Skip to content
Snippets Groups Projects
Verified Commit e6b347d9 authored by Alex ORLUC's avatar Alex ORLUC
Browse files

FIX #6321 fix log with login mode ldap

parent df5835aa
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
apps/maarch_entreprise/smartphone/log.php
+ 166
92
View file @ e6b347d9
<?php
/**
* File : log.php
*
......@@ -15,32 +16,62 @@
if (file_exists('../../core/init.php')) {
include_once '../../core/init.php';
}
require_once('core' . DIRECTORY_SEPARATOR . 'class' . DIRECTORY_SEPARATOR . 'class_functions.php');
require_once('core' . DIRECTORY_SEPARATOR . 'class' . DIRECTORY_SEPARATOR . 'class_db_pdo.php');
require_once('core' . DIRECTORY_SEPARATOR . 'class' . DIRECTORY_SEPARATOR . 'class_core_tools.php');
require_once 'core'.DIRECTORY_SEPARATOR.'class'.DIRECTORY_SEPARATOR.'class_functions.php';
require_once 'core'.DIRECTORY_SEPARATOR.'class'.DIRECTORY_SEPARATOR.'class_db.php';
require_once 'core'.DIRECTORY_SEPARATOR.'class'.DIRECTORY_SEPARATOR.'class_core_tools.php';
$core = new core_tools();
$core->load_lang();
$func = new functions();
$_SESSION['error'] = '';
if (isset($_REQUEST['login'])) {
$login = functions::wash($_REQUEST['login'], 'no', _THE_ID, 'yes');
if (isset($_SESSION['web_cas_url'])) {
include_once 'apps/maarch_entreprise/tools/phpCAS/CAS.php';
phpCAS::client(constant($_SESSION['cas_version']), $_SESSION['cas_serveur'], (int) $_SESSION['cas_port'], $_SESSION['cas_context'], true);
if (!empty($_SESSION['cas_certificate'])) {
phpCAS::setCasServerCACert($_SESSION['cas_certificate']);
} else {
phpCAS::setNoCasServerValidation();
}
phpCAS::forceAuthentication();
$Id = phpCAS::getUser();
if (!empty($_SESSION['cas_id_separator'])) {
$tmpId = explode($_SESSION['cas_id_separator'], $Id);
$login = $tmpId[0];
} else {
$login = $Id;
}
$_REQUEST['pass'] = 'maarch';
} elseif (!empty($_SESSION['ozwillo']['userId'])) {
$login = $_SESSION['ozwillo']['userId'];
$_REQUEST['pass'] = 'maarch';
} elseif (!empty($_SESSION['sso']['userId'])) {
$login = $_SESSION['sso']['userId'];
$_REQUEST['pass'] = 'maarch';
} elseif (isset($_REQUEST['login'])) {
$login = $func->wash($_REQUEST['login'], 'no', _THE_ID, 'yes');
} else {
$login = '';
}
if (isset($_REQUEST['pass'])) {
$password = functions::wash($_REQUEST['pass'], 'no', _PASSWORD_FOR_USER, 'yes');
$password = $func->wash($_REQUEST['pass'], 'no', _PASSWORD_FOR_USER, 'yes');
} else {
$password = '';
}
if (isset($_REQUEST['ra_code'])) {
$ra_code = functions::wash($_REQUEST['ra_code'], 'no', _RA_CODE, 'yes');
$ra_code = $func->wash($_REQUEST['ra_code'], 'no', _RA_CODE, 'yes');
} else {
$ra_code = '';
}
require_once 'core/class/class_security.php';
require_once 'apps/' . $_SESSION['config']['app_id']
. '/class/class_business_app_tools.php';
require_once 'core/class/class_request.php';
require_once 'apps/'.$_SESSION['config']['app_id']
.'/class/class_business_app_tools.php';
$sec = new security();
$businessAppTools = new business_app_tools();
......@@ -63,29 +94,35 @@ if (count($_SESSION['config']) <= 0) {
$core->load_menu($_SESSION['modules']);
}
if ($_SESSION['config']['ldap'] == 'true' && $login <> 'superadmin') {
if (!empty($_SESSION['error'])) {
header(
'location: '.$_SESSION['config']['businessappurl']
.'index.php?display=true&page=login'
);
exit();
} else {
if ($_SESSION['config']['ldap'] == 'true' && $login != 'superadmin') {
//Extraction de /root/config dans le fichier de conf
if (file_exists($_SESSION['config']['corepath']
. '/custom/' . $_SESSION['custom_override_id']
. '/modules/ldap/xml/config.xml')
if (file_exists($_SESSION['config']['corepath']
.'/custom/'.$_SESSION['custom_override_id']
.'/modules/ldap/xml/config.xml')
) {
$pathtoConfig = $_SESSION['config']['corepath']
. '/custom/' . $_SESSION['custom_override_id']
. '/modules/ldap/xml/config.xml';
$pathtoConfig = $_SESSION['config']['corepath']
.'/custom/'.$_SESSION['custom_override_id']
.'/modules/ldap/xml/config.xml';
} else {
$pathtoConfig = $_SESSION['config']['corepath']
. 'modules/ldap/xml/config.xml';
$pathtoConfig = $_SESSION['config']['corepath']
.'modules/ldap/xml/config.xml';
}
$ldapConf = new DomDocument();
$ldapConf = new DomDocument();
try {
if (!@$ldapConf->load($pathtoConfig))
{
if (!@$ldapConf->load($pathtoConfig)) {
throw new Exception(
'Impossible de charger le document : '
. $pathtoConfig
.$pathtoConfig
);
}
} catch(Exception $e) {
} catch (Exception $e) {
exit($e->getMessage());
}
......@@ -96,135 +133,172 @@ if (count($_SESSION['config']) <= 0) {
}
//On inclus la class LDAP qui correspond à l'annuaire
if (!include $_SESSION['config']['corepath'] . 'modules/ldap/class/class_adLDAP.php')
{
exit('Impossible de charger class_' . $_SESSION['config']['corepath']
. 'modules/ldap/class/class_adLDAP.php'."\n");
if (strtolower($type_ldap) == 'openldap') {
$classLdap = 'class_openLDAP.php';
} else {
$classLdap = 'class_adLDAP.php';
}
//customized or not
if (!@include $_SESSION['config']['corepath'].'/custom/'.$_SESSION['custom_override_id'].'/modules/ldap/class/'.$classLdap) {
if (!@include $_SESSION['config']['corepath'].'modules/ldap/class/'.$classLdap) {
exit('Impossible de charger class_'.$_SESSION['config']['corepath'].'/modules/ldap/class/'.$classLdap."\n");
}
}
if ($prefix_login <> '') {
$login_admin = $prefix_login . "\\" . $login_admin;
if ($prefix_login != '') {
$login_admin = $prefix_login.'\\'.$login_admin;
}
//Try to create a new ldap instance
try {
$ad = new LDAP($domain, $login_admin, $pass, $ssl);
} catch(Exception $conFailure) {
echo $conFailure->getMessage();
exit;
if (strtolower($type_ldap) == 'openldap') {
try {
$ad = new LDAP($domain, $login_admin, $pass, $ssl, $hostname);
} catch (Exception $conFailure) {
echo functions::xssafe($conFailure->getMessage());
exit;
}
} else {
try {
$ad = new LDAP($domain, $login_admin, $pass, $ssl);
} catch (Exception $conFailure) {
echo functions::xssafe($conFailure->getMessage());
exit;
}
}
if ($prefix_login <> '') {
$loginToAd = $prefix_login . "\\" . $login;
if ($prefix_login != '') {
$loginToAd = $prefix_login.'\\'.$login;
} else {
$loginToAd = $login;
}
if ($ad -> authenticate($loginToAd, $password)) {
$db = new Database();
$login = end(explode('\\', $login));
$query = "SELECT * FROM users WHERE user_id ILIKE ?";
$stmt = $db->query($query,array($login));
if ($stmt->fetchObject()) {
if ($ad->authenticate($loginToAd, $password)) {
//TODO: protect sql injection with PDO
require_once 'core/class/class_db_pdo.php';
// Instantiate database.
$database = new Database();
$stmt = $database->query(
'SELECT * FROM users WHERE user_id ILIKE ?',
array($login)
); //permet de rechercher les utilisateurs dans le LDAP sans prendre en compte la casse
$result = $stmt->fetch();
if ($result) {
$_SESSION['error'] = '';
$res = $sec->login($login, $password, 'ldap');
$_SESSION['user'] = $res['user'];
if (empty($_SESSION['error'])) {
if ($res['error'] == '') {
\SrcCore\models\SecurityModel::setCookieAuth(['userId' => $login]);
} else {
$_SESSION['error'] = $res['error'];
}
$core->load_menu($_SESSION['modules']);
header('location: smartphone/index.php?page=welcome');
exit();
} else {
$_SESSION['error'] = _NO_LOGIN_OR_PSW_BY_LDAP . '...';
$_SESSION['error'] = _BAD_LOGIN_OR_PSW;
header(
'location: ' . $_SESSION['config']['businessappurl']
. 'index.php?display=true&page=login'
'location: '.$_SESSION['config']['businessappurl']
.'index.php?display=true&page=login'
);
exit;
}
} else {
$_SESSION['error'] = _BAD_LOGIN_OR_PSW . ' (ad authenticate) ...';
$_SESSION['error'] = _BAD_LOGIN_OR_PSW;
header(
'location: ' . $_SESSION['config']['businessappurl']
. 'index.php?display=true&page=login'
'location: '.$_SESSION['config']['businessappurl']
.'index.php?display=true&page=login'
);
exit;
}
}
else {
if (empty($login) || empty($password)) {
$_SESSION['error'] = _BAD_LOGIN_OR_PSW . '...';
} elseif (isset($_REQUEST['ra_code'])) {
if (empty($login) || empty($password) || empty($ra_code)) {
$_SESSION['error'] = _IP_NOT_ALLOWED;
header(
'location: ' . $_SESSION['config']['businessappurl']
. 'index.php?display=true&page=login'
'location: '.$_SESSION['config']['businessappurl']
.'index.php?display=true&page=login'
);
exit;
} else {
$_SESSION['error'] = '';
if ($ra_code != '') $res = $sec->login($login, $password, false, $ra_code);
else $res = $sec->login($login, $password);
if (!$sec->test_allowed_ip() && $ra_code == ''){
$_SESSION['error'] = _TRYING_TO_CONNECT_FROM_NOT_ALLOWED_IP;
$sec->generateRaCode($login, $password);
exit();
}
//$core->show_array($res);exit();
$res = $sec->login($login, $password, false, $ra_code);
//$core->show_array($res);
$_SESSION['user'] = $res['user'];
if ($res['error'] == '') {
// $businessAppTools->load_app_var_session($_SESSION['user']);
// $businessAppTools->load_app_var_session($_SESSION['user']);
//$core->load_var_session($_SESSION['modules'], $_SESSION['user']);
$core->load_menu($_SESSION['modules']);
// exit;
// exit;
}
else {
if (empty($_SESSION['error'])) {
$_SESSION['error'] = $res['error'];
header(
'location: ' . $_SESSION['config']['businessappurl']
. 'index.php?display=true&page=login'
);
exit();
}
/*$pathToIPFilter = '';
if(file_exists($_SESSION['config']['corepath'].'custom'.DIRECTORY_SEPARATOR.$_SESSION['custom_override_id'].DIRECTORY_SEPARATOR.'apps'.DIRECTORY_SEPARATOR.$_SESSION['config']['app_id'].DIRECTORY_SEPARATOR.'xml'.DIRECTORY_SEPARATOR.'ip_filter.xml')){
header(
'location: '.$_SESSION['config']['businessappurl'].$res['url']
);
exit();
}
} else {
if (empty($login) || empty($password)) {
$_SESSION['error'] = _BAD_LOGIN_OR_PSW.'...';
header(
'location: '.$_SESSION['config']['businessappurl']
.'index.php?display=true&page=login'
);
exit;
} else {
$_SESSION['error'] = '';
$res = $sec->login($login, $password);
//$core->show_array($res);
$_SESSION['user'] = $res['user'];
if ($res['error'] == '') {
\SrcCore\models\SecurityModel::setCookieAuth(['userId' => $login]);
// $businessAppTools->load_app_var_session($_SESSION['user']);
//$core->load_var_session($_SESSION['modules'], $_SESSION['user']);
$core->load_menu($_SESSION['modules']);
// exit;
} else {
$_SESSION['error'] = $res['error'];
}
$pathToIPFilter = '';
if (file_exists($_SESSION['config']['corepath'].'custom'.DIRECTORY_SEPARATOR.$_SESSION['custom_override_id'].DIRECTORY_SEPARATOR.'apps'.DIRECTORY_SEPARATOR.$_SESSION['config']['app_id'].DIRECTORY_SEPARATOR.'xml'.DIRECTORY_SEPARATOR.'ip_filter.xml')) {
$pathToIPFilter = $_SESSION['config']['corepath'].'custom'.DIRECTORY_SEPARATOR.$_SESSION['custom_override_id'].DIRECTORY_SEPARATOR.'apps'.DIRECTORY_SEPARATOR.$_SESSION['config']['app_id'].DIRECTORY_SEPARATOR.'xml'.DIRECTORY_SEPARATOR.'ip_filter.xml';
} elseif (file_exists('apps'.DIRECTORY_SEPARATOR.$_SESSION['config']['app_id'].DIRECTORY_SEPARATOR.'xml'.DIRECTORY_SEPARATOR.'ip_filter.xml')) {
$pathToIPFilter = 'apps'.DIRECTORY_SEPARATOR.$_SESSION['config']['app_id'].DIRECTORY_SEPARATOR.'xml'.DIRECTORY_SEPARATOR.'ip_filter.xml';
}
else {
} else {
$ipArray = array();
$ipArray['enabled'] = 'false';
$ipArray['duration'] = '0';
}
$ipArray = array();
$ipArray = functions::object2array(simplexml_load_file($pathToIPFilter));
$ipArray = $func->object2array(simplexml_load_file($pathToIPFilter));
//print_r($ipArray);
if ($ipArray['enabled'] == 'true') {
$isAllowed = false;
if($ipArray['IP'] <> '') {
if ($ipArray['IP'] != '') {
$isAllowed = preg_match($ipArray['IP'], $_SERVER['REMOTE_ADDR']);
}
if (empty($_SESSION['error'])) {
$_SESSION['error'] = $res['error'];
}
if (!$isAllowed && $res['error'] == '') {
if ($ipArray['duration'] == 0) {
$_SESSION['error'] = _IP_NOT_ALLOWED_NO_RA_CODE;
}
else {
} else {
$_SESSION['error'] = _IP_NOT_ALLOWED;
}
$res['url'] = 'index.php?display=true&page=login';
}
}*/
header('location: smartphone/index.php?page=welcome');
}
if ($_SESSION['user']['UserId'] == 'superadmin') {
$res['url'] .= '?administration=true';
}
header('location: smartphone/index.php?page=welcome');
exit();
}
}
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment