source-function-F_altLogin

It appears that you are using AdBlocking software. The cost of running this website is covered by advertisements. If you like it please feel free to a small amount of money to secure the future of this website.
Overview

Classes

Interfaces

Exceptions

Functions

  1: <?php
  2: //============================================================+
  3: // File name   : tce_altauth.php
  4: // Begin       : 2008-03-28
  5: // Last Update : 2015-03-29
  6: //
  7: // Description : Check user authorization against alternative
  8: //               systems (SSL, HTTP-BASIC, CAS, SHIBBOLETH, RADIUS, LDAP)
  9: //
 10: // Author: Nicola Asuni
 11: //
 12: // (c) Copyright:
 13: //               Nicola Asuni
 14: //               Tecnick.com LTD
 15: //               www.tecnick.com
 16: //               info@tecnick.com
 17: //
 18: // License:
 19: //    Copyright (C) 2004-2015 Nicola Asuni - Tecnick.com LTD
 20: //    See LICENSE.TXT file for more information.
 21: //============================================================+
 22: 
 23: /**
 24:  * @file
 25:  * Check user authorization against alternative systems (HTTP-BASIC, CAS, SHIBBOLETH, RADIUS, LDAP)
 26:  * @package com.tecnick.tcexam.shared
 27:  * @author Nicola Asuni
 28:  * @since 2008-03-28
 29:  */
 30: 
 31: /**
 32:  * Try various external Login Systems.
 33:  * (SSL, HTTP-BASIC, CAS, SHIBBOLETH, RADIUS, LDAP)
 34:  * @return array of user's data for successful login, false otherwise
 35:  * @since 2012-06-05
 36:  */
 37: function F_altLogin()
 38: {
 39:     global $l, $db;
 40:     require_once('../config/tce_config.php');
 41: 
 42:     // TCExam tries to retrive the user login information from the following systems:
 43: 
 44:     // 1) SSL ----------------------------------------------------------
 45:     require_once('../../shared/config/tce_ssl.php');
 46:     if (K_SSL_ENABLED and (!isset($_SESSION['logout']) or !$_SESSION['logout'])) {
 47:         if (isset($_SERVER['SSL_CLIENT_M_SERIAL']) // The serial of the client certificate
 48:                 and isset($_SERVER['SSL_CLIENT_I_DN']) // Issuer DN of client's certificate
 49:                 and isset($_SERVER['SSL_CLIENT_V_END']) // Validity of client's certificate (end time)
 50:                 and isset($_SERVER['SSL_CLIENT_VERIFY']) // NONE, SUCCESS, GENEROUS or FAILED:reason
 51:                 and  ($_SERVER['SSL_CLIENT_VERIFY'] === 'SUCCESS')
 52:                 and isset($_SERVER['SSL_CLIENT_V_REMAIN']) // Number of days until client's certificate expires
 53:                 and ($_SERVER['SSL_CLIENT_V_REMAIN'] <= 0)) {
 54:             $_POST['xuser_name'] = md5($_SERVER['SSL_CLIENT_M_SERIAL'].$_SERVER['SSL_CLIENT_I_DN']);
 55:             $_POST['xuser_password'] = getPasswordHash($_SERVER['SSL_CLIENT_M_SERIAL'].$_SERVER['SSL_CLIENT_I_DN'].K_RANDOM_SECURITY.$_SERVER['SSL_CLIENT_V_END']);
 56:             $_POST['logaction'] = 'login';
 57:             $usr = array();
 58:             if (isset($_SERVER['SSL_CLIENT_S_DN_Email'])) {
 59:                 $usr['user_email'] = $_SERVER['SSL_CLIENT_S_DN_Email'];
 60:             } else {
 61:                 $usr['user_email'] = '';
 62:             }
 63:             if (isset($_SERVER['SSL_CLIENT_S_DN_CN'])) {
 64:                 $usr['user_firstname'] = $_SERVER['SSL_CLIENT_S_DN_CN'];
 65:             } else {
 66:                 $usr['user_firstname'] = '';
 67:             }
 68:             $usr['user_lastname'] = '';
 69:             $usr['user_birthdate'] = '';
 70:             $usr['user_birthplace'] = '';
 71:             $usr['user_regnumber'] = '';
 72:             $usr['user_ssn'] = '';
 73:             $usr['user_level'] = K_SSL_USER_LEVEL;
 74:             $usr['usrgrp_group_id'] = K_SSL_USER_GROUP_ID;
 75:             return $usr;
 76:         }
 77:     }
 78:     // -----------------------------------------------------------------
 79: 
 80:     // 2) HTTP BASIC ---------------------------------------------------
 81:     require_once('../../shared/config/tce_httpbasic.php');
 82:     if (K_HTTPBASIC_ENABLED and (!isset($_SESSION['logout']) or !$_SESSION['logout'])) {
 83:         if (isset($_SERVER['AUTH_TYPE']) and ($_SERVER['AUTH_TYPE'] == 'Basic')
 84:             and isset($_SERVER['PHP_AUTH_USER']) and isset($_SERVER['PHP_AUTH_PW'])
 85:             and ($_SESSION['session_user_name'] != $_SERVER['PHP_AUTH_USER'])) {
 86:             $_POST['xuser_name'] = $_SERVER['PHP_AUTH_USER'];
 87:             $_POST['xuser_password'] = $_SERVER['PHP_AUTH_PW'];
 88:             $_POST['logaction'] = 'login';
 89:             $usr = array();
 90:             $usr['user_email'] = '';
 91:             $usr['user_firstname'] = '';
 92:             $usr['user_lastname'] = '';
 93:             $usr['user_birthdate'] = '';
 94:             $usr['user_birthplace'] = '';
 95:             $usr['user_regnumber'] = '';
 96:             $usr['user_ssn'] = '';
 97:             $usr['user_level'] = K_HTTPBASIC_USER_LEVEL;
 98:             $usr['usrgrp_group_id'] = K_HTTPBASIC_USER_GROUP_ID;
 99:             return $usr;
100:         }
101:     }
102:     // -----------------------------------------------------------------
103: 
104:     // 3) CAS - Central Authentication Service -------------------------
105:     require_once('../../shared/config/tce_cas.php');
106:     if (K_CAS_ENABLED) {
107:         require_once('../../shared/cas/CAS.php');
108:         phpCAS::client(K_CAS_VERSION, K_CAS_HOST, K_CAS_PORT, K_CAS_PATH, false);
109:         phpCAS::setNoCasServerValidation();
110:         phpCAS::forceAuthentication();
111:         if ($_SESSION['session_user_name'] != phpCAS::getUser()) {
112:             $_POST['xuser_name'] = phpCAS::getUser();
113:             $_POST['xuser_password'] = getPasswordHash($_POST['xuser_name'].K_RANDOM_SECURITY);
114:             $_POST['logaction'] = 'login';
115:             $usr = array();
116:             $usr['user_email'] = '';
117:             $usr['user_firstname'] = '';
118:             $usr['user_lastname'] = '';
119:             $usr['user_birthdate'] = '';
120:             $usr['user_birthplace'] = '';
121:             $usr['user_regnumber'] = '';
122:             $usr['user_ssn'] = '';
123:             $usr['user_level'] = K_CAS_USER_LEVEL;
124:             $usr['usrgrp_group_id'] = K_CAS_USER_GROUP_ID;
125:             return $usr;
126:         }
127:     }
128:     // -----------------------------------------------------------------
129: 
130:     // 4) Shibboleth ---------------------------------------------------
131:     require_once('../../shared/config/tce_shibboleth.php');
132:     if (K_SHIBBOLETH_ENABLED and (!isset($_SESSION['logout']) or !$_SESSION['logout'])) {
133:         if (isset($_SERVER['AUTH_TYPE']) and ($_SERVER['AUTH_TYPE'] == 'shibboleth')
134:             and ((isset($_SERVER['Shib_Session_ID']) and !empty($_SERVER['Shib_Session_ID']))
135:                 or (isset($_SERVER['HTTP_SHIB_IDENTITY_PROVIDER']) and !empty($_SERVER['HTTP_SHIB_IDENTITY_PROVIDER'])))
136:             and isset($_SERVER['eppn']) and ($_SESSION['session_user_name'] != $_SERVER['eppn'])) {
137:             $_POST['xuser_name'] = $_SERVER['eppn'];
138:             $_POST['xuser_password'] = getPasswordHash($_POST['xuser_name'].K_RANDOM_SECURITY);
139:             $_POST['logaction'] = 'login';
140:             $usr = array();
141:             $usr['user_email'] = $_SERVER['eppn'];
142:             if (isset($_SERVER['givenName'])) {
143:                 $usr['user_firstname'] = $_SERVER['givenName'];
144:             } else {
145:                 $usr['user_firstname'] = '';
146:             }
147:             if (isset($_SERVER['sn'])) {
148:                 $usr['user_lastname'] = $_SERVER['sn'];
149:             } else {
150:                 $usr['user_lastname'] = '';
151:             }
152:             $usr['user_birthdate'] = '';
153:             $usr['user_birthplace'] = '';
154:             if (isset($_SERVER['employeeNumber'])) {
155:                 $usr['user_regnumber'] = $_SERVER['employeeNumber'];
156:             } else {
157:                 $usr['user_regnumber'] = '';
158:             }
159:             $usr['user_ssn'] = '';
160:             $usr['user_level'] = K_SHIBBOLETH_USER_LEVEL;
161:             $usr['usrgrp_group_id'] = K_SHIBBOLETH_USER_GROUP_ID;
162:             return $usr;
163:         }
164:     }
165:     // -----------------------------------------------------------------
166: 
167:     if (isset($_POST['logaction']) and ($_POST['logaction'] == 'login') and isset($_POST['xuser_name']) and isset($_POST['xuser_password'])) {
168:         // 5) RADIUS ---------------------------------------------------
169:         require_once('../../shared/config/tce_radius.php');
170:         if (K_RADIUS_ENABLED) {
171:             require_once('../../shared/radius/radius.class.php');
172:             $radius = new Radius(K_RADIUS_SERVER_IP, K_RADIUS_SHARED_SECRET, K_RADIUS_SUFFIX, K_RADIUS_UDP_TIMEOUT, K_RADIUS_AUTHENTICATION_PORT, K_RADIUS_ACCOUNTING_PORT);
173:             if (K_RADIUS_UTF8) {
174:                 $radusername = utf8_encode($_POST['xuser_name']);
175:                 $radpassword = utf8_encode($_POST['xuser_password']);
176:             } else {
177:                 $radusername = $_POST['xuser_name'];
178:                 $radpassword = $_POST['xuser_password'];
179:             }
180:             if ($radius->AccessRequest($radusername, $radpassword)) {
181:                 $usr = array();
182:                 $usr['user_email'] = '';
183:                 $usr['user_firstname'] = '';
184:                 $usr['user_lastname'] = '';
185:                 $usr['user_birthdate'] = '';
186:                 $usr['user_birthplace'] = '';
187:                 $usr['user_regnumber'] = '';
188:                 $usr['user_ssn'] = '';
189:                 $usr['user_level'] = K_RADIUS_USER_LEVEL;
190:                 $usr['usrgrp_group_id'] = K_RADIUS_USER_GROUP_ID;
191:                 return $usr;
192:             }
193:         }
194:         // -------------------------------------------------------------
195: 
196:         // 6) LDAP -----------------------------------------------------
197:         require_once('../../shared/config/tce_ldap.php');
198:         if (K_LDAP_ENABLED) {
199:             // make ldap connection
200:             $ldapconn = ldap_connect(K_LDAP_HOST, K_LDAP_PORT);
201:             ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, K_LDAP_PROTOCOL_VERSION);
202:             ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0); // recommended for W2K3
203:             // bind anonymously and get dn for username.
204:             if (K_LDAP_UTF8) {
205:                 $ldapusername = utf8_encode($_POST['xuser_name']);
206:                 $ldappassword = utf8_encode($_POST['xuser_password']);
207:             } else {
208:                 $ldapusername = $_POST['xuser_name'];
209:                 $ldappassword = $_POST['xuser_password'];
210:             }
211:             if ($lbind = ldap_bind($ldapconn, K_LDAP_ROOT_DN, K_LDAP_ROOT_PASS)) {
212:                 // Search user on LDAP tree
213:                 $ldap_filter = str_replace('#USERNAME#', $ldapusername, K_LDAP_FILTER);
214:                 $sorted_ldap_attr = $ldap_attr;
215:                 sort($sorted_ldap_attr);
216:                 if ($search = @ldap_search($ldapconn, K_LDAP_BASE_DN, $ldap_filter, $sorted_ldap_attr)) {
217:                     if ($rdn = @ldap_get_entries($ldapconn, $search)) {
218:                         //var_export($rdn); // uncomment this to see the structure of the entries
219:                         if (!empty($rdn[0]['dn']) && @ldap_bind($ldapconn, $rdn[0]['dn'], $ldappassword)) {
220:                             @ldap_unbind($ldapconn);
221:                             $usr = array();
222:                             foreach ($ldap_attr as $k => $v) {
223:                                 if ((!empty($v)) and isset($rdn[0][$v])) {
224:                                     if (is_array($rdn[0][$v])) {
225:                                         // get the first entry in the array
226:                                         $usr[$k] = $rdn[0][$v][0];
227:                                     } else {
228:                                         $usr[$k] = $rdn[0][$v];
229:                                     }
230:                                 } else {
231:                                     $usr[$k] = '';
232:                                 }
233:                             }
234:                             $usr['user_level'] = K_LDAP_USER_LEVEL;
235:                             $usr['usrgrp_group_id'] = K_LDAP_USER_GROUP_ID;
236:                             return $usr;
237:                         }
238:                     }
239:                 }
240:             }
241:             @ldap_unbind($ldapconn);
242:         }
243:         // -------------------------------------------------------------
244:     }
245: 
246:     return false;
247: }
248: 
249: //=====================================================================+
250: // END OF FILE
251: //=====================================================================+
252: 
 

© 2004-2018 – Nicola Asuni - Tecnick.com - All rights reserved.
about - disclaimer - privacy