Move all the files in src directory
This commit is contained in:
@@ -0,0 +1,162 @@
|
||||
<?php
|
||||
/** DomFramework
|
||||
* @package domframework
|
||||
* @author Dominique Fournier <dominique@fournier38.fr>
|
||||
* @license BSD
|
||||
*/
|
||||
|
||||
namespace Domframework;
|
||||
|
||||
require_once ("domframework/auth.php");
|
||||
|
||||
/** User authentication against LDAP server */
|
||||
class authldap extends auth
|
||||
{
|
||||
/** LDAP server : can be ldaps://server.domain.tld if LDAPS */
|
||||
public $ldapserver="localhost";
|
||||
/** LDAP TCP Port (389 by default) */
|
||||
public $ldapport=389;
|
||||
/** LDAP Connection timeout (5s by default) */
|
||||
public $ldaptimeout=5;
|
||||
/** LDAP authentication to search user */
|
||||
public $ldapauth = "";
|
||||
/** LDAP authentication password */
|
||||
public $ldappwd = "";
|
||||
/** LDAP Search base */
|
||||
public $ldapbase = "";
|
||||
/** Filter used to search user */
|
||||
public $ldapfilter = "(mail=%s)";
|
||||
/** Field used to identify a user */
|
||||
public $ldapfield = "mail";
|
||||
/** Filter used to find the available data of an authenticated user */
|
||||
public $ldapfiltersearch = "(objectClass=inetOrgPerson)";
|
||||
|
||||
/** The opened LDAP connection identifier */
|
||||
private $ldapconn = NULL;
|
||||
/** The DN of the user when found */
|
||||
private $ldapdnuser = NULL;
|
||||
|
||||
/** Check the availability of LDAP functions in PHP */
|
||||
function __construct ()
|
||||
{
|
||||
if (!function_exists ("ldap_connect"))
|
||||
throw new \Exception ("LDAP support unavailable in PHP", 500);
|
||||
}
|
||||
|
||||
/** Establish a connection to a LDAP server
|
||||
$server can be "ldaps://ldap.domain:636"
|
||||
If $user is "", there is no authentication (anonymous mode) */
|
||||
public function connect ()
|
||||
{
|
||||
$this->ldapconn = ldap_connect ($this->ldapserver, $this->ldapport);
|
||||
if (!$this->ldapconn)
|
||||
throw new \Exception ("Can't contact LDAP server", 500);
|
||||
|
||||
ldap_set_option ($this->ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
ldap_set_option($this->ldapconn, LDAP_OPT_TIMELIMIT, $this->ldaptimeout);
|
||||
$ldapbind = @ldap_bind ($this->ldapconn, $this->ldapauth, $this->ldappwd);
|
||||
if (ldap_errno ($this->ldapconn) !== 0)
|
||||
throw new \Exception ("Authentication error in pre-auth LDAP", 500);
|
||||
}
|
||||
|
||||
/** Try to authenticate the email/password of the user
|
||||
@param string $email Email to authenticate
|
||||
@param string $password Password to authenticate */
|
||||
public function authentication ($email, $password)
|
||||
{
|
||||
$filter = sprintf ($this->ldapfilter, $email, $email, $email, $email);
|
||||
$search = ldap_search ($this->ldapconn, $this->ldapbase, $filter,
|
||||
array ($this->ldapfield));
|
||||
if ($search === FALSE)
|
||||
throw new \Exception ("Unable to search in LDAP", 500);
|
||||
$info = ldap_get_entries ($this->ldapconn, $search);
|
||||
if (!isset ($info["count"]) || $info["count"] !== 1 || !isset ($info[0]) ||
|
||||
!isset ($info[0]["dn"]))
|
||||
throw new \Exception ("Unable to find the user : '$email'", 401);
|
||||
$dn = $info[0]["dn"];
|
||||
$ldapbind2 = @ldap_bind ($this->ldapconn, $dn, $password);
|
||||
if ($ldapbind2 !== TRUE)
|
||||
throw new \Exception ("Bad password for '$email'", 401);
|
||||
$this->ldapdnuser = $dn;
|
||||
}
|
||||
|
||||
/** Return all the parameters recorded for the authenticate user */
|
||||
public function getdetails ()
|
||||
{
|
||||
if ($this->ldapdnuser === NULL)
|
||||
throw new \Exception ("No user authenticated !", 401);
|
||||
$search = ldap_search ($this->ldapconn, $this->ldapdnuser,
|
||||
$this->ldapfiltersearch);
|
||||
if ($search === FALSE)
|
||||
throw new \Exception ("Can not found the details for user", 401);
|
||||
$data = ldap_get_entries ($this->ldapconn, $search);
|
||||
$res = array ();
|
||||
if (isset ($data[0]))
|
||||
{
|
||||
$res = array ("lastname"=>$data[0]["sn"][0],
|
||||
"firstname"=>$data[0]["givenname"][0],
|
||||
"email"=>$data[0]["mail"][0]);
|
||||
}
|
||||
|
||||
return $res;
|
||||
}
|
||||
|
||||
/** Method to change the password
|
||||
@param string $oldpassword The old password (to check if the user have the
|
||||
rights to change the password)
|
||||
@param string $newpassword The new password to be recorded */
|
||||
public function changepassword ($oldpassword, $newpassword)
|
||||
{
|
||||
throw new \Exception (dgettext ("domframework",
|
||||
"The password can't be change for LDAP users"), 405);
|
||||
}
|
||||
|
||||
/** Method to overwrite the password (without oldpassword check)
|
||||
Must be reserved to the administrators. For the users, use changepassword
|
||||
method
|
||||
@param string $email the user identifier to select
|
||||
@param string $newpassword The new password to be recorded */
|
||||
public function overwritepassword ($email, $newpassword)
|
||||
{
|
||||
throw new exception (dgettext ("domframework",
|
||||
"The password can't be overwrite for LDAP users"),
|
||||
405);
|
||||
}
|
||||
|
||||
/** List all the users available in the database
|
||||
Return firstname, lastname, mail, with mail is an array */
|
||||
public function listusers ()
|
||||
{
|
||||
if ($this->ldapconn === NULL)
|
||||
throw new \Exception ("No established LDAP connection", 500);
|
||||
$search = ldap_search ($this->ldapconn, $this->ldapbase,
|
||||
$this->ldapfiltersearch,
|
||||
array ("mail", "sn", "givenname"));
|
||||
if ($search === FALSE)
|
||||
throw new \Exception ("Unable to search the users in LDAP", 500);
|
||||
$info = ldap_get_entries ($this->ldapconn, $search);
|
||||
$data = array ();
|
||||
foreach ($info as $key=>$vals)
|
||||
{
|
||||
if ($key === "count") continue;
|
||||
if (isset ($vals["sn"][0]) && isset ($vals["givenname"][0]) &&
|
||||
isset ($vals["mail"]))
|
||||
{
|
||||
$data[$key] = array ("lastname"=>$vals["sn"][0],
|
||||
"firstname"=>$vals["givenname"][0],
|
||||
"email"=>$vals["mail"][0]);
|
||||
}
|
||||
|
||||
unset ($data[$key]["mail"]["count"]);
|
||||
}
|
||||
|
||||
return $data;
|
||||
}
|
||||
|
||||
/** Close the LDAP connection when closing the object or PHP */
|
||||
function __destruct ()
|
||||
{
|
||||
if (isset ($this->ldapconn))
|
||||
ldap_close ($this->ldapconn);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user