The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
|||||||
|
#1
01-22-2010, 08:54 PM
|
|||
|
|||
ldap authentication admincp
I've been modifying malcomx's code (https://vborg.vbsupport.ru/showthrea...highlight=ldap) so I can achieve a couple of things.
- To have a bind user query the directory, so it's more secure - To have admincp and modcp be ldap authenticated So, I haven't coded in a long, LONG time, and when I did code it was in Java, but getting back into it, it wasn't *that* difficult but I'm running into a snag I was wondering if somebody can help me with. Note: Regular users work fine, ldap works, no password, wrong password, bad user, kicks the user out of the system. Admincp on the other hand, bad username kicks the them out, but any user that is found in ldap is permitted to login, if they do not have admin access, the page just refreshes, but if they have admin privileges, regardless of whatever password they put in, they're allowed to login. The same code works for regular users for a normal login, so if anybody has any insight to why this might not be working, I think this would help anybody who wanted full ldap authentication for their systems. For some reason, regardless of whatever I put in, the bind is successful. Thanks for looking. Code:
<?php
//
// main php file for vBulletin authentication against LDAP
// (c) andreas sartori, 2006
//
error_reporting(E_ALL & ~E_NOTICE);
define('THIS_SCRIPT', 'controller.php');
define('LDDEBUG', true);
// some basic requirements
require_once('./global.php');
require_once(DIR . '/includes/functions_login.php');
require_once(DIR . '/ldapAuth/ldapfunctions.inc.php');
require_once(DIR . '/ldapAuth/ldapconfig.inc.php');
if(defined('LDDEBUG')) { $fp=fopen('/tmp/apache.debug', "a+"); }
if(defined('LDDEBUG')) { wrlog("++ -------- START -------- ++"); }
// if login form is admin or moderator login, dont use ldap authentication
if(($vbulletin->GPC['logintype'] == "cplogin") || ($vbulletin->GPC['logintype'] == "modcplogin"))
{
if(defined('LDDEBUG')) { wrlog("++ LoginType:\t Login to admincp or modcp"); }
//if(defined('LDDEBUG')) { if($fp) { fclose($fp); } }
//return;
//if ($vbulletin->GPC['vb_login_password'] == '')
//{
// if(defined('LDDEBUG')) { wrlog("-- LoginError:\t No Password"); }
//if(defined('LDDEBUG')) { if($fp) { fclose($fp); } }
// eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
//}
// create the ldap search filter
$ldapFilter = "(samaccountname=" . $vbulletin->GPC['vb_login_username'] .")";
if(defined('LDDEBUG')) { wrlog("++ LdapFiler:\t $ldapFilter"); }
// connect to the LDAP Server
$ldapConnection = ldap_connect($ldapServer, $ldapPort);
if($ldapConnection)
{
$ldapBind = ldap_bind($ldapConnection, $ldapBindUser, $ldapBindPassword);
if(defined('LDDEBUG')) { wrlog("++ LdapServer:\t connection successful"); }
// search for the username and get the DN
$searchDn=ldap_search($ldapConnection,$ldapBase,$ldapFilter);
$searchResult=ldap_get_entries($ldapConnection,$searchDn);
// if no user is found in ldap, redirect to standard error
if(sizeof($searchResult) < 2)
{
if(defined('LDDEBUG')) { wrlog("++ LdapSearch:\t there is no such user in the directory"); }
if(defined('LDDEBUG')) { if($fp) { fclose($fp); } }
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'],$strikes)));
}
// write the FIRST found DN to $bindDn;
$bindDn=$searchResult[0]['dn'];
if(defined('LDDEBUG')) { wrlog("++ LdapDebug:\t $bindDn"); }
// bind to the ldap server with specified credentials (dn, password)
$ldap_bind = @ldap_bind($ldapConnection, $bindDn, $vbulletin->GPC['vb_login_password']);
if($ldap_bind)
{
if(defined('LDDEBUG')) { wrlog("++ LdapDebug:\t bind successful"); }
}
else
{
if(defined('LDDEBUG')) { wrlog("++ LdapDebug:\t bind failed"); }
}
if(defined('LDDEBUG')) { wrlog("++ LdapDebug:\t $ldapConnection"); }
if(defined('LDDEBUG')) { wrlog("++ LdapDebug:\t $bindDn"); }
if(defined('LDDEBUG')) { wrlog("++ LdapDebug:\t $vbulletin->GPC['vb_login_password']"); }
if(defined('LDDEBUG')) { wrlog("++ LdapDebug:\t $ldap_bind"); }
// close the server connection
ldap_close($ldapConnection);
// ldap bind did not succeed, wrong username/password combination
if ($ldap_bind != 1)
{
if(defined('LDDEBUG')) { wrlog("++ LdapServer:\t ldap bind did not succeed"); }
if(defined('LDDEBUG')) { if($fp) { fclose($fp); } }
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
}
else
{
//generate a template for vBulletin user database
//$randomSalt=genSalt();
//$randomPass=md5(crypt($randomSalt,$randomSalt));
//$newuser =& datamanager_init('User', $vbulletin, ERRTYPE_ARRAY);
//$newuser->set('username', $vbulletin->GPC['vb_login_username']);
// get the email address from ldap
//$ldapConnection = ldap_connect($ldapServer, $ldapPort);
//if($ldapConnection)
//{
//$ldapBind = ldap_bind($ldapConnection, $ldapBindUser, $ldapBindPassword);
//if(defined('LDDEBUG')) { wrlog("++ LdapServer:\t Fetching email address"); }
//$searchEmail=ldap_search($ldapConnection,$ldapBase,$ldapFilter, $ldapEmailAttr);
//$userEmail=ldap_get_entries($ldapConnection,$searchEmail);
//if(sizeof($userEmail) < 2)
//{
// if(defined('LDDEBUG')) { wrlog("++ LdapServer:\t user has no emailaddress"); }
// $newuser->set('email', $noEmailExists);
//}
//else
//{
// if(defined('LDDEBUG')) { wrlog("++ LdapServer:\t user has an email address"); }
// $newuser->set('email', $userEmail[0]['mail'][0]);
//}
//}
//ldap_close($ldapConnection);
//$newuser->set('password', $randomPass);
//$newuser->set('usergroupid', 2);
//$newuser->pre_save();
// try to create the user in vBulletin; if it works save the dataset else just login
//if (!empty($newuser->errors))
//{
//if(defined('LDDEBUG')) { wrlog("++ LoginScript:\t user already in vBulletin"); }
//$vbulletin->GPC['vb_login_username']=$vbulletin->GPC['vb_login_username'];
$vbulletin->GPC['cookieuser']=$vbulletin->GPC['vb_login_username'];
verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['cookieuser'], true);
exec_unstrike_user($vbulletin->GPC['vb_login_username']);
process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
if(defined('LDDEBUG')) { wrlog("++ LoginScript:\t logging in"); if($fp) { fclose($fp); } }
do_login_redirect();
//}
//else
//{
// if(defined('LDDEBUG')) { wrlog("++ LoginScript:\t creating user in vBulletin database"); }
// $newuser->set_info('coppauser', false);
// $vbulletin->userinfo['userid']
// = $userid
// = $newuser->save();
// $vbulletin->GPC['vb_login_username']=$vbulletin->GPC['vb_login_username'];
// $vbulletin->GPC['cookieuser']=$vbulletin->GPC['vb_login_username'];
// verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['cookieuser'], true);
// exec_unstrike_user($vbulletin->GPC['vb_login_username']);
// process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
// if(defined('LDDEBUG')) { wrlog("++ LoginScript:\t logging in"); if($fp) { fclose($fp); } }
// do_login_redirect();
//}
}
}
}
if(defined('LDDEBUG')) { wrlog("++ LoginType:\t Normal Login"); }
// if there is no password submitted, redirect to standard error
if ($vbulletin->GPC['vb_login_password'] == '')
{
if(defined('LDDEBUG')) { wrlog("-- LoginError:\t No Password"); }
if(defined('LDDEBUG')) { if($fp) { fclose($fp); } }
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
}
// create the ldap search filter
$ldapFilter = "(samaccountname=" . $vbulletin->GPC['vb_login_username'] .")";
if(defined('LDDEBUG')) { wrlog("++ LdapFiler:\t $ldapFilter"); }
// connect to the LDAP Server
$ldapConnection = ldap_connect($ldapServer, $ldapPort);
if($ldapConnection)
{
$ldapBind = ldap_bind($ldapConnection, $ldapBindUser, $ldapBindPassword);
if(defined('LDDEBUG')) { wrlog("++ LdapServer:\t connection successful"); }
// search for the username and get the DN
$searchDn=ldap_search($ldapConnection,$ldapBase,$ldapFilter);
$searchResult=ldap_get_entries($ldapConnection,$searchDn);
// if no user is found in ldap, redirect to standard error
if(sizeof($searchResult) < 2)
{
if(defined('LDDEBUG')) { wrlog("++ LdapSearch:\t there is no such user in the directory"); }
if(defined('LDDEBUG')) { if($fp) { fclose($fp); } }
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'],$strikes)));
}
// write the FIRST found DN to $bindDn;
$bindDn=$searchResult[0]['dn'];
// bind to the ldap server with specified credentials (dn, password)
$ldap_bind = @ldap_bind($ldapConnection, $bindDn, $vbulletin->GPC['vb_login_password']);
// close the server connection
ldap_close($ldapConnection);
if(defined('LDDEBUG')) { wrlog("++ LdapDebug:\t $ldapConnection"); }
if(defined('LDDEBUG')) { wrlog("++ LdapDebug:\t $bindDn"); }
if(defined('LDDEBUG')) { wrlog("++ LdapDebug:\t $vbulletin->GPC['vb_login_password']"); }
// ldap bind did not succeed, wrong username/password combination
if ($ldap_bind != 1)
{
if(defined('LDDEBUG')) { wrlog("++ LdapServer:\t ldap bind did not succeed"); }
if(defined('LDDEBUG')) { if($fp) { fclose($fp); } }
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
}
else
{
// generate a template for vBulletin user database
$randomSalt=genSalt();
$randomPass=md5(crypt($randomSalt,$randomSalt));
$newuser =& datamanager_init('User', $vbulletin, ERRTYPE_ARRAY);
$newuser->set('username', $vbulletin->GPC['vb_login_username']);
// get the email address from ldap
$ldapConnection = ldap_connect($ldapServer, $ldapPort);
if($ldapConnection)
{
$ldapBind = ldap_bind($ldapConnection, $ldapBindUser, $ldapBindPassword);
if(defined('LDDEBUG')) { wrlog("++ LdapServer:\t Fetching email address"); }
$searchEmail=ldap_search($ldapConnection,$ldapBase,$ldapFilter, $ldapEmailAttr);
$userEmail=ldap_get_entries($ldapConnection,$searchEmail);
if(sizeof($userEmail) < 2)
{
if(defined('LDDEBUG')) { wrlog("++ LdapServer:\t user has no emailaddress"); }
$newuser->set('email', $noEmailExists);
}
else
{
if(defined('LDDEBUG')) { wrlog("++ LdapServer:\t user has an email address"); }
$newuser->set('email', $userEmail[0]['mail'][0]);
}
}
ldap_close($ldapConnection);
$newuser->set('password', $randomPass);
$newuser->set('usergroupid', 2);
$newuser->pre_save();
// try to create the user in vBulletin; if it works save the dataset else just login
if (!empty($newuser->errors))
{
if(defined('LDDEBUG')) { wrlog("++ LoginScript:\t user already in vBulletin"); }
$vbulletin->GPC['vb_login_username']=$vbulletin->GPC['vb_login_username'];
$vbulletin->GPC['cookieuser']=$vbulletin->GPC['vb_login_username'];
verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['cookieuser'], true);
exec_unstrike_user($vbulletin->GPC['vb_login_username']);
process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
if(defined('LDDEBUG')) { wrlog("++ LoginScript:\t logging in"); if($fp) { fclose($fp); } }
do_login_redirect();
}
else
{
if(defined('LDDEBUG')) { wrlog("++ LoginScript:\t creating user in vBulletin database"); }
$newuser->set_info('coppauser', false);
$vbulletin->userinfo['userid']
= $userid
= $newuser->save();
$vbulletin->GPC['vb_login_username']=$vbulletin->GPC['vb_login_username'];
$vbulletin->GPC['cookieuser']=$vbulletin->GPC['vb_login_username'];
verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['cookieuser'], true);
exec_unstrike_user($vbulletin->GPC['vb_login_username']);
process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
if(defined('LDDEBUG')) { wrlog("++ LoginScript:\t logging in"); if($fp) { fclose($fp); } }
do_login_redirect();
}
}
}
if(defined('LDDEBUG')) { if($fp) { fclose($fp); } }
?>
|
 |
«
Previous Thread
|
Next Thread
»
Linear Mode
|
|
All times are GMT. The time now is 10:45 PM.