helpmeict-cvs

[Scott P. <wht...@us...>]

Update of /cvsroot/helpmeict/Helpdesk/system
In directory sc8-pr-cvs17:/tmp/cvs-serv7391/system

Modified Files:
	authentication.php functions.php mail.php 
Log Message:
Added backend for LDAP Authentication


Index: functions.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/system/functions.php,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** functions.php	7 Feb 2007 01:20:17 -0000	1.2
--- functions.php	16 Sep 2007 22:00:38 -0000	1.3
***************
*** 1,61 ****
! <?php
! 
!   /*
! 
!       functions.php
! 
!       Generally useful functions can be found in this script.
!     
!       Changelog:
!         2006-01-14 dave: Cleaned up code for v1.0 release
!   
!       ## PAGE CONTAINS HANDYANDY MYSQL MODS ##
!       ## Copyright (C) 2005 Andy Deakin (handyandy.org.uk) ##
! 
!       ----
! 
!       Copyright (C) 2004  Central Manchester CLC
!       Copyright (C) 2004  Mark Harrison
! 
!       This program is free software; you can redistribute it and/or
!       modify it under the terms of the GNU General Public License
!       as published by the Free Software Foundation version 2.
! 
!       This program is distributed in the hope that it will be useful,
!       but WITHOUT ANY WARRANTY; without even the implied warranty of
!       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
!       GNU General Public License for more details.
! 
!       You should have received a copy of the GNU General Public License
!       along with this program; if not, write to the Free Software
!       Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
! 
!   */
! 
!   // Security...
!   if (strpos($_SERVER["SCRIPT_NAME"],basename(__FILE__, '.php')) !== false) {
!     header("location: index.php");
!   }
! 
!   require_once "db.php";
! 
!   function get_closed_status($domain) {
!     // Find the highest status (the terminal status) and treat it as closed
!     $sql = "SELECT * FROM tbl_Statuses WHERE (domain=$domain AND
!       active=1) OR domain=0 ORDER BY domain DESC,sortorder DESC";
!     $statusesRS = db_recordset($sql);
! 
!     if (count($statusesRS) <= 2) {
!       // 0 rows shouldn't happen
!       // 1 row  == Ungraded (from domain 0)
!       // 2 rows == Ungraded + 1 status for the domain (treat as open)
!       // 3+ rows == more than 1 status for the domain (treat bottom one as
!       // closed.
!       $closedstatus = '-1';
!     } else {
!       $closedstatus = $statusesRS[0]['id'];
!     }
!     return $closedstatus;
!   }
! 
! ?>
--- 1,90 ----
! <?php
! 
!   /*
! 
!       functions.php
! 
!       Generally useful functions can be found in this script.
!     
!       Changelog:
!         2006-01-14 dave: Cleaned up code for v1.0 release
!   
!       ## PAGE CONTAINS HANDYANDY MYSQL MODS ##
!       ## Copyright (C) 2005 Andy Deakin (handyandy.org.uk) ##
! 
!       ----
! 
!       Copyright (C) 2004  Central Manchester CLC
!       Copyright (C) 2004  Mark Harrison
! 
!       This program is free software; you can redistribute it and/or
!       modify it under the terms of the GNU General Public License
!       as published by the Free Software Foundation version 2.
! 
!       This program is distributed in the hope that it will be useful,
!       but WITHOUT ANY WARRANTY; without even the implied warranty of
!       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
!       GNU General Public License for more details.
! 
!       You should have received a copy of the GNU General Public License
!       along with this program; if not, write to the Free Software
!       Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
! 
!   */
! 
!   // Security...
!   if (strpos($_SERVER["SCRIPT_NAME"],basename(__FILE__, '.php')) !== false) {
!     header("location: index.php");
!   }
! 
!   require_once "db.php";
! 
!   function get_closed_status($domain) {
!     // Find the highest status (the terminal status) and treat it as closed
!     $sql = "SELECT * FROM tbl_Statuses WHERE (domain=$domain AND
!       active=1) OR domain=0 ORDER BY domain DESC,sortorder DESC";
!     $statusesRS = db_recordset($sql);
! 
!     if (count($statusesRS) <= 2) {
!       // 0 rows shouldn't happen
!       // 1 row  == Ungraded (from domain 0)
!       // 2 rows == Ungraded + 1 status for the domain (treat as open)
!       // 3+ rows == more than 1 status for the domain (treat bottom one as
!       // closed.
!       $closedstatus = '-1';
!     } else {
!       $closedstatus = $statusesRS[0]['id'];
!     }
!     return $closedstatus;
!   }
! 
!   function search_ldap($filter) {
!     $sql = "SELECT * FROM tbl_default_Preferences";
!     $default_prefs = Array();
!     $result = db_recordset($sql);
!     foreach ($result as $pref) {
!       $default_prefs[$pref['identifier']] = $pref['value'];
!     }
!     $ds = ldap_connect($default_prefs['ldap-host'])or die("Could not connect to LDAP server.");
!     if($default_prefs['ldap-v2'] == 'true') {
!       ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 2) or die("Could not set LDAP Protocol Version.");
!     }
!     else {
!       ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3) or die("Could not set LDAP Protocol Version.");
!     }
!     $ldapbind = ldap_bind($ds) or die ("Could not anonymously bind to LDAP");
!     if (isset($filter)) {
!       $sr = ldap_search($ds, $default_prefs['ldap-basedn'],$filter);
!       $info = ldap_get_entries($ds, $sr);
!       ldap_close($ds);
!       return $info;
!     }
!     else {
!       $sr = ldap_search($ds, $default_prefs['ldap-basedn']);
!       $info = ldap_get_entries($ds, $sr);
!       ldap_close($ds);
!       return $info;
!     }
!   }
! 
! ?>

Index: mail.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/system/mail.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** mail.php	11 Mar 2007 16:57:52 -0000	1.3
--- mail.php	16 Sep 2007 22:00:38 -0000	1.4
***************
*** 28,31 ****
--- 28,33 ----
    require_once 'system/db.php';
    require_once 'system/lang.php';
+  
+   global $mailtemplate;
  
    $mailtemplate['verify']   = "mail_verifyemail.tpl";
***************
*** 34,37 ****
--- 36,40 ----
    $mailtemplate['newissue'] = "mail_newissue.tpl";
    $mailtemplate['resolve']  = "mail_resolveissue.tpl";
+   $mailtemplate['newldap']  = "mail_newldapuser.tpl";
  
    function send_mail($which, $language, $recipient, $id, $user, $message)
***************
*** 49,53 ****
        if ($fp = fopen($template,"r")) {
          $repl = false;
!         $https = 'http'.($_SERVER['HTTPS'] ? 's' : '');
          $dirname = dirname($_SERVER['PHP_SELF']);
          if (substr($dirname,-1) != '/') $dirname .= '/';
--- 52,56 ----
        if ($fp = fopen($template,"r")) {
          $repl = false;
!         $https = 'http'.(isset($_SERVER['HTTPS']) ? 's' : '');
          $dirname = dirname($_SERVER['PHP_SELF']);
          if (substr($dirname,-1) != '/') $dirname .= '/';
***************
*** 69,73 ****
             $repl = true;
          }
!   
          $header_search = true;
    
--- 72,83 ----
             $repl = true;
          }
! 
!         if ($which == "newldap") {
!           $link = "$https://{$_SERVER['SERVER_NAME']}{$dirname}sitesandusers.php";
!         }
!         else {
!           $link = "$https://{$_SERVER['SERVER_NAME']}{$dirname}issue.php?id=$id";
!         }
!  
          $header_search = true;
    
***************
*** 367,369 ****
    }
  
! ?>
\ No newline at end of file
--- 377,379 ----
    }
  
! ?>

Index: authentication.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/system/authentication.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** authentication.php	10 Sep 2007 00:32:33 -0000	1.6
--- authentication.php	16 Sep 2007 22:00:38 -0000	1.7
***************
*** 44,65 ****
    }
  
    function auth($user, $password) {
      // Try to find the submitted username and password combination in the
      // tbl_Users database table.
      $passwordhash = md5($password);
      $sql = "SELECT id,username,name,email,root,restricted FROM tbl_Users
        WHERE active=1 AND username='" . strtolower($user) . "' AND pass='" .
        md5($password) . "'";
!     $result = db_recordset($sql);
!   
!     if (count($result) == 0) {
!       //Attempt unsucessful
!       makelog(0,0,"ATTEMPTED LOGIN - FAILURE","User: $user, with password: ($passwordhash");
!       return 0;
!     } elseif (count($result) != 1) {
!       // If the user / password cannot be reconciled, then return 0
!       return 0;
!     } else {
!       return array(
          $result[0]['username'],
          $result[0]['name'],
--- 44,98 ----
    }
  
+   function ldap_authenticate($ldapuser, $ldappassword) {
+     $sql = "SELECT * FROM tbl_default_Preferences";
+     $result = db_recordset($sql);
+     $default_prefs = Array();
+     foreach ($result as $pref) {
+       $default_prefs[$pref['identifier']] = $pref['value'];
+     }
+     if ($default_prefs['ldap-ause'] == 'true' && strtolower($ldapuser) != 'root') {
+       $ds = ldap_connect($default_prefs['ldap-host'])or die("Could not connect to LDAP server.");
+       if($default_prefs['ldap-v2'] == 'true') {
+         ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 2) or die("Could not set LDAP Protocol Version.");
+       }
+       else {
+         ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3) or die("Could not set LDAP Protocol Version.");
+       }
+       $ldapbind = ldap_bind($ds) or die ("Could not anonymously bind to LDAP");
+       $r = ldap_search($ds, $default_prefs['ldap-basedn'], 'uid=' . strtolower($ldapuser)) or die("Could not search LDAP Server for name.");
+       if ($r) {
+         $result = @ldap_get_entries( $ds, $r);
+         if ($result[0]) {
+             if (@ldap_bind( $ds, $result[0]['dn'], $ldappassword)) {
+               ldap_close($ds);
+               return $result[0];
+             }
+         }
+       }
+       ldap_close($ds);
+       return NULL;
+     }
+     return NULL; 
+   }
+ 
+ 
    function auth($user, $password) {
      // Try to find the submitted username and password combination in the
      // tbl_Users database table.
      $passwordhash = md5($password);
+     $ldapck ="SELECT id,username,name,email,root,restricted,ldap FROM tbl_Users
+       WHERE active=1 AND username='" . strtolower($user) . "'
+       AND ldap=1";
      $sql = "SELECT id,username,name,email,root,restricted FROM tbl_Users
        WHERE active=1 AND username='" . strtolower($user) . "' AND pass='" .
        md5($password) . "'";
!     $result = db_recordset($ldapck);
!     if (count($result) == 1) {
!       if(ldap_authenticate($user, $password) == NULL) {
!         makelog(0,0,"ATTEMPTED LOGIN - FAILUREldap","User: $user, with password: $passwordhash");
!         return 0;
!       }
!       else {
!         return array(
          $result[0]['username'],
          $result[0]['name'],
***************
*** 67,74 ****
          $result[0]['id'],
          $result[0]['root'],
!         $result[0]['restricted']
!       );
      }
    }
- 
  ?>
--- 100,129 ----
          $result[0]['id'],
          $result[0]['root'],
!         $result[0]['restricted'],
!         $result[0]['ldap']
!         );
!       }
!     }
!     else {
!       $result = db_recordset($sql);
!   
!       if (count($result) == 0) {
!         //Attempt unsucessful
!         makelog(0,0,"ATTEMPTED LOGIN - FAILURE","User: $user, with password: ($passwordhash");
!         return 0;
!       } elseif (count($result) != 1) {
!         // If the user / password cannot be reconciled, then return 0
!         return 0;
!       } else {
!         return array(
!           $result[0]['username'],
!           $result[0]['name'],
!           $result[0]['email'],
!           $result[0]['id'],
!           $result[0]['root'],
!           $result[0]['restricted']
!         );
!       }
      }
    }
  ?>