|
Here below the transcription of my modified ldap_api.php:
<?php
/**
- LDAP API
-
- @package CoreAPI
- @subpackage LDAPAPI
- @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
- @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net
- @link http://www.mantisbt.org
-
- @uses config_api.php
- @uses constant_inc.php
- @uses logging_api.php
- @uses user_api.php
- @uses utility_api.php
*/
require_api( 'config_api.php' );
require_api( 'constant_inc.php' );
require_api( 'logging_api.php' );
require_api( 'user_api.php' );
require_api( 'utility_api.php' );
/**
- Logs the most recent LDAP error
- @param resource $p_ds LDAP resource identifier returned by ldap_connect.
- @return void
*/
function ldap_log_error( $p_ds ) {
log_event( LOG_LDAP, 'ERROR #' . ldap_errno( $p_ds ) . ': ' . ldap_error( $p_ds ) );
}
/**
- Connect and bind to the LDAP directory
- @param string $p_binddn DN to use for LDAP bind.
- @param string $p_password Password to use for LDAP bind.
-
@return resource|false
*/
function ldap_connect_bind( $p_binddn = '', $p_password = '' ) {
if( !extension_loaded( 'ldap' ) ) {
log_event( LOG_LDAP, 'Error: LDAP extension missing in php' );
trigger_error( ERROR_LDAP_EXTENSION_NOT_LOADED, ERROR );
}
$t_ldap_server = config_get( 'ldap_server' );
log_event( LOG_LDAP, 'Attempting connection to LDAP server/URI \'' . $t_ldap_server . '\'.' );
$t_ds = @ldap_connect( $t_ldap_server );
if( $t_ds !== false && $t_ds > 0 ) {
log_event( LOG_LDAP, 'Connection accepted by LDAP server' );
$t_network_timeout = config_get( 'ldap_network_timeout' );
if( $t_network_timeout > 0 ) {
log_event( LOG_LDAP, "Setting LDAP network timeout to " . $t_network_timeout );
$t_result = @ldap_set_option( $t_ds, LDAP_OPT_NETWORK_TIMEOUT, $t_network_timeout );
if( !$t_result ) {
ldap_log_error( $t_ds );
}
}
$t_protocol_version = config_get( 'ldap_protocol_version' );
if( $t_protocol_version > 0 ) {
log_event( LOG_LDAP, 'Setting LDAP protocol version to ' . $t_protocol_version );
$t_result = @ldap_set_option( $t_ds, LDAP_OPT_PROTOCOL_VERSION, $t_protocol_version );
if( !$t_result ) {
ldap_log_error( $t_ds );
}
}
// Set referrals flag.
$t_follow_referrals = ON == config_get( 'ldap_follow_referrals' );
$t_result = @ldap_set_option( $t_ds, LDAP_OPT_REFERRALS, $t_follow_referrals );
if( !$t_result ) {
ldap_log_error( $t_ds );
}
// If no Bind DN and Password is set, attempt to login as the configured
// Bind DN.
if( is_blank( $p_binddn ) && is_blank( $p_password ) ) {
$p_binddn = config_get( 'ldap_bind_dn', '' );
$p_password = config_get( 'ldap_bind_passwd', '' );
}
if( !is_blank( $p_binddn ) && !is_blank( $p_password ) ) {
log_event( LOG_LDAP, 'Attempting bind to ldap server with username and password' );
$t_br = @ldap_bind( $t_ds, $p_binddn, $p_password );
} else {
// Either the Bind DN or the Password are empty, so attempt an anonymous bind.
log_event( LOG_LDAP, 'Attempting anonymous bind to ldap server' );
$t_br = @ldap_bind( $t_ds );
}
if( !$t_br ) {
ldap_log_error( $t_ds );
log_event( LOG_LDAP, 'Bind to ldap server failed' );
trigger_error( ERROR_LDAP_SERVER_CONNECT_FAILED, ERROR );
} else {
log_event( LOG_LDAP, 'Bind to ldap server successful' );
}
} else {
log_event( LOG_LDAP, 'Connection to ldap server failed' );
trigger_error( ERROR_LDAP_SERVER_CONNECT_FAILED, ERROR );
}
return $t_ds;
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// MODIFICA STS 2020.01.28
// TEST MULTI LDAP Binding
function ldap_connect_bind_2( $p_binddn_2 = '', $p_password_2 = '' ) {
if( !extension_loaded( 'ldap' ) ) {
log_event( LOG_LDAP, 'Error: LDAP extension missing in php' );
trigger_error( ERROR_LDAP_EXTENSION_NOT_LOADED, ERROR );
}
$t_ldap_server_2 = config_get( 'ldap_server_2' );
log_event( LOG_LDAP, 'Attempting connection to LDAP server/URI \'' . $t_ldap_server_2 . '\'.' );
$t_ds_2 = @ldap_connect( $t_ldap_server_2 );
if( $t_ds_2 !== false && $t_ds_2 > 0 ) {
log_event( LOG_LDAP, 'Connection accepted by LDAP server' );
$t_network_timeout_2 = config_get( 'ldap_network_timeout_2' );
if( $t_network_timeout_2 > 0 ) {
log_event( LOG_LDAP, "Setting LDAP network timeout to " . $t_network_timeout_2 );
$t_result_2 = @ldap_set_option( $t_ds_2, LDAP_OPT_NETWORK_TIMEOUT, $t_network_timeout_2 );
if( !$t_result_2 ) {
ldap_log_error( $t_ds_2 );
}
}
$t_protocol_version_2 = config_get( 'ldap_protocol_version_2' );
if( $t_protocol_version_2 > 0 ) {
log_event( LOG_LDAP, 'Setting LDAP protocol version to ' . $t_protocol_version_2 );
$t_result_2 = @ldap_set_option( $t_ds_2, LDAP_OPT_PROTOCOL_VERSION, $t_protocol_version_2 );
if( !$t_result_2 ) {
ldap_log_error( $t_ds_2 );
}
}
///Set referrals flag.
$t_follow_referrals_2 = ON == config_get( 'ldap_follow_referrals_2' );
$t_result_2 = @ldap_set_option( $t_ds_2, LDAP_OPT_REFERRALS, $t_follow_referrals_2 );
if( !$t_result_2 ) {
ldap_log_error( $t_ds_2 );
}
// If no Bind DN and Password is set, attempt to login as the configured
// Bind DN.
if( is_blank( $p_binddn_2 ) && is_blank( $p_password_2 ) ) {
$p_binddn_2 = config_get( 'ldap_bind_dn_2', '' );
$p_password_2 = config_get( 'ldap_bind_passwd_2', '' );
}
if( !is_blank( $p_binddn_2 ) && !is_blank( $p_password_2 ) ) {
log_event( LOG_LDAP, 'Attempting bind to ldap server with username and password' );
$t_br_2 = @ldap_bind( $t_ds_2, $p_binddn_2, $p_password_2 );
} else {
// Either the Bind DN or the Password are empty, so attempt an anonymous bind.
log_event( LOG_LDAP, 'Attempting anonymous bind to ldap server' );
$t_br_2 = @ldap_bind( $t_ds_2 );
}
if( !$t_br_2 ) {
ldap_log_error( $t_ds_2 );
log_event( LOG_LDAP, 'Bind to ldap server failed' );
trigger_error( ERROR_LDAP_SERVER_CONNECT_FAILED, ERROR );
} else {
log_event( LOG_LDAP, 'Bind to ldap server successful' );
}
} else {
log_event( LOG_LDAP, 'Connection to ldap server failed' );
trigger_error( ERROR_LDAP_SERVER_CONNECT_FAILED, ERROR );
}
return $t_ds_2;
}
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
$g_cache_ldap_email = array();
/////////////////////////////////////
$g_cache_ldap_email_2 = array();
/**
- returns an email address from LDAP, given a userid
- @param integer $p_user_id A valid user identifier.
-
@return string
*/
function ldap_email( $p_user_id ) {
global $g_cache_ldap_email;
if( isset( $g_cache_ldap_email[(int)$p_user_id] ) ) {
return $g_cache_ldap_email[(int)$p_user_id];
}
$t_username = user_get_username( $p_user_id );
$t_email = ldap_email_from_username( $t_username );
$g_cache_ldap_email[(int)$p_user_id] = $t_email;
return $t_email;
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
function ldap_email_2( $p_user_id_2 ) {
global $g_cache_ldap_email_2;
if( isset( $g_cache_ldap_email_2[(int)$p_user_id_2] ) ) {
return $g_cache_ldap_email_2[(int)$p_user_id_2];
}
$t_username_2 = user_get_username( $p_user_id_2 );
$t_email_2 = ldap_email_from_username_2( $t_username_2 );
$g_cache_ldap_email_2[(int)$p_user_id_2] = $t_email_2;
return $t_email_2;
}
/**
- Return an email address from LDAP, given a username
- @param string $p_username The username of a user to lookup.
-
@return string
*/
function ldap_email_from_username( $p_username ) {
if( ldap_simulation_is_enabled() ) {
return ldap_simulation_email_from_username( $p_username );
}
$t_email = ldap_get_field_from_username( $p_username, 'mail' );
if( $t_email === null ) {
return '';
}
return $t_email;
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
function ldap_email_from_username_2( $p_username_2 ) {
if( ldap_simulation_is_enabled_2() ) {
return ldap_simulation_email_from_username_2( $p_username_2 );
}
$t_email_2 = ldap_get_field_from_username_2( $p_username_2, 'mail' );
if( $t_email_2 === null ) {
return '';
}
return $t_email_2;
}
/**
- Gets a user's real name (common name) given the id.
-
- @param integer $p_user_id The user id.
- @return string real name.
*/
function ldap_realname( $p_user_id ) {
$t_username = user_get_username( $p_user_id );
return ldap_realname_from_username( $t_username );
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
function ldap_realname_2( $p_user_id_2 ) {
$t_username_2 = user_get_username( $p_user_id_2 );
return ldap_realname_from_username( $t_username_2 );
}
/**
- Gets a user real name given their user name.
-
- @param string $p_username The user's name.
-
@return string The user's real name.
*/
function ldap_realname_from_username( $p_username ) {
if( ldap_simulation_is_enabled() ) {
return ldap_simulatiom_realname_from_username( $p_username );
}
$t_ldap_realname_field = config_get( 'ldap_realname_field' );
$t_realname = ldap_get_field_from_username( $p_username, $t_ldap_realname_field );
if( $t_realname === null ) {
return '';
}
return $t_realname;
}
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
function ldap_realname_from_username_2( $p_username_2 ) {
if( ldap_simulation_is_enabled_2() ) {
return ldap_simulatiom_realname_from_username_2( $p_username_2 );
}
$t_ldap_realname_field_2 = config_get( 'ldap_realname_field' );
$t_realname_2 = ldap_get_field_from_username( $p_username_2, $t_ldap_realname_field_2 );
if( $t_realname_2 === null ) {
return '';
}
return $t_realname_2;
}
/**
- Escapes the LDAP string to disallow injection.
-
- @param string $p_string The string to escape.
-
@return string The escaped string.
/
function ldap_escape_string( $p_string ) {
$t_find = array( '\', '', '(', ')', '/', "\x00" );
$t_replace = array( '\5c', '\2a', '\28', '\29', '\2f', '\00' );
$t_string = str_replace( $t_find, $t_replace, $p_string );
return $t_string;
}
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
function ldap_escape_string_2( $p_string_2 ) {
$t_find_2 = array( '\', '*', '(', ')', '/', "\x00" );
$t_replace_2 = array( '\5c', '\2a', '\28', '\29', '\2f', '\00' );
$t_string_2 = str_replace( $t_find_2, $t_replace_2, $p_string_2 );
return $t_string_2;
}
/**
- Gets the value of a specific field from LDAP given the user name
- and LDAP field name.
-
- @todo Implement caching by retrieving all needed information in one query.
- @todo Implement logging to LDAP queries same way like DB queries.
-
- @param string $p_username The user name.
- @param string $p_field The LDAP field name.
-
@return string The field value or null if not found.
*/
function ldap_get_field_from_username( $p_username, $p_field ) {
$t_ldap_organization = config_get( 'ldap_organization' );
$t_ldap_root_dn = config_get( 'ldap_root_dn' );
$t_ldap_uid_field = config_get( 'ldap_uid_field' );
$c_username = ldap_escape_string( $p_username );
log_event( LOG_LDAP, 'Retrieving field \'' . $p_field . '\' for \'' . $p_username . '\'' );
// Bind
log_event( LOG_LDAP, 'Binding to LDAP server' );
$t_ds = @ldap_connect_bind();
if( $t_ds === false ) {
ldap_log_error( $t_ds );
return null;
}
// Search
$t_search_filter = '(&' . $t_ldap_organization . '(' . $t_ldap_uid_field . '=' . $c_username . '))';
$t_search_attrs = array( $t_ldap_uid_field, $p_field, 'dn' );
log_event( LOG_LDAP, 'Searching for ' . $t_search_filter );
$t_sr = @ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
if( $t_sr === false ) {
ldap_log_error( $t_ds );
ldap_unbind( $t_ds );
log_event( LOG_LDAP, 'ldap search failed' );
return null;
}
// Get results
$t_info = ldap_get_entries( $t_ds, $t_sr );
if( $t_info === false ) {
ldap_log_error( $t_ds );
log_event( LOG_LDAP, 'ldap_get_entries() returned false.' );
return null;
}
// Free results / unbind
log_event( LOG_LDAP, 'Unbinding from LDAP server' );
ldap_free_result( $t_sr );
ldap_unbind( $t_ds );
// If no matches, return null.
if( $t_info['count'] == 0 ) {
log_event( LOG_LDAP, 'No matches found.' );
return null;
}
// Make sure the requested field exists
$t_field_lowercase = strtolower( $p_field );
if( is_array( $t_info[0] ) && array_key_exists( $t_field_lowercase, $t_info[0] ) ) {
$t_value = $t_info[0][$t_field_lowercase][0];
log_event( LOG_LDAP, 'Found value \'' . $t_value . '\' for field \'' . $p_field . '\'.' );
} else {
log_event( LOG_LDAP, 'WARNING: field \'' . $p_field . '\' does not exist' );
return null;
}
return $t_value;
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
function ldap_get_field_from_username_2( $p_username_2, $p_field_2 ) {
$t_ldap_organization_2 = config_get( 'ldap_organization_2' );
$t_ldap_root_dn_2 = config_get( 'ldap_root_dn_2' );
$t_ldap_uid_field_2 = config_get( 'ldap_uid_field_2' );
$c_username_2 = ldap_escape_string( $p_username_2 );
log_event( LOG_LDAP, 'Retrieving field \'' . $p_field_2 . '\' for \'' . $p_username_2 . '\'' );
// Bind
log_event( LOG_LDAP, 'Binding to LDAP server' );
$t_ds_2 = @ldap_connect_bind();
if( $t_ds_2 === false ) {
ldap_log_error( $t_ds_2 );
return null;
}
// Search
$t_search_filter_2 = '(&' . $t_ldap_organization_2 . '(' . $t_ldap_uid_field_2 . '=' . $c_username_2 . '))';
$t_search_attrs_2 = array( $t_ldap_uid_field_2, $p_field_2, 'dn' );
log_event( LOG_LDAP, 'Searching for ' . $t_search_filter_2 );
$t_sr_2 = @ldap_search( $t_ds_2, $t_ldap_root_dn_2, $t_search_filter_2, $t_search_attrs_2 );
if( $t_sr_2 === false ) {
ldap_log_error( $t_ds_2 );
ldap_unbind( $t_ds_2 );
log_event( LOG_LDAP, 'ldap search failed' );
return null;
}
// Get results
$t_info_2 = ldap_get_entries( $t_ds_2, $t_sr_2 );
if( $t_info_2 === false ) {
ldap_log_error( $t_ds_2 );
log_event( LOG_LDAP, 'ldap_get_entries() returned false.' );
return null;
}
// Free results / unbind
log_event( LOG_LDAP, 'Unbinding from LDAP server' );
ldap_free_result( $t_sr_2 );
ldap_unbind( $t_ds_2 );
// If no matches, return null.
if( $t_info_2['count'] == 0 ) {
log_event( LOG_LDAP, 'No matches found.' );
return null;
}
// Make sure the requested field exists
$t_field_lowercase_2 = strtolower( $p_field_2 );
if( is_array( $t_info_2[0] ) && array_key_exists( $t_field_lowercase_2, $t_info_2[0] ) ) {
$t_value_2 = $t_info_2[0][$t_field_lowercase_2][0];
log_event( LOG_LDAP, 'Found value \'' . $t_value_2 . '\' for field \'' . $p_field_2 . '\'.' );
} else {
log_event( LOG_LDAP, 'WARNING: field \'' . $p_field_2 . '\' does not exist' );
return null;
}
return $t_value_2;
}
/**
- Attempt to authenticate the user against the LDAP directory
- return true on successful authentication, false otherwise
- @param integer $p_user_id A valid user identifier.
- @param string $p_password A password to test against the user user.
-
@return boolean
*/
function ldap_authenticate( $p_user_id, $p_password ) {
// if password is empty and ldap allows anonymous login, then
// the user will be able to login, hence, we need to check
// for this special case.
if( is_blank( $p_password ) ) {
return false;
}
$t_username = user_get_username( $p_user_id );
return ldap_authenticate_by_username( $t_username, $p_password );
}
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
function ldap_authenticate_2( $p_user_id_2, $p_password_2 ) {
// if password is empty and ldap allows anonymous login, then
// the user will be able to login, hence, we need to check
// for this special case.
if( is_blank( $p_password_2 ) ) {
return false;
}
$t_username_2 = user_get_username( $p_user_id_2 );
return ldap_authenticate_by_username_2( $t_username_2, $p_password_2 );
}
/**
- Authenticates an user via LDAP given the username and password.
-
- @param string $p_username The user name.
- @param string $p_password The password.
-
@return true: authenticated, false: failed to authenticate.
*/
function ldap_authenticate_by_username( $p_username, $p_password ) {
goto chance2;
if( ldap_simulation_is_enabled() ) {
log_event( LOG_LDAP, 'Authenticating via LDAP simulation' );
$t_authenticated = ldap_simulation_authenticate_by_username( $p_username, $p_password );
} else {
$c_username = ldap_escape_string( $p_username );
$t_ldap_organization = config_get( 'ldap_organization' );
$t_ldap_root_dn = config_get( 'ldap_root_dn' );
$t_ldap_uid_field = config_get( 'ldap_uid_field', 'uid' );
$t_search_filter = '(&' . $t_ldap_organization . '(' . $t_ldap_uid_field . '=' . $c_username . '))';
$t_search_attrs = array(
$t_ldap_uid_field,
'dn',
);
// Bind
log_event( LOG_LDAP, 'Binding to LDAP server' );
$t_ds = ldap_connect_bind();
if( $t_ds === false ) {
ldap_log_error( $t_ds );
trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR );
}
// Search for the user id
log_event( LOG_LDAP, 'Searching for ' . $t_search_filter );
$t_sr = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
if( $t_sr === false ) {
ldap_log_error( $t_ds );
ldap_unbind( $t_ds );
log_event( LOG_LDAP, 'ldap search failed' );
trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR );
log_event( LOG_LDAP, 'Riga 565' );
}
$t_info = @ldap_get_entries( $t_ds, $t_sr );
if( $t_info === false ) {
ldap_log_error( $t_ds );
ldap_free_result( $t_sr );
ldap_unbind( $t_ds );
trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR );
}
$t_authenticated = false;
if( $t_info['count'] > 0 ) {
// Try to authenticate to each until we get a match
for( $i = 0; $i < $t_info['count']; $i++ ) {
$t_dn = $t_info[$i]['dn'];
log_event( LOG_LDAP, 'Checking ' . $t_info[$i]['dn'] );
// Attempt to bind with the DN and password
if( @ldap_bind( $t_ds, $t_dn, $p_password ) ) {
$t_authenticated = true;
break;
}
}
} else {
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//2020.01.28
log_event( LOG_LDAP, 'Authentication failed' );
} //close else row 589
chance2:
function ldap_authenticate_by_username_2( $p_username_2, $p_password_2 ) {
if( ldap_simulation_is_enabled_2() ) {
log_event( LOG_LDAP, 'Authenticating via LDAP simulation' );
$t_authenticated_2 = ldap_simulation_authenticate_by_username_2( $p_username_2, $p_password_2 );
} else {
$c_username_2 = ldap_escape_string_2( $p_username_2 );
$t_ldap_organization_2 = config_get( 'ldap_organization_2' );
$t_ldap_root_dn_2 = config_get( 'ldap_root_dn_2' );
$t_ldap_uid_field_2 = config_get( 'ldap_uid_field_2', 'uid' ); // check uid if works
$t_search_filter_2 = '(&' . $t_ldap_organization_2 . '(' . $t_ldap_uid_field_2 . '=' . $c_username_2 . '))';
$t_search_attrs_2 = array(
$t_ldap_uid_field_2,
'dn',
);
// Bind
log_event( LOG_LDAP, 'Binding to LDAP server' );
$t_ds_2 = ldap_connect_bind_2();
if( $t_ds_2 === false ) {
ldap_log_error( $t_ds_2 );
trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR );
}
// Search for the user id
log_event( LOG_LDAP, 'Searching for ' . $t_search_filter_2 );
$t_sr_2 = ldap_search( $t_ds_2, $t_ldap_root_dn_2, $t_search_filter_2, $t_search_attrs_2 );
if( $t_sr_2 === false ) {
ldap_log_error( $t_ds_2 );
ldap_unbind( $t_ds_2 );
log_event( LOG_LDAP, 'ldap search failed' );
trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR );
}
$t_info_2 = @ldap_get_entries( $t_ds_2, $t_sr_2 );
if( $t_info_2 === false ) {
ldap_log_error( $t_ds_2 );
ldap_free_result( $t_sr_2 );
ldap_unbind( $t_ds_2 );
trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR );
}
$t_authenticated_2 = false;
if( $t_info_2['count'] > 0 ) {
// Try to authenticate to each until we get a match
for( $i = 0; $i < $t_info_2['count']; $i++ ) {
$t_dn_2 = $t_info_2[$i]['dn'];
log_event( LOG_LDAP, 'Checking ' . $t_info_2[$i]['dn'] );
// Attempt to bind with the DN and password
if( @ldap_bind( $t_ds_2, $t_dn_2, $p_password_2 ) ) {
$t_authenticated_2 = true;
break;
}
}
} else {
log_event( LOG_LDAP, 'Authentication failed' );
}
}
return $t_authenticated_2;
}
}//close function row 532
return $t_authenticated;
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/**
- Checks if the LDAP simulation mode is enabled.
-
- @return boolean true if enabled, false otherwise.
*/
function ldap_simulation_is_enabled() {
$t_filename = config_get_global( 'ldap_simulation_file_path' );
return !is_blank( $t_filename );
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////
function ldap_simulation_is_enabled_2() {
$t_filename_2 = config_get_global( 'ldap_simulation_file_path_2' );
return !is_blank( $t_filename_2 );
}
/**
- Gets a user from LDAP simulation mode given the username.
-
- @param string $p_username The user name.
-
@return array|null An associate array with user information or null if not found.
*/
function ldap_simulation_get_user( $p_username ) {
$t_filename = config_get_global( 'ldap_simulation_file_path' );
$t_lines = file( $t_filename );
if( $t_lines === false ) {
log_event( LOG_LDAP, 'ldap_simulation_get_user: could not read simulation data from ' . $t_filename );
trigger_error( ERROR_LDAP_SERVER_CONNECT_FAILED, ERROR );
}
foreach ( $t_lines as $t_line ) {
$t_line = trim( $t_line, " \t\r\n" );
$t_row = explode( ',', $t_line );
if( $t_row[0] != $p_username ) {
continue;
}
$t_user = array();
$t_user['username'] = $t_row[0];
$t_user['realname'] = $t_row[1];
$t_user['email'] = $t_row[2];
$t_user['password'] = $t_row[3];
return $t_user;
}
log_event( LOG_LDAP, 'ldap_simulation_get_user: user \'' . $p_username . '\' not found.' );
return null;
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
function ldap_simulation_get_user_2( $p_username_2 ) {
$t_filename_2 = config_get_global( 'ldap_simulation_file_path_2' );
$t_lines_2 = file( $t_filename_2 );
if( $t_lines_2 === false ) {
log_event( LOG_LDAP, 'ldap_simulation_get_user: could not read simulation data from ' . $t_filename_2 );
trigger_error( ERROR_LDAP_SERVER_CONNECT_FAILED, ERROR );
}
foreach ( $t_lines_2 as $t_line_2 ) {
$t_line_2 = trim( $t_line_2, " \t\r\n" );
$t_row_2 = explode( ',', $t_line_2 );
if( $t_row_2[0] != $p_username_2 ) {
continue;
}
$t_user_2 = array();
$t_user_2['username'] = $t_row_2[0];
$t_user_2['realname'] = $t_row_2[1];
$t_user_2['email'] = $t_row_2[2];
$t_user_2['password'] = $t_row_2[3];
return $t_user_2;
}
log_event( LOG_LDAP, 'ldap_simulation_get_user: user \'' . $p_username_2 . '\' not found.' );
return null;
}
/**
- Given a username, gets the email address or empty address if user is not found.
-
- @param string $p_username The user name.
-
@return string The email address or blank if user is not found.
*/
function ldap_simulation_email_from_username( $p_username ) {
$t_user = ldap_simulation_get_user( $p_username );
if( $t_user === null ) {
log_event( LOG_LDAP, 'ldap_simulation_email_from_username: user \'' . $p_username . '\' not found.' );
return '';
}
log_event( LOG_LDAP, 'ldap_simulation_email_from_username: user \'' . $p_username . '\' has email \'' . $t_user['email'] .'\'.' );
return $t_user['email'];
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
function ldap_simulation_email_from_username_2( $p_username_2 ) {
$t_user_2 = ldap_simulation_get_user_2( $p_username_2 );
if( $t_user_2 === null ) {
log_event( LOG_LDAP, 'ldap_simulation_email_from_username: user \'' . $p_username_2 . '\' not found.' );
return '';
}
log_event( LOG_LDAP, 'ldap_simulation_email_from_username: user \'' . $p_username_2 . '\' has email \'' . $t_user_2['email'] .'\'.' );
return $t_user_2['email'];
}
/**
- Given a username, this methods gets the realname or empty string if not found.
-
- @param string $p_username The username.
-
@return string The real name or an empty string if not found.
*/
function ldap_simulatiom_realname_from_username( $p_username ) {
$t_user = ldap_simulation_get_user( $p_username );
if( $t_user === null ) {
log_event( LOG_LDAP, 'ldap_simulatiom_realname_from_username: user \'' . $p_username . '\' not found.' );
return '';
}
log_event( LOG_LDAP, 'ldap_simulatiom_realname_from_username: user \'' . $p_username . '\' has email \'' . $t_user['realname'] . '\'.' );
return $t_user['realname'];
}
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
function ldap_simulatiom_realname_from_username_2( $p_username_2 ) {
$t_user_2 = ldap_simulation_get_user_2( $p_username_2 );
if( $t_user_2 === null ) {
log_event( LOG_LDAP, 'ldap_simulatiom_realname_from_username: user \'' . $p_username_2 . '\' not found.' );
return '';
}
log_event( LOG_LDAP, 'ldap_simulatiom_realname_from_username: user \'' . $p_username_2 . '\' has email \'' . $t_user_2['realname'] . '\'.' );
return $t_user_2['realname'];
}
/**
- Authenticates the specified user id / password based on the simulation data.
-
- @param string $p_username The username.
- @param string $p_password The password.
-
@return boolean true for authenticated, false otherwise.
*/
function ldap_simulation_authenticate_by_username( $p_username, $p_password ) {
$c_username = ldap_escape_string( $p_username );
$t_user = ldap_simulation_get_user( $c_username );
if( $t_user === null ) {
log_event( LOG_LDAP, 'ldap_simulation_authenticate: user \'' . $p_username . '\' not found.' );
return false;
}
if( $t_user['password'] != $p_password ) {
log_event( LOG_LDAP, 'ldap_simulation_authenticate: expected password \'' . $t_user['password'] . '\' and got \'' . $p_password . '\'.' );
return false;
}
log_event( LOG_LDAP, 'ldap_simulation_authenticate: authentication successful for user \'' . $p_username . '\'.' );
return true;
}
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
function ldap_simulation_authenticate_by_username_2( $p_username_2, $p_password_2 ) {
$c_username_2 = ldap_escape_string_2( $p_username_2 );
$t_user_2 = ldap_simulation_get_user_2( $c_username_2 );
if( $t_user_2 === null ) {
log_event( LOG_LDAP, 'ldap_simulation_authenticate: user \'' . $p_username_2 . '\' not found.' );
return false;
}
if( $t_user_2['password'] != $p_password_2 ) {
log_event( LOG_LDAP, 'ldap_simulation_authenticate: expected password \'' . $t_user_2['password'] . '\' and got \'' . $p_password_2 . '\'.' );
return false;
}
log_event( LOG_LDAP, 'ldap_simulation_authenticate: authentication successful for user \'' . $p_username_2 . '\'.' );
return true;
}
|