serv = $serv ; $this -> base = $base ; $this -> dscr = $dscr ; $this -> binddn = '' ; $this -> bindpw = '' ; $this -> login = 'uid' ; $this -> uname = 'cn' ; $this -> email = 'mail' ; return $this ; } function find_ldap_user ( $user ) { $SERV = $this -> serv ; $BASE = $this -> base ; $binddn = $this -> binddn ; $bindpw = $this -> bindpw ; $uid = $this -> login ; $uname = $this -> uname ; $login = $user -> login ; $res = '' ; if ( ! $ds = ldap_connect ( $SERV ) ) { html_exit ( "failed : connect to $SERV (1)" ) ; } if ( ! ldap_set_option ( $ds, LDAP_OPT_PROTOCOL_VERSION,3 ) ) { html_exit ( "failed : set ldap v3 protocol" ) ; } # print "SERV ($SERV) binddn ($binddn)
\n" ; if ( ! $r = ldap_bind ( $ds, $binddn, $bindpw ) ) { html_exit ( "failed : bind to '$SERV' (anonymous)" ) ; } $attrs = array ( 'dn', $uname ) ; $sr = ldap_search ( $ds, $BASE, "$uid=$login", $attrs ) ; $count = ldap_count_entries ( $ds, $sr ) ; if ( $count > 1 ) { html_exit ( "$SERV : $count entries '$login' found" ) ; } elseif ( $count == 1 ) { $info = ldap_get_entries ( $ds, $sr ) ; $dn = strtolower ( $info [ 0 ] [ 'dn' ] ) ; $cn = $info [ 0 ] [ $uname ] [ 0 ] ; $res = array ( dn => $dn , cn => $cn ) ; ldap_unbind ( $ds ) ; } return $res ; } function vrfy_pswd ( $usdn, $PSWD ) { $SERV = $this -> serv ; $res = 0 ; ini_set ( "error_reporting", '0' ) ; if ( ! $ds = ldap_connect ( $SERV ) ) { html_exit ( "failed : connect to $SERV (2)" ) ; } elseif ( ! ldap_set_option ( $ds, LDAP_OPT_PROTOCOL_VERSION, 3 ) ) { html_exit ( "failed : set ldap v3 protocol" ) ; } elseif ( ldap_bind ( $ds, $usdn, $PSWD ) ) { $res = 1 ; } ini_set ( "error_reporting", '1' ) ; if ( $ds ) { ldap_unbind ( $ds ) ; } return $res ; } } $full_names = array () ; function new_user ( $login ) { $res = new User ; $res -> init ( $login ) ; return $res ; } function full_name ( $login ) { global $full_names ; if ( ! array_key_exists ( $login, $full_names ) ) { $name = new_user ( $login ) -> name () ; $full_names [ $login ] = $name ; } return $full_names [ $login ] ; } class User { function init ( $login ) { $this -> login = $login ; $this -> name = '' ; $this -> usdn = '' ; $this -> clas = '' ; $this -> err = 'init' ; return $this ; } function find () { $clas_list = Conf ( 'clas_list' ) ; $login = $this -> login ; if ( ! $login ) { html_exit ( "find : no login for user" ) ; } $usdn = '' ; $clas = '' ; foreach ( $clas_list as $uclas ) { $typ = $uclas -> typ ; $pat = $uclas -> pat ; if ( $typ == 'ldap' ) { if ( $res = $uclas -> ldap -> find_ldap_user ( $this ) and preg_match ( "/$pat/", $res [ 'dn' ] ) ) { $this -> clas = $uclas -> clas ; $this -> usdn = $res [ 'dn' ] ; $this -> name = $res [ 'cn' ] ; } } elseif ( $typ == 'table' ) { if ( $guest = try_repo_guest_by_login ( $login ) ) { $this -> clas = G_CLASS () ; $this -> name = $guest -> name ; } } if ( $this -> clas ) { $this -> uclas = $uclas ; break ; } } return $this -> clas ; } function vrfy ( $PSWD ) { $login = $this -> login ; $clas = $this -> clas ; $uclas = $this -> uclas ; $typ = $uclas -> typ ; $res = 0 ; if ( ! $clas ) { html_exit ( "vrfy : no clas for user ($login)" ) ; } if ( ! $uclas ) { html_exit ( "vrfy : no uclas for user ($login)" ) ; } if ( $uclas -> clas != $clas ) { $c = $uclas -> clas ; html_exit ( "vrfy : uclas clas ($c) != clas ($clas) for ($login)" ) ; } if ( $typ == 'table' ) { $passwd = get_repo_guest_by_login ( $login ) -> passwd ; $crypted = crypt ( $PSWD, $passwd ) ; # echo "passwd($passwd) crypted($crypted) PSWD($PSWD)
\n" ; $res = $passwd == $crypted ; } elseif ( $typ == 'ldap' ) { if ( ! ( $usdn = $this -> usdn ) ) { html_exit ( "vrfy : no usdn for user ($login)" ) ; } $res = $uclas -> ldap -> vrfy_pswd ( $usdn, $PSWD ) ; } else { html_exit ( "vrfy : bad typ($typ) clas($clas) for user($login)" ) ; } return $res ; } function name () { if ( ! $this -> clas ) { $this -> find () ; } return $this -> name ; } } $USER = '' ; $CLAS = '' ; $BAD_USER = '' ; function session_vars () { $res .= "\n" ; return $res ; } function loginform () { if ( $_SESSION [ 'USER' ] ) { $USER = $_SESSION [ 'USER' ] ; $CLAS = $_SESSION [ 'CLAS' ] ; } $uri = htmlspecialchars ( $_SERVER [ "REQUEST_URI" ] ) ; $PHP_SELF = preg_replace ( '/([&?]|&)?login=1/', '', $uri ) ; $txt_login = <<
user
password
TXT; $txt_logout = <<
logged in as $USER
user class : $CLAS
TXT; return ( ( $USER and ! ( $_POST [ 'logout' ] or $_GET [ 'logout' ] ) ) ? $txt_logout : $txt_login ) ; } function session_sum () { return md5 ( $_SESSION [ 'USER' ] . $_SESSION [ 'CLAS' ] . Conf ( 'www_secret' ) ) ; } function test_login () { global $USER, $CLAS, $BAD_USER ; $err = 'error' ; if ( $_POST [ 'login' ] ) { $USER = strtolower ( trim ( $_POST [ 'USER' ] ) ) ; $PSWD = $_POST [ 'PSWD' ] ; $UPAT = '/^[-._@a-z0-9]+$/' ; if ( ! $USER and ! $PSWD ) { $err = 'error: please supply username/password' ; } elseif ( ! $USER ) { $err = 'error: please supply a username' ; } elseif ( ! $PSWD ) { $err = 'error: please supply a password' ; $USER = '' ; } elseif ( $USER and ! preg_match ( $UPAT, $USER ) ) { $err = sprintf ( "error: user doesn't match %s", htmlspecialchars ( $UPAT ) ) ; $USER = '' ; } else { $user = new_user ( $USER ) ; if ( ! $user -> find () ) { $err = "no such user ($USER)" ; $USER = '' ; } elseif ( ! $user -> vrfy ( $PSWD ) ) { putlog ( "bad login" ) ; $err = "bad password" ; $BAD_USER = $USER ; $USER = '' ; } else { $err = '' ; } } if ( $err ) { # catch all $USER = '' ; } else { $CLAS = $user -> clas ; putlog ( 'login' ) ; $_SESSION [ 'USER' ] = $USER ; $_SESSION [ 'CLAS' ] = $CLAS ; $_SESSION [ 'CHCK' ] = session_sum () ; header ( 'Location: ' . $_SERVER [ "REQUEST_URI" ] ) ; exit ; } } elseif ( $_SESSION [ 'USER' ] ) { if ( $_POST [ 'logout' ] or $_GET [ 'logout' ] ) { putlog ( 'logout', $_SESSION [ 'USER' ], $_SESSION [ 'CLAS' ] ) ; $_SESSION = array () ; session_destroy () ; header ( 'Location: ' . REPO_HOME_URL () ) ; exit ; } elseif ( session_sum () == $_SESSION [ 'CHCK' ] ) { $USER = $_SESSION [ 'USER' ] ; $CLAS = $_SESSION [ 'CLAS' ] ; $err = '' ; if ( ! array_key_exists ( $CLAS, Conf ( 'clases' ) ) ) { $err = ( "weird session clas ($CLAS)" ) ; } } else { $err = sprintf ( "sum != CHCK ; %s != %s
\n" . "USER='%s' CLAS='%s'
\n" , session_sum () , $_SESSION [ 'CHCK' ] , $_SESSION [ 'USER' ] , $_SESSION [ 'CLAS' ] ) ; } } elseif ( $_GET [ 'login' ] ) { assert_login ( 'please login' ) ; } return $err ; } function assert_login ( $msg = '' ) { global $USER, $CLAS, $BAD_USER ; if ( $err = $msg or $err = test_login () ) { $meta = meta_line ( 'robots', 'noindex' ) ; html_start ( $title , loginform () , $meta ) ; $_SESSION = array () ; session_destroy () ; echo "→ $err" ; if ( $BAD_USER and $repo_guest = try_repo_guest_by_login ( $BAD_USER ) ) { $FORM_TXT = << TXT; echo H4 ( "forgot your password ?" ) ; echo UL ( LI ( "IF you are {$repo_guest->name} ..." ) . LI ( "and IF you forgot your password ..." ) . LI ( "we can mail your password to you." ) . LI ( '' . FORM ( "mailme.php" , "POST" , $FORM_TXT ) ) ) ; } $clas_list = Conf ( 'clas_list' ) ; $trs = '' ; foreach ( $clas_list as $uclas ) { if ( $uclas -> clas == G_CLASS () ) { $td = "use the login/password we sent you" ; } elseif ( $uclas -> typ == 'ldap' ) { $dscr = SPN ( $uclas -> ldap -> dscr, 'red' ) ; $td = "use your $dscr login/password" ; } $trs .= TR ( TH ( $uclas -> dscr ) . TD ( $td ) ) ; } echo BQ ( TAB ( $trs ) ) ; html_end () ; exit ; } } function invalid_password () { $res = '' ; if ( ! $_SESSION [ 'USER' ] ) { $res = 'no session' ; } return $res ; } # logging - ignore all errors function putlog ( $msg, $user = '', $clas = '' ) { global $USER, $CLAS ; if ( ! $user ) { $user = $USER or $user = 'ANON' ; } if ( ! $clas ) { $clas = $CLAS or $clas = 'NONE' ; } $log = LOG_FILE () ; if ( $fh = fopen ( $log, "a" ) ) { $str = sprintf ( "%s (%s-%s) %s\n" , date ( 'r' ) , $user , $clas , $msg ) ; fwrite ( $fh, $str ) ; fclose ( $fh ) ; } else { echo "can't log ($s)
\n" ; } } ?>