Hacking xoops to use LDAP [Q and A] - XOOPS Web Application System

Hacking xoops to use LDAP

2004/9/27 16:13
sunadmn
Just popping in
Posts: 16
Since: 2004/9/22

Ok so I have posted here several times asking for some help with the already availible LDAP hack for XOOPS with not much luck so I figured I would come back with another try at this. After many hours of work I have finally figured out how the patches worked and I have been able to get for the most part the LDAP auth to work, well it actually connects and attempts the auth now but for some reason I keep getting the Login Incorrect page so I am trying to get someone to take a look at the code to see if there is something I am just missing below you will find the ldap.php file and the changes made in the User.php file. If anyone has any idea of what I should change please please point it out to me.

Thanks
-SUNADMN

ldap.php :

<?php
/**
* LDAP authentication class.
* This class handles user's authentication through standard LDAP directory
*
* @author Benoit Mercier <benoit.mercier@users.sourceforge.net>
*/

require_once XOOPS_ROOT_PATH.'/kernel/user.php';

class AuthenticationService{

//LDAP directory parameters
var $uid_attr = "uid";
var $mail_attr = "mail";
var $name_attr = "cn";
var $surname_attr = "sn";
var $krb_attr = "krbName";
var $department_attr = "departmentNumber";
// var $office_attr = "physicaldeliveryofficename";
var $employee_attr = "employeeType";
var $ldap_server = "myLDAP.server.net";
// var $ldap_port = 389;
var $base_dn = "ou=People,dc=bla-dc,dc=net";

/**
* Holds reference to user handler(DAO) class
*/
var $_uHandler;

/**
* Authentication Service constructor
*/
function AuthenticationService (&$db){
$this->_uHandler = new XoopsUserHandler($db);
}

/**
* log in the user in the XOOPS standard way
*
* @param string $uname username as entered in the login form
* @param string $pwd password entered in the login form
* @return object XoopsUser reference to the logged in user. FALSE if failed to log in
*/
function &loginUser($uname, $pwd = null) {
$criteria = new CriteriaCompo(new Criteria('uname', $uname));
$criteria->add(new Criteria('pass', md5($pwd)));
$user =& $this->_uHandler->getObjects($criteria, false);
if (!$user || count($user) != 1) {
return false;
}
return $user[0];
}

/**
* log in a user with a md5 encrypted password
*
* @param string $uname username
* @param string $md5pwd password encrypted with md5
* @return object XoopsUser reference to the logged in user. FALSE if failed to log in
*/
function &loginUserMd5($uname, $pwd = null) {
$criteria = new CriteriaCompo(new Criteria('uname', $uname));
$criteria->add(new Criteria('pass', $md5pwd));
$user =& $this->_uHandler->getObjects($criteria, false);
if (!$user || count($user) != 1) {
return false;
}
return $user[0];
}

/**
* Logout the current user
*/
function logoutUser() {
global $xoopsConfig;

$message = '';
$_SESSION = array();
session_destroy();
if ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') {
setcookie($xoopsConfig['session_name'], '', time()- 3600, '/', '', 0);
}
// clear autologin cookies
//setcookie('autologin_uname', '', time() - 3600, '/', '', 0);
//setcookie('autologin_pass', '', time() - 3600, '/', '', 0);
// clear entry from online users table
if (is_object($xoopsUser)) {
$online_handler =& xoops_gethandler('online');
$online_handler->destroy($xoopsUser->getVar('uid'));
}
$message = _US_LOGGEDOUT.'<br />'._US_THANKYOUFORVISIT;
redirect_header('index.php', 1, $message);
exit();
}

/**
* Display the XOOPS standard login page
*/
function loginPage() {
global $xoopsConfig,$xoopsLogger;

$xoopsOption['template_main'] = 'system_userform.html';
include 'header.php';
$xoopsTpl->assign('lang_login', _LOGIN);
$xoopsTpl->assign('lang_username', _USERNAME);
if (isset($_COOKIE[$xoopsConfig['usercookie']])) {
$xoopsTpl->assign('usercookie', $_COOKIE[$xoopsConfig['usercookie']]);
}
if (isset($_GET['xoops_redirect'])) {
$xoopsTpl->assign('redirect_page', htmlspecialchars(trim($_GET['xoops_redirect']), ENT_QUOTES));
}
$xoopsTpl->assign('lang_password', _PASSWORD);
$xoopsTpl->assign('lang_notregister', _US_NOTREGISTERED);
$xoopsTpl->assign('lang_lostpassword', _US_LOSTPASSWORD);
$xoopsTpl->assign('lang_noproblem', _US_NOPROBLEM);
$xoopsTpl->assign('lang_youremail', _US_YOUREMAIL);
$xoopsTpl->assign('lang_sendpassword', _US_SENDPASSWORD);
include 'footer.php';
}

/**
* Log the user (through the loginUser function), create the appropriate Session variables and do other
* things that must be done everytime a user connects to Xoops
*/
function checklogin() {

global $xoopsConfig;

if (!defined('XOOPS_ROOT_PATH')) {
exit();
}

include_once XOOPS_ROOT_PATH.'/language/'.$xoopsConfig['language'].'/user.php';

$uname = !isset($_POST['uname']) ? '' : trim($_POST['uname']);
$pass = !isset($_POST['pass']) ? '' : trim($_POST['pass']);
if ($uname == '' || $pass == '') {
redirect_header(XOOPS_URL.'/user.php', 1, _US_INCORRECTLOGIN);
exit();
}

$myts =& MyTextsanitizer::getInstance();
$this->addLDAPUser(addslashes($myts->stripSlashesGPC($uname)), addslashes($myts->stripSlashesGPC($pass)));
$user =& $this->loginUser(addslashes($myts->stripSlashesGPC($uname)), addslashes($myts->stripSlashesGPC($pass)));

if (false != $user) {
if (0 == $user->getVar('level')) {
redirect_header(XOOPS_URL.'/index.php', 5, _US_NOACTTPADM);
exit();
}
if ($xoopsConfig['closesite'] == 1) {
$allowed = false;
foreach ($user->getGroups() as $group) {
if (in_array($group, $xoopsConfig['closesite_okgrp']) || XOOPS_GROUP_ADMIN == $group) {
$allowed = true;
break;
}
}
if (!$allowed) {
redirect_header(XOOPS_URL.'/index.php', 1, _NOPERM);
exit();
}
}
$user->setVar('last_login', time());
if (!$this->_uHandler->insert($user)) {
}
$_SESSION = array();
$_SESSION['xoopsUserId'] = $user->getVar('uid');
$_SESSION['xoopsUserGroups'] = $user->getGroups();
if ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') {
setcookie($xoopsConfig['session_name'], session_id(), time()+(60 * $xoopsConfig['session_expire']), '/', '', 0);
}
$user_theme = $user->getVar('theme');
if (in_array($user_theme, $xoopsConfig['theme_set_allowed'])) {
$_SESSION['xoopsUserTheme'] = $user_theme;
}
if (!empty($_POST['xoops_redirect']) && !strpos($_POST['xoops_redirect'], 'register')) {
$parsed = parse_url(XOOPS_URL);
$url = isset($parsed['scheme']) ? $parsed['scheme'].'://' : 'http://';
if (isset($parsed['host'])) {
$url .= isset($parsed['port']) ?$parsed['host'].':'.$parsed['port'].trim($_POST['xoops_redirect']): $parsed['host'].trim($_POST['xoops_redirect']);
} elseif(substr(trim(XOOPS_URL),0,1)=="/") {//mercibe semi-relative URL
$url = trim($_POST['xoops_redirect']);
}
else {
$url = xoops_getenv('HTTP_HOST').trim($_POST['xoops_redirect']);
}
} else {
$url = XOOPS_URL.'/index.php';
}

// set cookie for autologin
//if (!empty($_POST['rememberme'])) {
// $expire = time() + $xoopsConfig['session_expire'] * 60;
// setcookie('autologin_uname', $uname, $expire, '/', '', 0);
// setcookie('autologin_pass', md5($pass), $expire, '/', '', 0);
//}

// RMV-NOTIFY
// Perform some maintenance of notification records
$notification_handler =& xoops_gethandler('notification');
$notification_handler->doLoginMaintenance($user->getVar('uid'));

redirect_header($url, 1, sprintf(_US_LOGGINGU, $user->getVar('uname')));
} else {

redirect_header(XOOPS_URL.'/user.php',1,_US_INCORRECTLOGIN);
}
exit();

}

/**
* Add/update the LDAP authenticated user to XOOPS DB
*
* @param string $uname username as entered in the login form
* @param string $pwd password entered in the login form
* @return object XoopsUser reference to the logged in user. FALSE if failed to log in
*/
function addLDAPUser($uname, $pwd = null) {
$ldap_criteria = new CriteriaCompo(new Criteria('uname', "$uname"));
$ldap_criteria->add(new Criteria('pass', $pwd));
$authenticated = $this->LDAPAuthentication($ldap_criteria);
}

/**
* Authenticate user again LDAP directory (Bind) and add/update the user data in XOOPS MySQL database
*/
function LDAPAuthentication($criteria = null) {
$timezone_offset = 1;

$authenticated = false;

if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {

$ds=ldap_connect($this->ldap_server) or die("Could not connect to LDAP server.");

if($ds) {

// set protocol version 3

if(!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3))
echo("Failed to set LDAP 3");

// start TLS

// if(!ldap_start_tls($ds))
// echo("Start TLS failed");

//Authentication

$pass=$criteria->criteriaElements[1]->value;
$ldapbind = ldap_bind($ds,$this->uid_attr."=".$criteria->criteriaElements[0]->value.",".$this->base_dn,stripslashes($criteria->criteriaElements[1]->value));

if($ldapbind) {

$authenticated = true;

// Get info from LDAP (mail, uid, cn)

// $sr = ldap_search($ds,$this->base_dn,$this->uid_attr."=".$criteria->criteriaElements[0]->value,Array($this->mail_attr,$this->name_attr,$this->sernum_attr,$this->office_attr,$this->location_attr,$this->surname_attr,$this->givenname_attr));

$sr = ldap_search($ds,$base_dn,$this->uid_attr."=".$criteria->criteriaElements[0]->value,Array($this->name_attr,$this->surname_attr,$this->krb_attr,$this->department_attr,$this->employee_attr));

$info = ldap_get_entries($ds, $sr);

if($info["count"] == 1) {

// Search user in the DB

$criteria = new CriteriaCompo(new Criteria('uname', $criteria->criteriaElements[0]->value));

$user =& $this->_uHandler->getObjects($criteria, false);

$member_handler =& xoops_gethandler('member');

// The user does not exist in the XOOPS DB
if (!$user || count($user) != 1) {
$xuser =& $member_handler->createUser();
$xuser->setVar("uname",$criteria->criteriaElements[0]->value);
$xuser->setVar("user_sig",$info[0][$this->givenname_attr][0]." ".ucfirst(strtolower($info[0][$this->surname_attr][0])));
$xuser->setVar("user_avatar","blank.gif");
$xuser->setVar('user_regdate', time());
$xuser->setVar('timezone_offset', $timezone_offset);
$xuser->setVar('actkey',substr(md5(uniqid(mt_rand(), 1)), 0, 8));
}
else {
$xuser = & $user[0];
}

$xuser->setVar("email",$info[0][$this->mail_attr][0]);
$xuser->setVar("name",$info[0][$this->name_attr][0]);
$xuser->setVar("user_from",$info[0][$this->location_attr][0]." (".$info[0][$this->office_attr][0].")");
$xuser->setVar("bio","[$this->sernum_attr][0]."]Commission Directory");
$xuser->setVar("pass",md5($pass));
$xuser->setVar("level",1);
$xuser->setVar('notify_method', 2);

// Store info in DB (update or insert)
$ret = $this->_uHandler->insert($xuser);

//Add the user to Registered Users group
$member_handler->addUserToGroup(XOOPS_GROUP_USERS, $xuser->getVar('uid'));
}
}
else {
if(strcmp($criteria->criteriaElements[0]->value,'mercibe')==0) echo "LDAP authentication KO <br />";
}

ldap_close($ds);
}
else {
//echo "cannot connect to ldap server";
}
}

return $authenticated;
}

}
?>

user.php :

<?php
// $Id: user.php,v 1.13 2004/02/06 19:27:06 Onokazu Exp $
// ------------------------------------------------------------------------ //
// XOOPS - PHP Content Management System //
// Copyright (c) 2000 XOOPS.org //
// <https://xoops.org/> //
// ------------------------------------------------------------------------ //
// This program is free software; you can redistribute it and/or modify //
// it under the terms of the GNU General Public License as published by //
// the Free Software Foundation; either version 2 of the License, or //
// (at your option) any later version. //
// //
// You may not change or alter any portion of this comment or credits //
// of supporting developers from this source code or any supporting //
// source code which is considered copyrighted (c) material of the //
// original comment or credit authors. //
// //
// This program is distributed in the hope that it will be useful, //
// but WITHOUT ANY WARRANTY; without even the implied warranty of //
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
// GNU General Public License for more details. //
// //
// You should have received a copy of the GNU General Public License //
// along with this program; if not, write to the Free Software //
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA //
// ------------------------------------------------------------------------ //

$xoopsOption['pagetype'] = 'user';
include 'mainfile.php';

$op = 'main';

if ( isset($HTTP_POST_VARS['op']) ) {
$op = trim($HTTP_POST_VARS['op']);
} elseif ( isset($HTTP_GET_VARS['op']) ) {
$op = trim($HTTP_GET_VARS['op']);
}

if ($op == 'main') {
if ( !$xoopsUser ) {
$authentication_service =& xoops_gethandler('authenticationservice');
$authentication_service->loginPage();
} elseif ( $xoopsUser ) {
header('Location: '.XOOPS_URL.'/userinfo.php?uid='.$xoopsUser->getVar('uid'));
}
exit();
}

// OLD code
//if ($op == 'main') {
// if ( !$xoopsUser ) {
// $xoopsOption['template_main'] = 'system_userform.html';
// include 'header.php';
// $xoopsTpl->assign('lang_login', _LOGIN);
// $xoopsTpl->assign('lang_username', _USERNAME);
// if (isset($HTTP_COOKIE_VARS[$xoopsConfig['usercookie']])) {
// $xoopsTpl->assign('usercookie', $HTTP_COOKIE_VARS[$xoopsConfig['usercookie']]);
// }
// if (isset($HTTP_GET_VARS['xoops_redirect'])) {
// $xoopsTpl->assign('redirect_page', htmlspecialchars(trim($HTTP_GET_VARS['xoops_redirect']), ENT_QUOTES));
// }
// $xoopsTpl->assign('lang_password', _PASSWORD);
// $xoopsTpl->assign('lang_notregister', _US_NOTREGISTERED);
// $xoopsTpl->assign('lang_lostpassword', _US_LOSTPASSWORD);
// $xoopsTpl->assign('lang_noproblem', _US_NOPROBLEM);
// $xoopsTpl->assign('lang_youremail', _US_YOUREMAIL);
// $xoopsTpl->assign('lang_sendpassword', _US_SENDPASSWORD);
// include 'footer.php';
// } elseif ( $xoopsUser ) {
// header('Location: '.XOOPS_URL.'/userinfo.php?uid='.$xoopsUser->getVar('uid'));
// }
// exit();
//}

if ($op == 'login') {
$authentication_service =& xoops_gethandler('authenticationservice');
$authentication_service->checkLogin();
exit();
}

// OLD Code
//if ($op == 'login') {
// include_once XOOPS_ROOT_PATH.'/include/checklogin.php';
// exit();
//}

if ($op == 'logout') {
$authentication_service =& xoops_gethandler('authenticationservice');
$authentication_service->logoutUser();
}

// OLD Code
//if ($op == 'logout') {
// $message = '';
// $HTTP_SESSION_VARS = array();
// session_destroy();
// if ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') {
// setcookie($xoopsConfig['session_name'], '', time()- 3600, '/', '', 0);
// }
// // clear autologin cookies
// //setcookie('autologin_uname', '', time() - 3600, '/', '', 0);
// //setcookie('autologin_pass', '', time() - 3600, '/', '', 0);
// // clear entry from online users table
// if (is_object($xoopsUser)) {
// $online_handler =& xoops_gethandler('online');
// $online_handler->destroy($xoopsUser->getVar('uid'));
// }
// $message = _US_LOGGEDOUT.'<br />'._US_THANKYOUFORVISIT;
// redirect_header('index.php', 1, $message);
// exit();
//}

if ($op == 'actv') {
$id = intval($HTTP_GET_VARS['id']);
$actkey = trim($HTTP_GET_VARS['actkey']);
if (empty($id)) {
redirect_header('index.php',1,'');
exit();
}
$member_handler =& xoops_gethandler('member');
$thisuser =& $member_handler->getUser($id);
if (!is_object($thisuser)) {
exit();
}
if ($thisuser->getVar('actkey') != $actkey) {
redirect_header('index.php',5,_US_ACTKEYNOT);
} else {
if ($thisuser->getVar('level') > 0 ) {
redirect_header('user.php',5,_US_ACONTACT);
} else {
if (false != $member_handler->activateUser($thisuser)) {
$config_handler =& xoops_gethandler('config');
$xoopsConfigUser =& $config_handler->getConfigsByCat(XOOPS_CONF_USER);
if ($xoopsConfigUser['activation_type'] == 2) {
$myts =& MyTextSanitizer::getInstance();
$xoopsMailer =& getMailer();
$xoopsMailer->useMail();
$xoopsMailer->setTemplate('activated.tpl');
$xoopsMailer->assign('SITENAME', $xoopsConfig['sitename']);
$xoopsMailer->assign('ADMINMAIL', $xoopsConfig['adminmail']);
$xoopsMailer->assign('SITEURL', XOOPS_URL."/");
$xoopsMailer->setToUsers($thisuser);
$xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
$xoopsMailer->setFromName($xoopsConfig['sitename']);
$xoopsMailer->setSubject(sprintf(_US_YOURACCOUNT,$xoopsConfig['sitename']));
include 'header.php';
if ( !$xoopsMailer->send() ) {
printf(_US_ACTVMAILNG, $thisuser->getVar('uname'));
} else {
printf(_US_ACTVMAILOK, $thisuser->getVar('uname'));
}
include 'footer.php';
} else {
redirect_header('user.php',5,_US_ACTLOGIN);
}
} else {
redirect_header('index.php',5,'Activation failed!');
}
}
}
exit();
}

if ($op == 'delete') {
$config_handler =& xoops_gethandler('config');
$xoopsConfigUser =& $config_handler->getConfigsByCat(XOOPS_CONF_USER);
if (!$xoopsUser || $xoopsConfigUser['self_delete'] != 1) {
redirect_header('index.php',5,_US_NOPERMISS);
exit();
} else {
$groups = $xoopsUser->getGroups();
if (in_array(XOOPS_GROUP_ADMIN, $groups)){
// users in the webmasters group may not be deleted
redirect_header('user.php', 5, _US_ADMINNO);
exit();
}
$ok = !isset($HTTP_POST_VARS['ok']) ? 0 : intval($HTTP_POST_VARS['ok']);
if ($ok != 1) {
include 'header.php';
xoops_confirm(array('op' => 'delete', 'ok' => 1), 'user.php', _US_SURETODEL.'<br/>'._US_REMOVEINFO);
include 'footer.php';
} else {
$del_uid = $xoopsUser->getVar("uid");
$member_handler =& xoops_gethandler('member');
if (false != $member_handler->deleteUser($xoopsUser)) {
$online_handler =& xoops_gethandler('online');
$online_handler->destroy($del_uid);
xoops_notification_deletebyuser($del_uid);
redirect_header('index.php', 5, _US_BEENDELED);
}
redirect_header('index.php',5,_US_NOPERMISS);
}
exit();
}
}
?>

Stats
Goal:	$100.00
Due Date:	May 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Hacking xoops to use LDAP

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}