Verzeichnisstruktur phpBB-3.2.0
- Veröffentlicht
- 06.01.2017
So funktioniert es
|
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
ldap.php
001 <?php
002 /**
003 *
004 * This file is part of the phpBB Forum Software package.
005 *
006 * @copyright (c) phpBB Limited <https://www.phpbb.com>
007 * @license GNU General Public License, version 2 (GPL-2.0)
008 *
009 * For full copyright and license information, please see
010 * the docs/CREDITS.txt file.
011 *
012 */
013
014 namespace phpbb\auth\provider;
015
016 /**
017 * Database authentication provider for phpBB3
018 * This is for authentication via the integrated user table
019 */
020 class ldap extends \phpbb\auth\provider\base
021 {
022 /**
023 * phpBB passwords manager
024 *
025 * @var \phpbb\passwords\manager
026 */
027 protected $passwords_manager;
028
029 /**
030 * LDAP Authentication Constructor
031 *
032 * @param \phpbb\db\driver\driver_interface $db Database object
033 * @param \phpbb\config\config $config Config object
034 * @param \phpbb\passwords\manager $passwords_manager Passwords manager object
035 * @param \phpbb\user $user User object
036 */
037 public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\user $user)
038 {
039 $this->db = $db;
040 $this->config = $config;
041 $this->passwords_manager = $passwords_manager;
042 $this->user = $user;
043 }
044
045 /**
046 * {@inheritdoc}
047 */
048 public function init()
049 {
050 if (!@extension_loaded('ldap'))
051 {
052 return $this->user->lang['LDAP_NO_LDAP_EXTENSION'];
053 }
054
055 $this->config['ldap_port'] = (int) $this->config['ldap_port'];
056 if ($this->config['ldap_port'])
057 {
058 $ldap = @ldap_connect($this->config['ldap_server'], $this->config['ldap_port']);
059 }
060 else
061 {
062 $ldap = @ldap_connect($this->config['ldap_server']);
063 }
064
065 if (!$ldap)
066 {
067 return $this->user->lang['LDAP_NO_SERVER_CONNECTION'];
068 }
069
070 @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
071 @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
072
073 if ($this->config['ldap_user'] || $this->config['ldap_password'])
074 {
075 if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password'])))
076 {
077 return $this->user->lang['LDAP_INCORRECT_USER_PASSWORD'];
078 }
079 }
080
081 // ldap_connect only checks whether the specified server is valid, so the connection might still fail
082 $search = @ldap_search(
083 $ldap,
084 htmlspecialchars_decode($this->config['ldap_base_dn']),
085 $this->ldap_user_filter($this->user->data['username']),
086 (empty($this->config['ldap_email'])) ?
087 array(htmlspecialchars_decode($this->config['ldap_uid'])) :
088 array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])),
089 0,
090 1
091 );
092
093 if ($search === false)
094 {
095 return $this->user->lang['LDAP_SEARCH_FAILED'];
096 }
097
098 $result = @ldap_get_entries($ldap, $search);
099
100 @ldap_close($ldap);
101
102 if (!is_array($result) || sizeof($result) < 2)
103 {
104 return sprintf($this->user->lang['LDAP_NO_IDENTITY'], $this->user->data['username']);
105 }
106
107 if (!empty($this->config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($this->config['ldap_email'])]))
108 {
109 return $this->user->lang['LDAP_NO_EMAIL'];
110 }
111
112 return false;
113 }
114
115 /**
116 * {@inheritdoc}
117 */
118 public function login($username, $password)
119 {
120 // do not allow empty password
121 if (!$password)
122 {
123 return array(
124 'status' => LOGIN_ERROR_PASSWORD,
125 'error_msg' => 'NO_PASSWORD_SUPPLIED',
126 'user_row' => array('user_id' => ANONYMOUS),
127 );
128 }
129
130 if (!$username)
131 {
132 return array(
133 'status' => LOGIN_ERROR_USERNAME,
134 'error_msg' => 'LOGIN_ERROR_USERNAME',
135 'user_row' => array('user_id' => ANONYMOUS),
136 );
137 }
138
139 if (!@extension_loaded('ldap'))
140 {
141 return array(
142 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
143 'error_msg' => 'LDAP_NO_LDAP_EXTENSION',
144 'user_row' => array('user_id' => ANONYMOUS),
145 );
146 }
147
148 $this->config['ldap_port'] = (int) $this->config['ldap_port'];
149 if ($this->config['ldap_port'])
150 {
151 $ldap = @ldap_connect($this->config['ldap_server'], $this->config['ldap_port']);
152 }
153 else
154 {
155 $ldap = @ldap_connect($this->config['ldap_server']);
156 }
157
158 if (!$ldap)
159 {
160 return array(
161 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
162 'error_msg' => 'LDAP_NO_SERVER_CONNECTION',
163 'user_row' => array('user_id' => ANONYMOUS),
164 );
165 }
166
167 @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
168 @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
169
170 if ($this->config['ldap_user'] || $this->config['ldap_password'])
171 {
172 if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password'])))
173 {
174 return array(
175 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
176 'error_msg' => 'LDAP_NO_SERVER_CONNECTION',
177 'user_row' => array('user_id' => ANONYMOUS),
178 );
179 }
180 }
181
182 $search = @ldap_search(
183 $ldap,
184 htmlspecialchars_decode($this->config['ldap_base_dn']),
185 $this->ldap_user_filter($username),
186 (empty($this->config['ldap_email'])) ?
187 array(htmlspecialchars_decode($this->config['ldap_uid'])) :
188 array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])),
189 0,
190 1
191 );
192
193 $ldap_result = @ldap_get_entries($ldap, $search);
194
195 if (is_array($ldap_result) && sizeof($ldap_result) > 1)
196 {
197 if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password)))
198 {
199 @ldap_close($ldap);
200
201 $sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type
202 FROM ' . USERS_TABLE . "
203 WHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'";
204 $result = $this->db->sql_query($sql);
205 $row = $this->db->sql_fetchrow($result);
206 $this->db->sql_freeresult($result);
207
208 if ($row)
209 {
210 unset($ldap_result);
211
212 // User inactive...
213 if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
214 {
215 return array(
216 'status' => LOGIN_ERROR_ACTIVE,
217 'error_msg' => 'ACTIVE_ERROR',
218 'user_row' => $row,
219 );
220 }
221
222 // Successful login... set user_login_attempts to zero...
223 return array(
224 'status' => LOGIN_SUCCESS,
225 'error_msg' => false,
226 'user_row' => $row,
227 );
228 }
229 else
230 {
231 // retrieve default group id
232 $sql = 'SELECT group_id
233 FROM ' . GROUPS_TABLE . "
234 WHERE group_name = '" . $this->db->sql_escape('REGISTERED') . "'
235 AND group_type = " . GROUP_SPECIAL;
236 $result = $this->db->sql_query($sql);
237 $row = $this->db->sql_fetchrow($result);
238 $this->db->sql_freeresult($result);
239
240 if (!$row)
241 {
242 trigger_error('NO_GROUP');
243 }
244
245 // generate user account data
246 $ldap_user_row = array(
247 'username' => $username,
248 'user_password' => $this->passwords_manager->hash($password),
249 'user_email' => (!empty($this->config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($this->config['ldap_email'])][0]) : '',
250 'group_id' => (int) $row['group_id'],
251 'user_type' => USER_NORMAL,
252 'user_ip' => $this->user->ip,
253 'user_new' => ($this->config['new_member_post_limit']) ? 1 : 0,
254 );
255
256 unset($ldap_result);
257
258 // this is the user's first login so create an empty profile
259 return array(
260 'status' => LOGIN_SUCCESS_CREATE_PROFILE,
261 'error_msg' => false,
262 'user_row' => $ldap_user_row,
263 );
264 }
265 }
266 else
267 {
268 unset($ldap_result);
269 @ldap_close($ldap);
270
271 // Give status about wrong password...
272 return array(
273 'status' => LOGIN_ERROR_PASSWORD,
274 'error_msg' => 'LOGIN_ERROR_PASSWORD',
275 'user_row' => array('user_id' => ANONYMOUS),
276 );
277 }
278 }
279
280 @ldap_close($ldap);
281
282 return array(
283 'status' => LOGIN_ERROR_USERNAME,
284 'error_msg' => 'LOGIN_ERROR_USERNAME',
285 'user_row' => array('user_id' => ANONYMOUS),
286 );
287 }
288
289 /**
290 * {@inheritdoc}
291 */
292 public function acp()
293 {
294 // These are fields required in the config table
295 return array(
296 'ldap_server', 'ldap_port', 'ldap_base_dn', 'ldap_uid', 'ldap_user_filter', 'ldap_email', 'ldap_user', 'ldap_password',
297 );
298 }
299
300 /**
301 * {@inheritdoc}
302 */
303 public function get_acp_template($new_config)
304 {
305 return array(
306 'TEMPLATE_FILE' => 'auth_provider_ldap.html',
307 'TEMPLATE_VARS' => array(
308 'AUTH_LDAP_BASE_DN' => $new_config['ldap_base_dn'],
309 'AUTH_LDAP_EMAIL' => $new_config['ldap_email'],
310 'AUTH_LDAP_PASSORD' => $new_config['ldap_password'] !== '' ? '********' : '',
311 'AUTH_LDAP_PORT' => $new_config['ldap_port'],
312 'AUTH_LDAP_SERVER' => $new_config['ldap_server'],
313 'AUTH_LDAP_UID' => $new_config['ldap_uid'],
314 'AUTH_LDAP_USER' => $new_config['ldap_user'],
315 'AUTH_LDAP_USER_FILTER' => $new_config['ldap_user_filter'],
316 ),
317 );
318 }
319
320 /**
321 * Generates a filter string for ldap_search to find a user
322 *
323 * @param $username string Username identifying the searched user
324 *
325 * @return string A filter string for ldap_search
326 */
327 private function ldap_user_filter($username)
328 {
329 $filter = '(' . $this->config['ldap_uid'] . '=' . $this->ldap_escape(htmlspecialchars_decode($username)) . ')';
330 if ($this->config['ldap_user_filter'])
331 {
332 $_filter = ($this->config['ldap_user_filter'][0] == '(' && substr($this->config['ldap_user_filter'], -1) == ')') ? $this->config['ldap_user_filter'] : "({$this->config['ldap_user_filter']})";
333 $filter = "(&{$filter}{$_filter})";
334 }
335 return $filter;
336 }
337
338 /**
339 * Escapes an LDAP AttributeValue
340 *
341 * @param string $string The string to be escaped
342 * @return string The escaped string
343 */
344 private function ldap_escape($string)
345 {
346 return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string);
347 }
348 }
349