Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * This script has been adapted from Thommy's original login.php and updated by Langnao (Shawn).
- Many thanks to guys at Coding Haven
- First Step:
- To test if your server can authenticate with your AD successfully, enter the following (everything within ++++) as a file eg: 'test.php' at the server you installed phpmotion.
- $user_name_login is your AD userid
- $password_login is the password of the AD userid
- $domain is your domain, in this case I put a dummy test.com
- $ldaphost is the FQDN of your Active Directory Domain controller. Example, dc1.test.com
- Then run the script,
- /usr/local/apache/php/bin/php -f test.php
- (assuming myphp is found under /usr/local/apache/php/bin)
- or type in http://phpmotionserverurl/test.php
- If everything is correctly configured, you will see 'Successful authenticated.
- ++++++++++++++++++++++++++++++++++++++++++
- <?php
- $user_name_login = "xxx";
- $password_login = "xxx1234";
- $ldapport = "389";
- $ldaphost = "dc1.test.com";
- $domain = "test.com";
- $ldapconn = ldap_connect('ldap://'.$ldaphost, $ldapport);
- if ($ldapconn) {
- if (ldap_bind($ldapconn, $user_name_login."@".$domain, $password_login))
- echo "Successful authenticated!!!";
- else
- echo "Unable to bind to LDAP";
- }
- else
- echo "Unable to Connect to LDAP";
- ?>
- +++++++++++++++++++++++++++++++++++++++++++
- If Successful, read on, if not, your server isn't configured for LDAP.
- Step 2:
- Copy the code below in between the ====== and save it to a file called login.php
- ===========================================
- <?php
- error_reporting (0);
- ///////////////////////////////////////////////////////////////////////////////////////
- // PHPmotion http://www.phpmotion.com //
- ///////////////////////////////////////////////////////////////////////////////////////
- // License: You are not to sell or distribute this software without permission //
- // Help and support please visit http://www.phpmotion.com //
- // Copyright reserved //
- ///////////////////////////////////////////////////////////////////////////////////////
- //
- //
- // Modified : shawn 09082011
- //
- // The original code is not functioning. Rewrite the AD ldap authentication portion.
- //
- // Modified : shawn 17092011
- //
- // Added failover check between ADs
- //
- //
- include_once ('classes/config.php');
- include_once ('classes/sessions.php');
- if ( $_POST['submitted'] != 'yes' ) {
- $show_signup = 0;
- $show_login = 1;
- if ( !isset($form_submitted) || ($form_submitted == "") ) {
- $template = "themes/$user_theme/templates/main_1.htm";
- $inner_template1 = "themes/$user_theme/templates/inner_signup_form.htm";
- $TBS = new clsTinyButStrong;
- $TBS->NoErr = true;
- $TBS->LoadTemplate("$template");
- $TBS->Render = TBS_OUTPUT;
- $TBS->Show();
- @mysql_close();
- die();
- }
- }
- if ( $_POST['submitted'] == 'yes' && !isset($_POST['user_name_login']) || ($_POST['user_name_login'] == '') || !isset($_POST['password_login']) || ($_POST['password_login'] == '')) {
- //display form with error message
- $error_message = $config['incorrect_logins'];
- $message_type = $lang_error;
- $blk_notification = 1;
- $show_signup = 0;
- $show_login = 1;
- $template = "themes/$user_theme/templates/main_1.htm";
- $inner_template1 = "themes/$user_theme/templates/inner_signup_form.htm";
- $TBS = new clsTinyButStrong;
- $TBS->NoErr = true;
- $TBS->LoadTemplate("$template");
- $TBS->Render = TBS_OUTPUT;
- $TBS->Show();
- @mysql_close();
- die();
- }
- //////////////////////////////////////////////////
- /// LDAP Authentication
- //////////////////////////////////////////////////
- $user_name_login = mysql_real_escape_string($_POST["user_name_login"]);
- $password_login = mysql_real_escape_string($_POST["password_login"]);
- // Variables declaration
- $ldapport = "389";
- // LDAP hosts
- $ldaphost = "10.1.1.2";
- $ldaphost2 = "10.1.1.3";
- $domain = "domain.com.au";
- // Check for empty password. Empty password will return successful bind in AD.
- if (empty($password_login))
- {
- $auth = false;
- }
- else
- {
- // Cannot use ldap_connect to test connection as using with OpenLdap 2.x, it will
- // always return a resource.
- // Use fsocketopen to test socket connection, timeout 3 seconds.
- $fp = fsockopen ( $ldaphost, $ldapport, $errno, $errstr, 3);
- if ($fp) {
- // Close the socket
- fclose($fp);
- // Connect to AD
- $ldapconn = ldap_connect('ldap://'.$ldaphost, $ldapport);
- // Cannot open socket to ldaphost, try ldap_connect to ldaphost2
- } else
- $ldapconn = ldap_connect('ldap://'.$ldaphost2, $ldapport);
- if ($ldapconn) {
- // Perform simple ldap bind
- if (ldap_bind($ldapconn, $user_name_login."@".$domain, $password_login))
- {
- // Search AD for the user attributes
- $base = "CN=domain,DC=com,DC=au";
- $filter = "(sAMAccountName=$user_name_login)";
- $justthese = array("displayName","mail","sn","givenname");
- $sr = ldap_search($ldapconn, $base, utf8_decode($filter), $justthese);
- $info = ldap_get_entries($ldapconn, $sr);
- // Store entries for new account creation if necessary
- $fullName = $info[0]['displayname'][0];
- $email = $info[0]['mail'][0];
- $lastName = $info[0]['sn'][0];
- $firstName = $info[0]['givenname'][0];
- // Successful authentication and retrieval of attributes
- $auth = true;
- }
- else {
- $error_message = "Unable to bind to LDAP";
- $auth = false;
- }
- }
- else
- {
- $error_message = "Unable to Connect to LDAP";
- $auth = false;
- }
- }
- if($auth == false)
- {
- //display form with error message
- $error_message = $config['incorrect_logins'];
- $message_type = $lang_error;
- $blk_notification = 1;
- $show_login = 1;
- $template = "themes/$user_theme/templates/main_1.htm";
- $inner_template1 = "themes/$user_theme/templates/inner_signup_form.htm";
- $TBS = new clsTinyButStrong;
- $TBS->NoErr = true;
- $TBS->LoadTemplate("$template");
- $TBS->Render = TBS_OUTPUT;
- $TBS->Show();
- @mysql_close();
- die();
- }
- //Check username against database
- $sql = "SELECT user_name FROM member_profile WHERE user_name = '$user_name_login'";
- $query = @mysql_query($sql);
- $result = @mysql_fetch_array($query);
- $result_display_username = $result['user_name'];
- $result_username = strtolower($result['user_name']);
- if ( $result_username == $user_name_login ) {
- //success login - checkinng if user has confirmed email
- // Modified : shawn 28082011
- // Missing user group information when database is query. Need to add 'user_group' to the SELECT statement.
- $sql = "SELECT user_name, user_id, account_status, user_group FROM member_profile WHERE user_name = '$user_name_login'";
- $query = @mysql_query($sql);
- $outcome = @mysql_fetch_array($query);
- $result = $outcome['account_status'];
- if ( $result == 'new' ) {
- //email not confirmed
- $notification_type = $config['notification_error'];
- $message = $config['email_not_confirmed'];
- $blk_notification = 1;
- $template = "themes/$user_theme/templates/main_1.htm";
- $inner_template1 = "themes/$user_theme/templates/inner_notification.htm";
- $TBS = new clsTinyButStrong;
- $TBS->NoErr = true;
- $TBS->LoadTemplate("$template");
- $TBS->Render = TBS_OUTPUT;
- $TBS->Show();
- @mysql_close();
- die();
- }
- elseif( $result == 'suspended' ) {
- //account suspended
- $notification_type = $config['notification_error'];
- $error_message = $config['account_suspended'];
- $blk_notification = 1;
- $template = "themes/$user_theme/templates/main_1.htm";
- $inner_template1 = "themes/$user_theme/templates/inner_notification.htm";
- $TBS = new clsTinyButStrong;
- $TBS->NoErr = true;
- $TBS->LoadTemplate("$template");
- $TBS->Render = TBS_OUTPUT;
- $TBS->Show();
- @mysql_close();
- die();
- }
- elseif( $result == 'active' ) {
- @session_start();
- @session_register('user_id');
- @session_register('user_name');
- @session_register('user_group');
- $_SESSION['user_id'] = $outcome['user_id'];
- $_SESSION['user_name'] = $result_display_username;
- $_SESSION['user_group'] = $outcome['user_group'];
- $password = $outcome['password'];
- $passwordSalt = $outcome['passwordSalt'];
- $loggedin = 1;
- // Update user online status from guest
- $user_ip = mysql_escape_string($_SERVER['REMOTE_ADDR']);
- $sql = "UPDATE online SET logged_in_id = '$outcome[user_id]', logged_in_username = '$result_display_username' WHERE user_ip = '$user_ip'";
- @mysql_query($sql);
- // remember me
- if ( $remember_me == 'remember_me' ) {
- $how_long = (60 * $cookie_time);
- $cookie_pass = sha1( sha1($password) . sha1($passwordSalt) );
- setcookie('user', $result_display_username, time()+$how_long);
- setcookie('pass', $cookie_pass, time()+$how_long);
- }
- header("Location: " . "myaccount.php"); //redirect to Myaccount page
- }
- }
- else {
- // If user does not exist in database but passed LDAP Auth then add user
- //////////////////////////////////////////////////////////////
- // Now create user as active or new user
- $random_code = randomcode();
- $date = date("Y-m-d H:i:s",time());
- $firstName = utf8_encode($firstName);
- $lastName= utf8_encode($lastName);
- $addsql = "INSERT into member_profile (user_name, password, email_address, account_status, account_type, date_created, random_code, first_name, last_name, birthday)
- VALUES ('$user_name_login', 'LDAP', '$email', 'active', 'standard', '$date', '$random_code', '$firstName', '$lastName','0000-00-00')";
- @mysql_query($addsql);
- // Get user details
- $userquery = "SELECT * FROM member_profile WHERE user_name=\"$user_name_login\" AND random_code=\"$random_code\";";
- $results = @mysql_query($userquery);
- $userrow = @mysql_fetch_array($results);
- // Add privacy settings for user
- $privsql = "INSERT INTO privacy (videocomments, profilecomments, privatemessage, friendsinvite, newsletter, user_id, publicfavorites, publicplaylists)
- VALUES ('yes', 'yes', 'yes', 'yes', 'yes', ".$userrow['user_id'].", 'yes', 'yes')";
- @mysql_query($privsql);
- // Now user is added it's time to log in
- @session_start();
- @session_register('user_id');
- @session_register('user_name');
- @session_register('random_code');
- $_SESSION['user_id'] = $userrow['user_id'];
- $_SESSION['user_name'] = $user_name_login;
- $_SESSION['random_code'] = $userrow['random_code'];
- $loggedin = 1;
- // Update user online status from guest
- $user_ip = mysql_escape_string($_SERVER['REMOTE_ADDR']);
- $sql = "UPDATE online SET logged_in_id = '$outcome[user_id]', logged_in_username = $result_display_username WHERE user_ip = $user_ip";
- @mysql_query($sql);
- header("Location: " . "myaccount.php"); //redirect to Myaccount page
- }
- ?>
- ======================================================
- Step 3:
- - Edit Line 78 - 83 - Change these settings for your environment:
- // LDAP hosts
- $ldaphost = "10.1.1.2";
- $ldaphost2 = "10.1.1.3";
- $domain = "domain.com.au";
- - And line - 116: $base = "CN=domain,DC=com,DC=au";
- - Rename your current login.php to something else, so you can revert back to it if required.
- - Upload your new login.php file to your phpmotion server
- - login using an Active Directory account.
- *** This script works and has been tested on my AD Windows Network. If you're having problems, it's most likely your Linux Server Config or DNS Server ***
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement