'filter' => '(objectClass=*)',
'scope' => 'sub'
),
+/*
+ 'LSauth' => array (
+ 'method' => 'HTTP'
+ ),
+*/
'LSprofiles' => array (
'admin' => array (
'o=ls' => array (
*/
class LSauth {
+ static private $authData=NULL;
+
+ var $params = array (
+ 'displayLoginForm' => true,
+ 'displayLogoutBtn' => true
+ );
+
+ /**
+ * Check Post Data
+ *
+ * @retval boolean True if post data permit the authentification or False
+ **/
+ public function getPostData() {
+ if (isset($_POST['LSsession_user']) && !empty($_POST['LSsession_user'])) {
+ $this -> authData = array(
+ 'username' => $_POST['LSsession_user'],
+ 'password' => $_POST['LSsession_pwd'],
+ 'ldapserver' => $_POST['LSsession_ldapserver'],
+ 'topDn' => $_POST['LSsession_topDn']
+ );
+ return true;
+ }
+ return;
+ }
+
/**
* Check user login
*
*
* @retval LSldapObject|false The LSldapObject of the user authificated or false
*/
- public static function authenticate($username,$password) {
+ public function authenticate() {
if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) {
$authobject = new LSsession :: $ldapServer['authObjectType']();
$result = $authobject -> searchObject(
- $username,
+ $this -> authData['username'],
LSsession :: getTopDn(),
LSsession :: $ldapServer['authObjectFilter']
);
// duplication d'authentité
LSerror :: addErrorCode('LSauth_02');
}
- elseif ( self :: checkUserPwd($result[0],$password) ) {
+ elseif ( $this -> checkUserPwd($result[0],$this -> authData['password']) ) {
// Authentication succeeded
return $result[0];
}
return LSldap :: checkBind($object -> getValue('dn'),$pwd);
}
+ /**
+ * Define if login form can be displayed or not
+ *
+ * @retval boolean
+ **/
+ public function __get($key) {
+ if ($key=='params') {
+ return $this -> params;
+ }
+ return;
+ }
+
}
/*
--- /dev/null
+<?php
+/*******************************************************************************
+ * Copyright (C) 2007 Easter-eggs
+ * http://ldapsaisie.labs.libre-entreprise.org
+ *
+ * Author: See AUTHORS file in top-level directory.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+******************************************************************************/
+
+/**
+ * Gestion de l'authentification d'un utilisateur suite à une authentification
+ * HTTP
+ *
+ * @author Benjamin Renard <brenard@easter-eggs.com>
+ */
+class LSauthHTTP extends LSauth {
+
+ var $params = array (
+ 'displayLoginForm' => false,
+ 'displayLogoutBtn' => false
+ );
+
+ /**
+ * Check Post Data
+ *
+ * @retval array|False Array of post data if exist or False
+ **/
+ public function getPostData() {
+ if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) {
+ $this -> authData = array(
+ 'username' => $_SERVER['PHP_AUTH_USER'],
+ 'password' => $_SERVER['PHP_AUTH_PW'],
+ 'ldapserver' => $_REQUEST['LSsession_ldapserver'],
+ 'topDn' => $_REQUEST['LSsession_topDn']
+ );
+ return true;
+ }
+ return;
+ }
+
+ /**
+ * Check user login
+ *
+ * @param[in] $username The username
+ * @param[in] $password The password
+ *
+ * @retval LSldapObject|false The LSldapObject of the user authificated or false
+ */
+ public function authenticate() {
+ if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) {
+ $authobject = new LSsession :: $ldapServer['authObjectType']();
+ $result = $authobject -> searchObject(
+ $this -> authData['username'],
+ LSsession :: getTopDn(),
+ LSsession :: $ldapServer['authObjectFilter']
+ );
+ $nbresult=count($result);
+
+ if ($nbresult==0) {
+ // identifiant incorrect
+ LSdebug('identifiant incorrect');
+ LSerror :: addErrorCode('LSauth_01');
+ }
+ else if ($nbresult>1) {
+ // duplication d'authentité
+ LSerror :: addErrorCode('LSauth_02');
+ }
+ else {
+ // Authentication succeeded
+ return $result[0];
+ }
+ }
+ else {
+ LSerror :: addErrorCode('LSauth_03');
+ }
+ return;
+ }
+
+}
+?>
******************************************************************************/
-/**
+/**
* Gestion des sessions
*
* Cette classe gère les sessions d'utilisateurs.
// Les droits d'accès de l'utilisateur
private static $LSaccess = array();
+ // Authentification parameters
+ private static $authParams = array();
+
// Les fichiers temporaires
private static $tmp_file = array();
self :: $rdn = $_SESSION['LSsession']['rdn'];
self :: $ldapServerId = $_SESSION['LSsession']['ldapServerId'];
self :: $tmp_file = $_SESSION['LSsession']['tmp_file'];
+ self :: $authParams = $_SESSION['LSsession']['authParams'];
if ( self :: cacheLSprofiles() && !isset($_REQUEST['LSsession_refresh']) ) {
self :: setLdapServer(self :: $ldapServerId);
}
else {
// Session inexistante
- if (isset($_POST['LSsession_user'])) {
- if (isset($_POST['LSsession_ldapserver'])) {
- self :: setLdapServer($_POST['LSsession_ldapserver']);
+ if (isset($_POST['LSsession_ldapserver'])) {
+ self :: setLdapServer($_POST['LSsession_ldapserver']);
+ }
+ else {
+ self :: setLdapServer(0);
+ }
+
+ // Connexion au serveur LDAP
+ if (self :: LSldapConnect()) {
+
+ // topDn
+ if ( $_POST['LSsession_topDn'] != '' ){
+ self :: $topDn = $_POST['LSsession_topDn'];
}
else {
- self :: setLdapServer(0);
+ self :: $topDn = self :: $ldapServer['ldap_config']['basedn'];
}
-
- // Connexion au serveur LDAP
- if (self :: LSldapConnect()) {
-
- // topDn
- if ( $_POST['LSsession_topDn'] != '' ){
- self :: $topDn = $_POST['LSsession_topDn'];
- }
- else {
- self :: $topDn = self :: $ldapServer['ldap_config']['basedn'];
- }
- $_SESSION['LSsession_topDn']=self :: $topDn;
+ $_SESSION['LSsession_topDn']=self :: $topDn;
-
- if (isset($_GET['LSsession_recoverPassword'])) {
- $recoveryPasswordInfos = self :: recoverPasswd(
- $_REQUEST['LSsession_user'],
- $_GET['recoveryHash']
- );
- }
- else {
- if (self :: loadLSclass('LSauth')) {
- $LSuserObject = LSauth :: authenticate(
- $_REQUEST['LSsession_user'],
- $_REQUEST['LSsession_pwd']
- );
+ if (isset($_GET['LSsession_recoverPassword'])) {
+ $recoveryPasswordInfos = self :: recoverPasswd(
+ $_REQUEST['LSsession_user'],
+ $_GET['recoveryHash']
+ );
+ }
+ else {
+ if (self :: loadLSclass('LSauth')) {
+ if (isset(self :: $ldapServer['LSauth']['method'])) {
+ $LSauthClass = 'LSauth'.self :: $ldapServer['LSauth']['method'];
+ if (!self :: loadLSclass($LSauthClass)) {
+ LSerror :: addErrorCode('LSsession_08',$LSauthClass);
+ $LSauthClass = 'LSauth';
+ }
+ }
+ else {
+ $LSauthClass = 'LSauth';
+ }
+
+ $authObj = new $LSauthClass();
+ self :: $authParams = $authObj->params;
+ if ($authObj -> getPostData()) {
+ $LSuserObject = $authObj -> authenticate();
if ($LSuserObject) {
// Authentification réussi
self :: $LSuserObject = $LSuserObject;
}
}
}
- }
- else {
- LSerror :: addErrorCode('LSsession_09');
+ else {
+ LSerror :: addErrorCode('LSsession_05','LSauth');
+ }
}
}
+ else {
+ LSerror :: addErrorCode('LSsession_09');
+ }
if (self :: $ldapServerId) {
$GLOBALS['Smarty'] -> assign('ldapServerId',self :: $ldapServerId);
}
if (isset($_GET['LSsession_recoverPassword'])) {
self :: displayRecoverPasswordForm($recoveryPasswordInfos);
}
- else {
+ elseif(self :: $authParams['displayLoginForm']) {
self :: displayLoginForm();
}
+ else {
+ self :: setTemplate('blank.tpl');
+ LSerror :: addErrorCode('LSsession_10');
+ }
return;
}
}
'ldapServerId' => self :: $ldapServerId,
'ldapServer' => self :: $ldapServer,
'LSprofiles' => self :: $LSprofiles,
- 'LSaccess' => self :: $LSaccess
+ 'LSaccess' => self :: $LSaccess,
+ 'authParams' => self :: $authParams
);
}
$GLOBALS['Smarty'] -> assign('LSlang',self :: $lang);
$GLOBALS['Smarty'] -> assign('LSencoding',self :: $encoding);
$GLOBALS['Smarty'] -> assign('lang_label',_('Language'));
+
+ $GLOBALS['Smarty'] -> assign('displayLogoutBtn',self :: $authParams['displayLogoutBtn']);
// Infos
if((!empty($_SESSION['LSsession_infos']))&&(is_array($_SESSION['LSsession_infos']))) {
LSerror :: defineError('LSsession_07',
_("LSsession : Impossible to identify you : Duplication of identities.")
);
- // 08
+ LSerror :: defineError('LSsession_08',
+ _("LSsession : Can't load class of authentification (%{class}).")
+ );
LSerror :: defineError('LSsession_09',
_("LSsession : Can't connect to LDAP server.")
);
- // 10
+ LSerror :: defineError('LSsession_10',
+ _("LSsession : Impossible to authenticate you.")
+ );
LSerror :: defineError('LSsession_11',
_("LSsession : Your are not authorized to do this action.")
);
+<?xml version="1.0"?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
+ <meta http-equiv="content-type" content="text/html; charset={$LSencoding}">
<title>LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if}</title>
+ <link rel="icon" type="image/png" href="images/default/favicon.png" />
<link rel="stylesheet" type="text/css" href="{$LS_CSS_DIR}/base.css" title="Normal" />
<link rel="stylesheet" type="text/css" href="{$LS_CSS_DIR}/base_print.css" media='print' title="Normal" />
{$LSsession_css}
- {$LSsession_js}
</head>
<body>
-<div id='LSerror'>
-{$LSerrors}
-</div>
-<div id='LSdebug'>
- <a href='#' id='LSdebug_hidden'>X</a>
- <div id='LSdebug_infos'>{if $LSdebug != ''}{$LSdebug}{/if}</div>
-</div>
+
+{include file='LSdefault.tpl'}
+
+{$LSsession_js}
+
</body>
</html>
</select>
<input type='submit' value='->'/>
</form>
- {$connected_as} <span id='user_name'>{$LSsession_username}</span> <a href='index.php?LSsession_logout'><img src='{$LS_IMAGES_DIR}/logout.png' alt='Logout' title='Logout' /></a>
+ {$connected_as} <span id='user_name'>{$LSsession_username}</span>{if $displayLogoutBtn} <a href='index.php?LSsession_logout'><img src='{$LS_IMAGES_DIR}/logout.png' alt='Logout' title='Logout' /></a>{/if}
</td>
</tr>
<tr>