Skip to content
Snippets Groups Projects
Verified Commit df5835aa authored by Alex ORLUC's avatar Alex ORLUC
Browse files

FIX #5566 fix no check passwd if ldap

parent ce45368c
No related branches found
No related tags found
No related merge requests found
Expand all Hide whitespace changes
Inline Side-by-side
apps/maarch_entreprise/log.php
+ 95
100
View file @ df5835aa
...@@ -2,22 +2,23 @@ ...@@ -2,22 +2,23 @@
/** /**
* File : log.php * File : log.php.
* *
* User identification * User identification
* *
* @package Maarch PeopleBox 1.0 * @version 2.1
* @version 2.1 *
* @since 10/2005 * @since 10/2005
* @license GPL *
* @author Claire Figueras <dev@maarch.org> * @license GPL
* @author Laurent Giovannoni <dev@maarch.org> * @author Claire Figueras <dev@maarch.org>
*/ * @author Laurent Giovannoni <dev@maarch.org>
if(empty($_COOKIE)){ */
if (empty($_COOKIE)) {
$_SESSION['error'] = 'Le cache utilisateur à été réinitialisé veuillez re-saisir vos identifiants'; $_SESSION['error'] = 'Le cache utilisateur à été réinitialisé veuillez re-saisir vos identifiants';
header( header(
'location: ' . $_SESSION['config']['businessappurl'] 'location: '.$_SESSION['config']['businessappurl']
. 'index.php?display=true&page=login' .'index.php?display=true&page=login'
); );
exit; exit;
} }
...@@ -25,21 +26,21 @@ if(empty($_COOKIE)){ ...@@ -25,21 +26,21 @@ if(empty($_COOKIE)){
if (file_exists('../../core/init.php')) { if (file_exists('../../core/init.php')) {
include_once '../../core/init.php'; include_once '../../core/init.php';
} }
require_once('core' . DIRECTORY_SEPARATOR . 'class' . DIRECTORY_SEPARATOR . 'class_functions.php'); require_once 'core'.DIRECTORY_SEPARATOR.'class'.DIRECTORY_SEPARATOR.'class_functions.php';
require_once('core' . DIRECTORY_SEPARATOR . 'class' . DIRECTORY_SEPARATOR . 'class_db.php'); require_once 'core'.DIRECTORY_SEPARATOR.'class'.DIRECTORY_SEPARATOR.'class_db.php';
require_once('core' . DIRECTORY_SEPARATOR . 'class' . DIRECTORY_SEPARATOR . 'class_core_tools.php'); require_once 'core'.DIRECTORY_SEPARATOR.'class'.DIRECTORY_SEPARATOR.'class_core_tools.php';
$core = new core_tools(); $core = new core_tools();
$core->load_lang(); $core->load_lang();
$func = new functions(); $func = new functions();
$_SESSION['error'] = ''; $_SESSION['error'] = '';
if(isset($_SESSION['web_cas_url'])){ if (isset($_SESSION['web_cas_url'])) {
include_once('apps/maarch_entreprise/tools/phpCAS/CAS.php'); include_once 'apps/maarch_entreprise/tools/phpCAS/CAS.php';
phpCAS::client(constant($_SESSION['cas_version']), $_SESSION['cas_serveur'], (int)$_SESSION['cas_port'], $_SESSION['cas_context'], true); phpCAS::client(constant($_SESSION['cas_version']), $_SESSION['cas_serveur'], (int) $_SESSION['cas_port'], $_SESSION['cas_context'], true);
if(!empty($_SESSION['cas_certificate'])){ if (!empty($_SESSION['cas_certificate'])) {
phpCAS::setCasServerCACert($_SESSION['cas_certificate']); phpCAS::setCasServerCACert($_SESSION['cas_certificate']);
} else { } else {
phpCAS::setNoCasServerValidation(); phpCAS::setNoCasServerValidation();
...@@ -48,7 +49,7 @@ if(isset($_SESSION['web_cas_url'])){ ...@@ -48,7 +49,7 @@ if(isset($_SESSION['web_cas_url'])){
phpCAS::forceAuthentication(); phpCAS::forceAuthentication();
$Id = phpCAS::getUser(); $Id = phpCAS::getUser();
if(!empty($_SESSION['cas_id_separator'])){ if (!empty($_SESSION['cas_id_separator'])) {
$tmpId = explode($_SESSION['cas_id_separator'], $Id); $tmpId = explode($_SESSION['cas_id_separator'], $Id);
$login = $tmpId[0]; $login = $tmpId[0];
} else { } else {
...@@ -56,13 +57,13 @@ if(isset($_SESSION['web_cas_url'])){ ...@@ -56,13 +57,13 @@ if(isset($_SESSION['web_cas_url'])){
} }
$_REQUEST['pass'] = 'maarch'; $_REQUEST['pass'] = 'maarch';
} else if (!empty($_SESSION['ozwillo']['userId'])) { } elseif (!empty($_SESSION['ozwillo']['userId'])) {
$login = $_SESSION['ozwillo']['userId']; $login = $_SESSION['ozwillo']['userId'];
$_REQUEST['pass'] = 'maarch'; $_REQUEST['pass'] = 'maarch';
} else if (!empty($_SESSION['sso']['userId'])) { } elseif (!empty($_SESSION['sso']['userId'])) {
$login = $_SESSION['sso']['userId']; $login = $_SESSION['sso']['userId'];
$_REQUEST['pass'] = 'maarch'; $_REQUEST['pass'] = 'maarch';
} else if (isset($_REQUEST['login'])) { } elseif (isset($_REQUEST['login'])) {
$login = $func->wash($_REQUEST['login'], 'no', _THE_ID, 'yes'); $login = $func->wash($_REQUEST['login'], 'no', _THE_ID, 'yes');
} else { } else {
$login = ''; $login = '';
...@@ -79,8 +80,8 @@ if (isset($_REQUEST['ra_code'])) { ...@@ -79,8 +80,8 @@ if (isset($_REQUEST['ra_code'])) {
} }
require_once 'core/class/class_security.php'; require_once 'core/class/class_security.php';
require_once 'core/class/class_request.php'; require_once 'core/class/class_request.php';
require_once 'apps/' . $_SESSION['config']['app_id'] require_once 'apps/'.$_SESSION['config']['app_id']
. '/class/class_business_app_tools.php'; .'/class/class_business_app_tools.php';
$sec = new security(); $sec = new security();
$businessAppTools = new business_app_tools(); $businessAppTools = new business_app_tools();
...@@ -103,36 +104,35 @@ if (count($_SESSION['config']) <= 0) { ...@@ -103,36 +104,35 @@ if (count($_SESSION['config']) <= 0) {
$core->load_menu($_SESSION['modules']); $core->load_menu($_SESSION['modules']);
} }
if (! empty($_SESSION['error'])) { if (!empty($_SESSION['error'])) {
header( header(
'location: ' . $_SESSION['config']['businessappurl'] 'location: '.$_SESSION['config']['businessappurl']
. 'index.php?display=true&page=login' .'index.php?display=true&page=login'
); );
exit(); exit();
} else { } else {
if ($_SESSION['config']['ldap'] == 'true' && $login <> 'superadmin') { if ($_SESSION['config']['ldap'] == 'true' && $login != 'superadmin') {
//Extraction de /root/config dans le fichier de conf //Extraction de /root/config dans le fichier de conf
if (file_exists($_SESSION['config']['corepath'] if (file_exists($_SESSION['config']['corepath']
. '/custom/' . $_SESSION['custom_override_id'] .'/custom/'.$_SESSION['custom_override_id']
. '/modules/ldap/xml/config.xml') .'/modules/ldap/xml/config.xml')
) { ) {
$pathtoConfig = $_SESSION['config']['corepath'] $pathtoConfig = $_SESSION['config']['corepath']
. '/custom/' . $_SESSION['custom_override_id'] .'/custom/'.$_SESSION['custom_override_id']
. '/modules/ldap/xml/config.xml'; .'/modules/ldap/xml/config.xml';
} else { } else {
$pathtoConfig = $_SESSION['config']['corepath'] $pathtoConfig = $_SESSION['config']['corepath']
. 'modules/ldap/xml/config.xml'; .'modules/ldap/xml/config.xml';
} }
$ldapConf = new DomDocument(); $ldapConf = new DomDocument();
try { try {
if (!@$ldapConf->load($pathtoConfig)) if (!@$ldapConf->load($pathtoConfig)) {
{
throw new Exception( throw new Exception(
'Impossible de charger le document : ' 'Impossible de charger le document : '
. $pathtoConfig .$pathtoConfig
); );
} }
} catch(Exception $e) { } catch (Exception $e) {
exit($e->getMessage()); exit($e->getMessage());
} }
...@@ -145,122 +145,120 @@ if (! empty($_SESSION['error'])) { ...@@ -145,122 +145,120 @@ if (! empty($_SESSION['error'])) {
//On inclus la class LDAP qui correspond à l'annuaire //On inclus la class LDAP qui correspond à l'annuaire
if (strtolower($type_ldap) == 'openldap') { if (strtolower($type_ldap) == 'openldap') {
$classLdap = 'class_openLDAP.php'; $classLdap = 'class_openLDAP.php';
}else{ } else {
$classLdap = 'class_adLDAP.php'; $classLdap = 'class_adLDAP.php';
} }
//customized or not //customized or not
if (!@include $_SESSION['config']['corepath'] . '/custom/' . $_SESSION['custom_override_id'] . '/modules/ldap/class/'.$classLdap) if (!@include $_SESSION['config']['corepath'].'/custom/'.$_SESSION['custom_override_id'].'/modules/ldap/class/'.$classLdap) {
{ if (!@include $_SESSION['config']['corepath'].'modules/ldap/class/'.$classLdap) {
if(!@include $_SESSION['config']['corepath'] . 'modules/ldap/class/'.$classLdap){ exit('Impossible de charger class_'.$_SESSION['config']['corepath'].'/modules/ldap/class/'.$classLdap."\n");
exit('Impossible de charger class_' . $_SESSION['config']['corepath'] . '/modules/ldap/class/'.$classLdap."\n");
} }
} }
if ($prefix_login <> '') { if ($prefix_login != '') {
$login_admin = $prefix_login . "\\" . $login_admin; $login_admin = $prefix_login.'\\'.$login_admin;
} }
//Try to create a new ldap instance //Try to create a new ldap instance
if (strtolower($type_ldap) == 'openldap') { if (strtolower($type_ldap) == 'openldap') {
try { try {
$ad = new LDAP($domain, $login_admin, $pass, $ssl, $hostname); $ad = new LDAP($domain, $login_admin, $pass, $ssl, $hostname);
} catch(Exception $conFailure) { } catch (Exception $conFailure) {
echo functions::xssafe($conFailure->getMessage()); echo functions::xssafe($conFailure->getMessage());
exit; exit;
} }
}else{ } else {
try { try {
$ad = new LDAP($domain, $login_admin, $pass, $ssl); $ad = new LDAP($domain, $login_admin, $pass, $ssl);
} catch(Exception $conFailure) { } catch (Exception $conFailure) {
echo functions::xssafe($conFailure->getMessage()); echo functions::xssafe($conFailure->getMessage());
exit; exit;
} }
} }
if ($prefix_login <> '') { if ($prefix_login != '') {
$loginToAd = $prefix_login . "\\" . $login; $loginToAd = $prefix_login.'\\'.$login;
} else { } else {
$loginToAd = $login; $loginToAd = $login;
} }
if ($ad -> authenticate($loginToAd, $password)) { if ($ad->authenticate($loginToAd, $password)) {
//TODO: protect sql injection with PDO //TODO: protect sql injection with PDO
require_once 'core/class/class_db_pdo.php'; require_once 'core/class/class_db_pdo.php';
// Instantiate database. // Instantiate database.
$database = new Database(); $database = new Database();
$stmt = $database->query( $stmt = $database->query(
"SELECT * FROM users WHERE user_id ILIKE ?", 'SELECT * FROM users WHERE user_id ILIKE ?',
array($login) array($login)
); //permet de rechercher les utilisateurs dans le LDAP sans prendre en compte la casse ); //permet de rechercher les utilisateurs dans le LDAP sans prendre en compte la casse
$result = $stmt->fetch(); $result = $stmt->fetch();
if ($result) { if ($result) {
$_SESSION['error'] = ''; $_SESSION['error'] = '';
$res = $sec->login($login, $password, 'ldap'); $res = $sec->login($login, $password, 'ldap');
$_SESSION['user'] = $res['user']; $_SESSION['user'] = $res['user'];
if (empty($_SESSION['error'])) { if ($res['error'] == '') {
\SrcCore\models\SecurityModel::setCookieAuth(['userId' => $login]);
} else {
$_SESSION['error'] = $res['error']; $_SESSION['error'] = $res['error'];
} }
$core->load_menu($_SESSION['modules']); $core->load_menu($_SESSION['modules']);
header( header(
'location: ' . $_SESSION['config']['businessappurl'] 'location: '.$_SESSION['config']['businessappurl']
. $res['url'] .$res['url']
); );
exit(); exit();
} else { } else {
$_SESSION['error'] = _BAD_LOGIN_OR_PSW; $_SESSION['error'] = _BAD_LOGIN_OR_PSW;
header( header(
'location: ' . $_SESSION['config']['businessappurl'] 'location: '.$_SESSION['config']['businessappurl']
. 'index.php?display=true&page=login' .'index.php?display=true&page=login'
); );
exit; exit;
} }
} else { } else {
$_SESSION['error'] = _BAD_LOGIN_OR_PSW; $_SESSION['error'] = _BAD_LOGIN_OR_PSW;
header( header(
'location: ' . $_SESSION['config']['businessappurl'] 'location: '.$_SESSION['config']['businessappurl']
. 'index.php?display=true&page=login' .'index.php?display=true&page=login'
); );
exit; exit;
} }
} } elseif (isset($_REQUEST['ra_code'])) {
elseif(isset($_REQUEST['ra_code'])) {
if (empty($login) || empty($password) || empty($ra_code)) { if (empty($login) || empty($password) || empty($ra_code)) {
$_SESSION['error'] = _IP_NOT_ALLOWED; $_SESSION['error'] = _IP_NOT_ALLOWED;
header( header(
'location: ' . $_SESSION['config']['businessappurl'] 'location: '.$_SESSION['config']['businessappurl']
. 'index.php?display=true&page=login' .'index.php?display=true&page=login'
); );
exit; exit;
} } else {
else {
$_SESSION['error'] = ''; $_SESSION['error'] = '';
$res = $sec->login($login, $password, false, $ra_code); $res = $sec->login($login, $password, false, $ra_code);
//$core->show_array($res); //$core->show_array($res);
$_SESSION['user'] = $res['user']; $_SESSION['user'] = $res['user'];
if ($res['error'] == '') { if ($res['error'] == '') {
// $businessAppTools->load_app_var_session($_SESSION['user']); // $businessAppTools->load_app_var_session($_SESSION['user']);
//$core->load_var_session($_SESSION['modules'], $_SESSION['user']); //$core->load_var_session($_SESSION['modules'], $_SESSION['user']);
$core->load_menu($_SESSION['modules']); $core->load_menu($_SESSION['modules']);
// exit; // exit;
} }
if (empty($_SESSION['error'])) { if (empty($_SESSION['error'])) {
$_SESSION['error'] = $res['error']; $_SESSION['error'] = $res['error'];
} }
header( header(
'location: ' . $_SESSION['config']['businessappurl'] . $res['url'] 'location: '.$_SESSION['config']['businessappurl'].$res['url']
); );
exit(); exit();
} }
} } else {
else {
if (empty($login) || empty($password)) { if (empty($login) || empty($password)) {
$_SESSION['error'] = _BAD_LOGIN_OR_PSW . '...'; $_SESSION['error'] = _BAD_LOGIN_OR_PSW.'...';
header( header(
'location: ' . $_SESSION['config']['businessappurl'] 'location: '.$_SESSION['config']['businessappurl']
. 'index.php?display=true&page=login' .'index.php?display=true&page=login'
); );
exit; exit;
} else { } else {
...@@ -270,22 +268,20 @@ if (! empty($_SESSION['error'])) { ...@@ -270,22 +268,20 @@ if (! empty($_SESSION['error'])) {
$_SESSION['user'] = $res['user']; $_SESSION['user'] = $res['user'];
if ($res['error'] == '') { if ($res['error'] == '') {
\SrcCore\models\SecurityModel::setCookieAuth(['userId' => $login]); \SrcCore\models\SecurityModel::setCookieAuth(['userId' => $login]);
// $businessAppTools->load_app_var_session($_SESSION['user']); // $businessAppTools->load_app_var_session($_SESSION['user']);
//$core->load_var_session($_SESSION['modules'], $_SESSION['user']); //$core->load_var_session($_SESSION['modules'], $_SESSION['user']);
$core->load_menu($_SESSION['modules']); $core->load_menu($_SESSION['modules']);
// exit; // exit;
} } else {
else {
$_SESSION['error'] = $res['error']; $_SESSION['error'] = $res['error'];
} }
$pathToIPFilter = ''; $pathToIPFilter = '';
if(file_exists($_SESSION['config']['corepath'].'custom'.DIRECTORY_SEPARATOR.$_SESSION['custom_override_id'].DIRECTORY_SEPARATOR.'apps'.DIRECTORY_SEPARATOR.$_SESSION['config']['app_id'].DIRECTORY_SEPARATOR.'xml'.DIRECTORY_SEPARATOR.'ip_filter.xml')){ if (file_exists($_SESSION['config']['corepath'].'custom'.DIRECTORY_SEPARATOR.$_SESSION['custom_override_id'].DIRECTORY_SEPARATOR.'apps'.DIRECTORY_SEPARATOR.$_SESSION['config']['app_id'].DIRECTORY_SEPARATOR.'xml'.DIRECTORY_SEPARATOR.'ip_filter.xml')) {
$pathToIPFilter = $_SESSION['config']['corepath'].'custom'.DIRECTORY_SEPARATOR.$_SESSION['custom_override_id'].DIRECTORY_SEPARATOR.'apps'.DIRECTORY_SEPARATOR.$_SESSION['config']['app_id'].DIRECTORY_SEPARATOR.'xml'.DIRECTORY_SEPARATOR.'ip_filter.xml'; $pathToIPFilter = $_SESSION['config']['corepath'].'custom'.DIRECTORY_SEPARATOR.$_SESSION['custom_override_id'].DIRECTORY_SEPARATOR.'apps'.DIRECTORY_SEPARATOR.$_SESSION['config']['app_id'].DIRECTORY_SEPARATOR.'xml'.DIRECTORY_SEPARATOR.'ip_filter.xml';
} elseif (file_exists('apps'.DIRECTORY_SEPARATOR.$_SESSION['config']['app_id'].DIRECTORY_SEPARATOR.'xml'.DIRECTORY_SEPARATOR.'ip_filter.xml')) { } elseif (file_exists('apps'.DIRECTORY_SEPARATOR.$_SESSION['config']['app_id'].DIRECTORY_SEPARATOR.'xml'.DIRECTORY_SEPARATOR.'ip_filter.xml')) {
$pathToIPFilter = 'apps'.DIRECTORY_SEPARATOR.$_SESSION['config']['app_id'].DIRECTORY_SEPARATOR.'xml'.DIRECTORY_SEPARATOR.'ip_filter.xml'; $pathToIPFilter = 'apps'.DIRECTORY_SEPARATOR.$_SESSION['config']['app_id'].DIRECTORY_SEPARATOR.'xml'.DIRECTORY_SEPARATOR.'ip_filter.xml';
} } else {
else {
$ipArray = array(); $ipArray = array();
$ipArray['enabled'] = 'false'; $ipArray['enabled'] = 'false';
$ipArray['duration'] = '0'; $ipArray['duration'] = '0';
...@@ -295,18 +291,17 @@ if (! empty($_SESSION['error'])) { ...@@ -295,18 +291,17 @@ if (! empty($_SESSION['error'])) {
//print_r($ipArray); //print_r($ipArray);
if ($ipArray['enabled'] == 'true') { if ($ipArray['enabled'] == 'true') {
$isAllowed = false; $isAllowed = false;
if($ipArray['IP'] <> '') { if ($ipArray['IP'] != '') {
$isAllowed = preg_match($ipArray['IP'], $_SERVER['REMOTE_ADDR']); $isAllowed = preg_match($ipArray['IP'], $_SERVER['REMOTE_ADDR']);
} }
if (empty($_SESSION['error'])) { if (empty($_SESSION['error'])) {
$_SESSION['error'] = $res['error']; $_SESSION['error'] = $res['error'];
} }
if (!$isAllowed && $res['error'] == '') { if (!$isAllowed && $res['error'] == '') {
if ($ipArray['duration'] == 0) { if ($ipArray['duration'] == 0) {
$_SESSION['error'] = _IP_NOT_ALLOWED_NO_RA_CODE; $_SESSION['error'] = _IP_NOT_ALLOWED_NO_RA_CODE;
} } else {
else {
$_SESSION['error'] = _IP_NOT_ALLOWED; $_SESSION['error'] = _IP_NOT_ALLOWED;
} }
$res['url'] = 'index.php?display=true&page=login'; $res['url'] = 'index.php?display=true&page=login';
...@@ -316,7 +311,7 @@ if (! empty($_SESSION['error'])) { ...@@ -316,7 +311,7 @@ if (! empty($_SESSION['error'])) {
$res['url'] .= '?administration=true'; $res['url'] .= '?administration=true';
} }
header( header(
'location: ' . $_SESSION['config']['businessappurl'] . $res['url'] 'location: '.$_SESSION['config']['businessappurl'].$res['url']
); );
exit(); exit();
} }
......
core/class/class_security.php
+ 342
294
View file @ df5835aa
This diff is collapsed.
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment