box to a domain but would your PHP server have to be a member of the NT domain active directory is in for this to work? Or can outside computers actually query the domain controller given the right permissions?Last edited by Pawel Kowalski; 04-01-2008 at 09:24 AM.
Pawel Kowalski
Albuquerque Web Design
templatesXchange - Free Web Templates - Native American Jewelry
-
04-01-2008 09:22 AM #10Community Leader
- Join Date
- Sep 2001
- Location
- Rochester, NY
- Posts
- 5,954
Yeah. I'll have to dig it out again, but I can post it. Give me a little time, though.
My code was written for OpenLDAP and not AD. AD uses a slightly different connection string, but I think that other than that the code should work fine in either environment.
--Jason
-
04-01-2008 09:49 AM #11Community Leader
- Join Date
- Sep 2001
- Location
- Rochester, NY
- Posts
- 5,954
Ha ha...I just realized that the code I sent to jetdiscos is still in my outbox....
You'll need to modify a few things in the function:Code:<?php function ldapAuth($username, $password) { //set the following: //your ldap server's hostname $ldap_host = 'ldap.yourdomain.yourtld'; //your ldap server's distinguished name base $base_dn = 'ou=People,dc=yourdomain,dc=yourtld' //that should be all your need to edit unless your server uses something other than 'uid' //as the user identifier //append the username to the base DN to get the connection string $full_dn = 'uid=' . $username . ',' . $base_dn; //connect to the server $ldap_id = @ldap_connect("ldap.rit.edu"); //bind to the server (ie authenticate the user) $ldap_bind_id = @ldap_bind($ldap_id, $full_dn, $password); //do a search (since it is possible to search for anyone we need to repeat the username--seems redundant, but not) $ldap_result = @ldap_search($ldap_id, $full_dn, 'uid=' . $username); //get the entries (returns an multi-dimension array of all fields for all results) //there should only be one result with the query we did, though $ldap_entry = @ldap_get_entries($ldap_id, $ldap_sr); //close the connection @ldap_unbind($ldap_bind_id); if($ldap_bind_id && $password != "") { //this check is very important since some ldap servers allow anonymous binds //a bind may succeed without a password, but it won't succeed with an incorrect password //return all of the data retrieved return $ldap_entry; } return false; } //usage example if($auth = ldapAuth($_POST['username'], $_POST['password'])) { //if the authentication worked this will execute and $auth will contain the serach result echo('<pre>'); print_r($auth); echo('</pre>'); } else { //ldapAuth() returned false meaning authentication failed echo('Authentication error'); } ?>
1) set $ldap_host to the name of your server
2) set $base_dn to the base distinguished name for your server. As I said, the example is formatted for OpenLDAP. I believe the form ActiveDirectory expects for a DN is "user@domain.sld.tld" or some such, so I would probably use "@domain.sld.tld" here.
3) for AD you'll also need to change the format of $full_dn and I believe AD uses CN and not UID as the field for usernames, so you'll probably also need to change the parameters to LDAP search.
When you call the function it will return either an array containing all of the records returned by the serach or false if authentication failed.
One tools I have found especially useful when working with LDAP data has been the free Softerra LDAP Browser. It lets you connect and search through LDAP information using a handy tree-based interface so you can see exactly how data is stored.
Enjoy!
--Jason
-
04-01-2008 11:17 AM #12Jag Veteran
- Join Date
- Sep 2001
- Location
- Albuquerque NM
- Posts
- 1,394
Jason, if you are ever in Albuquerque I'll have to buy you a beer. Thanks for this, I'm going to play around with it and see what happens. I just downloaded LDAP browser and it seems to be communicating with active directory without any issues.
Pawel Kowalski
Albuquerque Web Design
templatesXchange - Free Web Templates - Native American Jewelry
-
04-01-2008 12:55 PM #13Community Leader
- Join Date
- Sep 2001
- Location
- Rochester, NY
- Posts
- 5,954
I'd love to take you up on th at offer some day. I went backpacking in northern New Mexico in high school and absolutely loved it. I'd love to go back.
--Jason
-
04-01-2008 01:40 PM #14Jag Veteran
- Join Date
- Sep 2001
- Location
- Albuquerque NM
- Posts
- 1,394
I love the mountains and mesas around here. Even in albuquerque, a desert city of almost a million people, you have some of the most beautiful mountain trails around. Not to mention the fact that the air is so clear here you can see for hundreds of miles out.
Pawel Kowalski
Albuquerque Web Design
templatesXchange - Free Web Templates - Native American Jewelry
-
04-02-2008 08:21 AM #15Community Leader
- Join Date
- Sep 2001
- Location
- Rochester, NY
- Posts
- 5,954
That's pretty much how I felt when I was there, too. I experienced what are, to this day, some of the best memories of my life while I was out there--like my first night out on the trail when I was walking through the woods and nearly stepped on a single, small cactus just growing among all of the trees or when we got into camp one afternoon, set up our tents, and found a small plateau from which we watched the lightning from the impending thunderstorm while it was way off on the horizon.
Although the temperatures were 90+ degrees every day we were out there it felt much nicer than even 80 degree temps do here because of the lack of humidity and it rained (or hailed) every afternoon for just long enough to cool things off. We planned it well, too--just about every day we were in camp and set up before the rain came, so when it did we'd nap for about an hour or so and then get up to start dinner.
OK...now you've gotten me off topic and dreaming about how much I want to see the southwest again. (As much as I like it there, though, I doubt I could ever bring myself to give up the harsh northeast winters that I've lived with my whole life--as crazy as that sounds!)
--Jason
Reply With Quote
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
Bookmarks