Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //define constants
- define('ldaphost', 'localhost');
- define('ldapport', 389);
- define('ldapbase', 'dc=root');
- define('ldapvalu', 'mail');
- ?>
- <?php
- // define functions
- function do_auth() {
- // this is going to need work since reauthenticating every time the page loads is kind of dumb
- // perhaps I need some way to shortcut that authentication has already happened?
- if (empty($_SESSION['user']) && !empty($_POST['user'])) {
- $_REQUEST = array (); //Goodbye Dr. Badplan
- //print "SESSION user is not set but POST user is<br>";
- $_SESSION['user'] = $_POST['user'];
- $_SESSION['pass'] = $_POST['pass'];
- $_POST = array(); //No need to keep this longer than necessary
- //print "SESSION user is set<br>";
- $ldapuser = $_SESSION['user'];
- $ldappass = $_SESSION['pass'];
- $_SESSION = array(); //No need to keep this longer than necessary
- // $ds is a link identifier for a directory server
- $ds=@ldap_connect(ldaphost, ldapport) OR die("Could not connect.<br>");
- ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3) OR die("Incorrect version.<br>");
- // $r is a resource that can be accessed using ldap_get_entries()
- if ($r = @ldap_search($ds, $ldapconfig['basedn'], ldapvalu . '=' . $ldapuser)) {
- //print "search successful<br>";
- $result = @ldap_get_entries($ds, $r);
- if ($result['count'] == 1 && $result[0][ldapvalu][0] === $ldapuser) {
- if ($bind = @ldap_bind($ds, $result[0]['dn'], $ldappass)) {
- //print "auth successful: $bind<br>";
- // this likely needs to be built out to clean up the bind and possibly disconnect
- return $result[0][ldapvalu][0];
- } else {
- //print "auth failed: $bind<br>";
- return "$bind"; //return NULL;
- }
- } elseif ($result['count'] > 1) {
- print "auth failed: more than one user<br>";
- //return UNKNOWN;
- } else { //if ($result['count'] == 0) {
- //print "auth failed: userid $ldapuser does not exist<br>";
- //return 0; //return NULL;
- }
- } else { //if ($r == 0) {
- print "auth failed: search failed<br>";
- //return UNKNOWN;
- }
- } else { //if (empty($_SESSION['user']) && empty($_POST['user']) {
- //print "auth failed: you should be seeing a login form<br>";
- return 0;
- }
- }
- function do_logout() {
- print "<form action = " . $_SERVER['PHP_SELF'] . " method = \"POST\">";
- print "<input type=submit name='logout' value='logout'><br>";
- //this stops processing here
- if (isset($_POST['logout'])) {
- //print "logout received <br>";
- $session_name = session_name();
- $_SESSION = array();
- session_destroy();
- if ( isset( $_COOKIE[ $session_name ] ) ) {
- //print "you got a cookie " . $session_name . " : " . $_COOKIE[ $session_name ] . "<br>";
- // setcookie() fails when there is output sent prior to calling this function.
- if ( setcookie($session_name, '', time()-3600, '/') ) {
- print "if you see this you should be logged out<br>";
- }
- else {
- print "if you see this you should be logged out but probably arent<br>";
- }
- }
- }
- }
- function do_reset() {
- print"<form action = " . $_SERVER['PHP_SELF'] . " method = \"POST\">";
- print "<input type=submit name='reset' value='reset'><br>";
- //this stops processing here
- if (isset($_POST['reset'])) {
- print "reset received <br>";
- unset($_POST);
- unset($_REQUEST);
- unset($_SESSION);
- }
- }
- function do_form() {
- $auth = do_auth();
- if ($auth) {
- print "you are logged in as $auth!<br><br>";
- do_logout();
- } elseif ($auth === 0) {
- print "<form action = " . $_SERVER['PHP_SELF'] . " method = \"POST\">";
- print "user: <input type=text name='user'><br>";
- print "pass: <input type=password name='pass'><br>";
- print "<input type=submit name='login' value='login'><br>";
- } elseif ($auth === NULL) {
- print "login failed: $auth<br><br>"; //userid does not exist
- do_reset();
- } elseif (isset($auth)) {
- print "login failed: $auth<br><br>"; //password incorrect same as userid does not exist
- do_reset();
- } else {
- print "Error Unknown: $auth<br><br>";
- do_reset();
- }
- }
- function do_header() {
- session_start();
- $session_name=session_name();
- //start output buffer to be flushed in the footer
- ob_start();
- print "<html>";
- print "<head>";
- print "<title> My Test Form </title>";
- print "</head>";
- print "<body>";
- }
- function do_footer() {
- print "</body>";
- print "</html>";
- //flush everything started in the header
- ob_end_flush();
- }
- function show_superglobals() {
- //print "<br>_POST: " . print_r($_POST, TRUE) . "<br>";
- //print "<br>_FILES: " . print_r($_FILES, TRUE) . "<br>";
- //print "<br>_COOKIE: " . print_r($_COOKIE, TRUE) . "<br>";
- //print "<br>_REQUEST: " . print_r($_REQUEST, TRUE) . "<br>";
- //print "<br>_SESSION: " . print_r($_SESSION, TRUE) . "<br>";
- //print "<br>_SERVER: " . print_r($_SERVER, TRUE) . "<br>";
- //print "<br>_ENV: " . print_r($_ENV, TRUE) . "<br>";
- print "<br>GLOBALS: <pre>" . print_r($GLOBALS, TRUE) . "</pre><br>";
- }
- ?>
- <?php
- //main
- do_header();
- do_form();
- show_superglobals();
- do_footer();
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement