API tools faq
paste
Advertisement
sharepoint2020

PHPMotion LDAP Instructions

sharepoint2020
Aug 16th, 2014
405
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.42 KB | None | 0 0
raw download clone embed print report
  1. * This script has been adapted from Thommy's original login.php and updated by Langnao (Shawn).
  2. Many thanks to guys at Coding Haven
  3.  
  4. First Step:
  5. To test if your server can authenticate with your AD successfully, enter the following (everything within ++++) as a file eg: 'test.php' at the server you installed phpmotion.
  6.  
  7. $user_name_login is your AD userid
  8.  
  9. $password_login is the password of the AD userid
  10.  
  11. $domain is your domain, in this case I put a dummy test.com
  12. $ldaphost is the FQDN of your Active Directory Domain controller. Example, dc1.test.com
  13.  
  14. Then run the script,
  15.  
  16. /usr/local/apache/php/bin/php -f test.php
  17. (assuming myphp is found under /usr/local/apache/php/bin)
  18.  
  19. or type in http://phpmotionserverurl/test.php
  20.  
  21. If everything is correctly configured, you will see 'Successful authenticated.
  22.  
  23.  
  24. ++++++++++++++++++++++++++++++++++++++++++
  25.  
  26. <?php
  27.  
  28. $user_name_login = "xxx";
  29. $password_login = "xxx1234";
  30.  
  31. $ldapport = "389";
  32.  
  33.  
  34. $ldaphost = "dc1.test.com";
  35. $domain = "test.com";
  36.  
  37.  
  38.  
  39. $ldapconn = ldap_connect('ldap://'.$ldaphost, $ldapport);
  40.  
  41.  
  42. if ($ldapconn) {
  43. if (ldap_bind($ldapconn, $user_name_login."@".$domain, $password_login))
  44. echo "Successful authenticated!!!";
  45. else
  46. echo "Unable to bind to LDAP";
  47. }
  48. else
  49. echo "Unable to Connect to LDAP";
  50.  
  51. ?>
  52.  
  53. +++++++++++++++++++++++++++++++++++++++++++
  54.  
  55. If Successful, read on, if not, your server isn't configured for LDAP.
  56.  
  57. Step 2:
  58.  
  59. Copy the code below in between the ====== and save it to a file called login.php
  60.  
  61.  
  62. ===========================================
  63.  
  64. <?php
  65. error_reporting (0);
  66. ///////////////////////////////////////////////////////////////////////////////////////
  67. // PHPmotion http://www.phpmotion.com //
  68. ///////////////////////////////////////////////////////////////////////////////////////
  69. // License: You are not to sell or distribute this software without permission //
  70. // Help and support please visit http://www.phpmotion.com //
  71. // Copyright reserved //
  72. ///////////////////////////////////////////////////////////////////////////////////////
  73. //
  74. //
  75. // Modified : shawn 09082011
  76. //
  77. // The original code is not functioning. Rewrite the AD ldap authentication portion.
  78. //
  79. // Modified : shawn 17092011
  80. //
  81. // Added failover check between ADs
  82. //
  83. //
  84.  
  85.  
  86. include_once ('classes/config.php');
  87. include_once ('classes/sessions.php');
  88.  
  89. if ( $_POST['submitted'] != 'yes' ) {
  90.  
  91. $show_signup = 0;
  92. $show_login = 1;
  93.  
  94. if ( !isset($form_submitted) || ($form_submitted == "") ) {
  95. $template = "themes/$user_theme/templates/main_1.htm";
  96. $inner_template1 = "themes/$user_theme/templates/inner_signup_form.htm";
  97.  
  98. $TBS = new clsTinyButStrong;
  99. $TBS->NoErr = true;
  100. $TBS->LoadTemplate("$template");
  101. $TBS->Render = TBS_OUTPUT;
  102. $TBS->Show();
  103.  
  104. @mysql_close();
  105. die();
  106. }
  107. }
  108.  
  109. if ( $_POST['submitted'] == 'yes' && !isset($_POST['user_name_login']) || ($_POST['user_name_login'] == '') || !isset($_POST['password_login']) || ($_POST['password_login'] == '')) {
  110.  
  111. //display form with error message
  112. $error_message = $config['incorrect_logins'];
  113. $message_type = $lang_error;
  114. $blk_notification = 1;
  115. $show_signup = 0;
  116. $show_login = 1;
  117.  
  118.  
  119. $template = "themes/$user_theme/templates/main_1.htm";
  120. $inner_template1 = "themes/$user_theme/templates/inner_signup_form.htm";
  121.  
  122. $TBS = new clsTinyButStrong;
  123. $TBS->NoErr = true;
  124. $TBS->LoadTemplate("$template");
  125. $TBS->Render = TBS_OUTPUT;
  126. $TBS->Show();
  127.  
  128. @mysql_close();
  129. die();
  130. }
  131.  
  132. //////////////////////////////////////////////////
  133. /// LDAP Authentication
  134. //////////////////////////////////////////////////
  135.  
  136. $user_name_login = mysql_real_escape_string($_POST["user_name_login"]);
  137. $password_login = mysql_real_escape_string($_POST["password_login"]);
  138.  
  139. // Variables declaration
  140. $ldapport = "389";
  141.  
  142. // LDAP hosts
  143. $ldaphost = "10.1.1.2";
  144. $ldaphost2 = "10.1.1.3";
  145.  
  146. $domain = "domain.com.au";
  147.  
  148.  
  149.  
  150. // Check for empty password. Empty password will return successful bind in AD.
  151. if (empty($password_login))
  152. {
  153. $auth = false;
  154. }
  155. else
  156. {
  157.  
  158. // Cannot use ldap_connect to test connection as using with OpenLdap 2.x, it will
  159. // always return a resource.
  160. // Use fsocketopen to test socket connection, timeout 3 seconds.
  161. $fp = fsockopen ( $ldaphost, $ldapport, $errno, $errstr, 3);
  162.  
  163. if ($fp) {
  164. // Close the socket
  165. fclose($fp);
  166.  
  167. // Connect to AD
  168. $ldapconn = ldap_connect('ldap://'.$ldaphost, $ldapport);
  169. // Cannot open socket to ldaphost, try ldap_connect to ldaphost2
  170. } else
  171. $ldapconn = ldap_connect('ldap://'.$ldaphost2, $ldapport);
  172.  
  173.  
  174. if ($ldapconn) {
  175. // Perform simple ldap bind
  176. if (ldap_bind($ldapconn, $user_name_login."@".$domain, $password_login))
  177. {
  178. // Search AD for the user attributes
  179. $base = "CN=domain,DC=com,DC=au";
  180. $filter = "(sAMAccountName=$user_name_login)";
  181. $justthese = array("displayName","mail","sn","givenname");
  182. $sr = ldap_search($ldapconn, $base, utf8_decode($filter), $justthese);
  183. $info = ldap_get_entries($ldapconn, $sr);
  184.  
  185. // Store entries for new account creation if necessary
  186. $fullName = $info[0]['displayname'][0];
  187. $email = $info[0]['mail'][0];
  188. $lastName = $info[0]['sn'][0];
  189. $firstName = $info[0]['givenname'][0];
  190.  
  191. // Successful authentication and retrieval of attributes
  192. $auth = true;
  193. }
  194. else {
  195. $error_message = "Unable to bind to LDAP";
  196. $auth = false;
  197. }
  198. }
  199. else
  200. {
  201. $error_message = "Unable to Connect to LDAP";
  202. $auth = false;
  203. }
  204. }
  205.  
  206.  
  207.  
  208. if($auth == false)
  209. {
  210. //display form with error message
  211. $error_message = $config['incorrect_logins'];
  212. $message_type = $lang_error;
  213. $blk_notification = 1;
  214. $show_login = 1;
  215. $template = "themes/$user_theme/templates/main_1.htm";
  216. $inner_template1 = "themes/$user_theme/templates/inner_signup_form.htm";
  217. $TBS = new clsTinyButStrong;
  218. $TBS->NoErr = true;
  219. $TBS->LoadTemplate("$template");
  220. $TBS->Render = TBS_OUTPUT;
  221. $TBS->Show();
  222.  
  223. @mysql_close();
  224. die();
  225. }
  226.  
  227. //Check username against database
  228. $sql = "SELECT user_name FROM member_profile WHERE user_name = '$user_name_login'";
  229.  
  230. $query = @mysql_query($sql);
  231. $result = @mysql_fetch_array($query);
  232. $result_display_username = $result['user_name'];
  233. $result_username = strtolower($result['user_name']);
  234.  
  235. if ( $result_username == $user_name_login ) {
  236.  
  237. //success login - checkinng if user has confirmed email
  238. // Modified : shawn 28082011
  239. // Missing user group information when database is query. Need to add 'user_group' to the SELECT statement.
  240. $sql = "SELECT user_name, user_id, account_status, user_group FROM member_profile WHERE user_name = '$user_name_login'";
  241. $query = @mysql_query($sql);
  242. $outcome = @mysql_fetch_array($query);
  243. $result = $outcome['account_status'];
  244.  
  245. if ( $result == 'new' ) {
  246.  
  247. //email not confirmed
  248. $notification_type = $config['notification_error'];
  249. $message = $config['email_not_confirmed'];
  250. $blk_notification = 1;
  251.  
  252. $template = "themes/$user_theme/templates/main_1.htm";
  253. $inner_template1 = "themes/$user_theme/templates/inner_notification.htm";
  254. $TBS = new clsTinyButStrong;
  255. $TBS->NoErr = true;
  256. $TBS->LoadTemplate("$template");
  257. $TBS->Render = TBS_OUTPUT;
  258. $TBS->Show();
  259.  
  260. @mysql_close();
  261. die();
  262. }
  263.  
  264. elseif( $result == 'suspended' ) {
  265.  
  266. //account suspended
  267. $notification_type = $config['notification_error'];
  268. $error_message = $config['account_suspended'];
  269. $blk_notification = 1;
  270. $template = "themes/$user_theme/templates/main_1.htm";
  271. $inner_template1 = "themes/$user_theme/templates/inner_notification.htm";
  272. $TBS = new clsTinyButStrong;
  273. $TBS->NoErr = true;
  274. $TBS->LoadTemplate("$template");
  275. $TBS->Render = TBS_OUTPUT;
  276. $TBS->Show();
  277.  
  278. @mysql_close();
  279. die();
  280. }
  281.  
  282. elseif( $result == 'active' ) {
  283.  
  284. @session_start();
  285. @session_register('user_id');
  286. @session_register('user_name');
  287. @session_register('user_group');
  288. $_SESSION['user_id'] = $outcome['user_id'];
  289. $_SESSION['user_name'] = $result_display_username;
  290. $_SESSION['user_group'] = $outcome['user_group'];
  291. $password = $outcome['password'];
  292. $passwordSalt = $outcome['passwordSalt'];
  293. $loggedin = 1;
  294.  
  295.  
  296. // Update user online status from guest
  297. $user_ip = mysql_escape_string($_SERVER['REMOTE_ADDR']);
  298. $sql = "UPDATE online SET logged_in_id = '$outcome[user_id]', logged_in_username = '$result_display_username' WHERE user_ip = '$user_ip'";
  299. @mysql_query($sql);
  300.  
  301. // remember me
  302. if ( $remember_me == 'remember_me' ) {
  303.  
  304. $how_long = (60 * $cookie_time);
  305. $cookie_pass = sha1( sha1($password) . sha1($passwordSalt) );
  306. setcookie('user', $result_display_username, time()+$how_long);
  307. setcookie('pass', $cookie_pass, time()+$how_long);
  308. }
  309. header("Location: " . "myaccount.php"); //redirect to Myaccount page
  310. }
  311. }
  312. else {
  313. // If user does not exist in database but passed LDAP Auth then add user
  314. //////////////////////////////////////////////////////////////
  315. // Now create user as active or new user
  316. $random_code = randomcode();
  317. $date = date("Y-m-d H:i:s",time());
  318. $firstName = utf8_encode($firstName);
  319. $lastName= utf8_encode($lastName);
  320. $addsql = "INSERT into member_profile (user_name, password, email_address, account_status, account_type, date_created, random_code, first_name, last_name, birthday)
  321. VALUES ('$user_name_login', 'LDAP', '$email', 'active', 'standard', '$date', '$random_code', '$firstName', '$lastName','0000-00-00')";
  322. @mysql_query($addsql);
  323. // Get user details
  324. $userquery = "SELECT * FROM member_profile WHERE user_name=\"$user_name_login\" AND random_code=\"$random_code\";";
  325. $results = @mysql_query($userquery);
  326. $userrow = @mysql_fetch_array($results);
  327. // Add privacy settings for user
  328. $privsql = "INSERT INTO privacy (videocomments, profilecomments, privatemessage, friendsinvite, newsletter, user_id, publicfavorites, publicplaylists)
  329. VALUES ('yes', 'yes', 'yes', 'yes', 'yes', ".$userrow['user_id'].", 'yes', 'yes')";
  330. @mysql_query($privsql);
  331.  
  332. // Now user is added it's time to log in
  333. @session_start();
  334. @session_register('user_id');
  335. @session_register('user_name');
  336. @session_register('random_code');
  337. $_SESSION['user_id'] = $userrow['user_id'];
  338. $_SESSION['user_name'] = $user_name_login;
  339. $_SESSION['random_code'] = $userrow['random_code'];
  340. $loggedin = 1;
  341.  
  342.  
  343. // Update user online status from guest
  344. $user_ip = mysql_escape_string($_SERVER['REMOTE_ADDR']);
  345. $sql = "UPDATE online SET logged_in_id = '$outcome[user_id]', logged_in_username = $result_display_username WHERE user_ip = $user_ip";
  346. @mysql_query($sql);
  347.  
  348. header("Location: " . "myaccount.php"); //redirect to Myaccount page
  349. }
  350.  
  351. ?>
  352.  
  353. ======================================================
  354.  
  355.  
  356. Step 3:
  357.  
  358. - Edit Line 78 - 83 - Change these settings for your environment:
  359.  
  360. // LDAP hosts
  361. $ldaphost = "10.1.1.2";
  362. $ldaphost2 = "10.1.1.3";
  363.  
  364. $domain = "domain.com.au";
  365.  
  366. - And line - 116: $base = "CN=domain,DC=com,DC=au";
  367.  
  368. - Rename your current login.php to something else, so you can revert back to it if required.
  369.  
  370. - Upload your new login.php file to your phpmotion server
  371.  
  372. - login using an Active Directory account.
  373.  
  374. *** This script works and has been tested on my AD Windows Network. If you're having problems, it's most likely your Linux Server Config or DNS Server ***
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!