serv = $serv ;
$this -> base = $base ;
$this -> dscr = $dscr ;
return $this ;
}
function find_ldap_user ( $user )
{ $SERV = $this -> serv ;
$BASE = $this -> base ;
$login = $user -> login ;
$res = '' ;
if ( ! $ds = ldap_connect ( $SERV ) )
{ html_exit ( "failed : connect to $SERV (1)" ) ; }
if ( ! ldap_set_option( $ds, LDAP_OPT_PROTOCOL_VERSION,3 ) )
{ html_exit ( "failed : set ldap v3 protocol" ) ; }
if ( ! $r = ldap_bind ( $ds ) )
{ html_exit ( "failed : bind to '$SERV' (anonymous)" ) ; }
$attrs = array ( 'dn', 'cn' ) ;
$sr = ldap_search ( $ds, $BASE, "uid=$login", $attrs ) ;
$count = ldap_count_entries ( $ds, $sr ) ;
if ( $count > 1 )
{ html_exit ( "$SERV : $count entries '$login' found" ) ; }
elseif ( $count == 1 )
{ $info = ldap_get_entries ( $ds, $sr ) ;
$dn = strtolower ( $info [ 0 ] [ 'dn' ] ) ;
$cn = $info [ 0 ] [ 'cn' ] [0] ;
$res = array ( dn => $dn , cn => $cn ) ;
ldap_unbind ( $ds ) ;
}
return $res ;
}
function vrfy_pswd ( $usdn, $PSWD )
{ $SERV = $this -> serv ;
$res = 0 ;
ini_set ( "error_reporting", '0' ) ;
if ( ! $ds = ldap_connect ( $SERV ) )
{ html_exit ( "failed : connect to $SERV (2)" ) ; }
elseif ( ! ldap_set_option ( $ds, LDAP_OPT_PROTOCOL_VERSION, 3 ) )
{ html_exit ( "failed : set ldap v3 protocol" ) ; }
elseif ( ldap_bind ( $ds, $usdn, $PSWD ) )
{ $res = 1 ; }
ini_set ( "error_reporting", '1' ) ;
if ( $ds ) { ldap_unbind ( $ds ) ; }
return $res ;
}
}
function new_user ( $login )
{ $res = new User ; $res -> init ( $login ) ; return $res ; }
function full_name ( $login )
{ return new_user ( $login ) -> name () ; }
class User
{
function init ( $login )
{ $this -> login = $login ;
$this -> name = '' ;
$this -> usdn = '' ;
$this -> clas = '' ;
$this -> err = 'init' ;
return $this ;
}
function find ()
{ $clas_list = Conf ( 'clas_list' ) ;
$login = $this -> login ;
if ( ! $login ) { html_exit ( "find : no login for user" ) ; }
$usdn = '' ;
$clas = '' ;
foreach ( $clas_list as $uclas )
{ $typ = $uclas -> typ ;
$pat = $uclas -> pat ;
if ( $typ == 'ldap' )
{ if ( $res = $uclas -> ldap -> find_ldap_user ( $this )
and preg_match ( "/$pat/", $res [ 'dn' ] )
)
{ $this -> clas = $uclas -> clas ;
$this -> usdn = $res [ 'dn' ] ;
$this -> name = $res [ 'cn' ] ;
}
}
elseif ( $typ == 'table' )
{ if ( $guest = try_repo_guest_by_login ( $login ) )
{ $this -> clas = G_CLASS () ;
$this -> name = $guest -> name ;
}
}
if ( $this -> clas ) { $this -> uclas = $uclas ; break ; }
}
return $this -> clas ;
}
function vrfy ( $PSWD )
{ $login = $this -> login ;
$clas = $this -> clas ;
$uclas = $this -> uclas ;
$typ = $uclas -> typ ;
$res = 0 ;
if ( ! $clas ) { html_exit ( "vrfy : no clas for user ($login)" ) ; }
if ( ! $uclas ) { html_exit ( "vrfy : no uclas for user ($login)" ) ; }
if ( $uclas -> clas != $clas )
{ $c = $uclas -> clas ;
html_exit ( "vrfy : uclas clas ($c) != clas ($clas) for ($login)" ) ;
}
if ( $typ == 'table' )
{ $res = get_repo_guest_by_login ( $login ) -> passwd == $PSWD ; }
elseif ( $typ == 'ldap' )
{ if ( ! ( $usdn = $this -> usdn ) )
{ html_exit ( "vrfy : no usdn for user ($login)" ) ; }
$res = $uclas -> ldap -> vrfy_pswd ( $usdn, $PSWD ) ;
}
else
{ html_exit ( "vrfy : bad typ($typ) clas($clas) for user($login)" ) ; }
return $res ;
}
function name ()
{ if ( ! $this -> clas ) { $this -> find () ; } return $this -> name ; }
}
$USER = '' ;
$CLAS = '' ;
function session_vars ()
{ $res .= "
\n" ;
if ( $_SESSION )
{ foreach ( $_SESSION as $key => $val )
{ $tmp = $val ;
if ( $key == 'PSWD' ) { $tmp = ( $val ? '*****' : 'empty' ) ; }
$res .= "- session : $key -> '$tmp'
\n" ;
}
}
if ( $_POST )
{ foreach ( $_POST as $key => $val )
{ $tmp = $val ;
if ( $key == 'PSWD' ) { $tmp = ( $val ? '*****' : 'empty' ) ; }
$res .= "- post : $key -> '$tmp'
\n" ;
}
}
if ( ! $_SESSION and ! $_POST )
{ $res .= 'nothing in SESSION or POST' ; }
$res .= "
\n" ;
return $res ;
}
function loginform ()
{ if ( $_SESSION [ 'USER' ] )
{ $USER = $_SESSION [ 'USER' ] ;
$CLAS = $_SESSION [ 'CLAS' ] ;
}
$PHP_SELF = $_SERVER [ "REQUEST_URI" ] ;
$txt_login = <<
TXT;
$txt_logout = <<
TXT;
return
( ( $USER and ! ( $_POST [ 'logout' ] or $_GET [ 'logout' ] ) )
? $txt_logout
: $txt_login
) ;
}
function session_sum ()
{ return md5
( $_SESSION [ 'USER' ]
. $_SESSION [ 'CLAS' ]
. Conf ( 'www_secret' )
) ;
}
function test_login ()
{ global $USER, $CLAS ;
$err = 'please, login' ;
if ( $_POST [ 'login' ] )
{ $USER = strtolower ( trim ( $_POST [ 'USER' ] ) ) ;
$PSWD = $_POST [ 'PSWD' ] ;
if ( ! $USER and ! $PSWD )
{ $err = 'error: please supply username/password' ; }
elseif ( ! $USER )
{ $err = 'error: please supply a username' ; }
elseif ( ! $PSWD )
{ $err = 'error: please supply a password' ; }
else
{ $user = new_user ( $USER ) ;
if ( ! $user -> find () )
{ $err = "no such user ($USER)" ; }
elseif ( ! $user -> vrfy ( $PSWD ) )
{ putlog ( "bad login" ) ;
$err = "bad password" ;
}
else
{ $err = '' ; }
}
if ( ! $err )
{ $CLAS = $user -> clas ;
putlog ( 'login' ) ;
$_SESSION [ 'USER' ] = $USER ;
$_SESSION [ 'CLAS' ] = $CLAS ;
$_SESSION [ 'CHCK' ] = session_sum () ;
header ( 'Location: ' . $_SERVER [ "REQUEST_URI" ] ) ;
exit ;
}
}
elseif ( $_SESSION [ 'USER' ] )
{ if ( $_POST [ 'logout' ] or $_GET [ 'logout' ] )
{ putlog ( 'logout', $_SESSION [ 'USER' ], $_SESSION [ 'CLAS' ] ) ;
$_SESSION = array () ;
session_destroy () ;
header ( 'Location: ' . REPO_HOME_URL () ) ;
exit ;
}
elseif ( session_sum () == $_SESSION [ 'CHCK' ] )
{ $USER = $_SESSION [ 'USER' ] ;
$CLAS = $_SESSION [ 'CLAS' ] ;
$err = '' ;
if ( ! array_key_exists ( $CLAS, Conf ( 'clases' ) ) )
{ $err = ( "weird session clas ($CLAS)" ) ; }
}
else
{ $err = sprintf
( "sum != CHCK ; %s != %s
\n"
. "USER='%s' CLAS='%s'
\n"
, session_sum ()
, $_SESSION [ 'CHCK' ]
, $_SESSION [ 'USER' ]
, $_SESSION [ 'CLAS' ]
) ;
}
}
return $err ;
}
function assert_login ()
{ global $USER, $CLAS ;
if ( $err = test_login () )
{ $meta = meta_line ( 'robots', 'noindex' ) ;
html_start ( $title , loginform () , $meta ) ;
$_SESSION = array () ; session_destroy () ;
echo "→ $err" ;
if ( ( $err == 'bad password' )
and ( $repo_guest = try_repo_guest_by_login ( $USER ) )
)
{ $FORM_TXT = <<
TXT;
echo H4 ( "forgot your password ?" ) ;
echo UL
( LI ( "IF you are {$repo_guest->name} ..." )
. LI ( "and IF you forgot your password ..." )
. LI ( "we can mail your password to you." )
. LI ( ''
. FORM
( "mailme.php?ID=$ID"
, "POST"
, $FORM_TXT
)
)
) ;
}
$clas_list = Conf ( 'clas_list' ) ;
$trs = '' ;
foreach ( $clas_list as $uclas )
{ if ( $uclas -> clas == G_CLASS () )
{ $td = "use the login/password we sent you" ; }
elseif ( $uclas -> typ == 'ldap' )
{ $dscr = SPN ( $uclas -> ldap -> dscr, 'red' ) ;
$td = "use your $dscr login/password" ;
}
$trs .= TR ( TH ( $uclas -> dscr ) . TD ( $td ) ) ;
}
echo BQ ( TAB ( $trs ) ) ;
html_end () ;
exit ;
}
}
function invalid_password ()
{ $res = '' ;
if ( ! $_SESSION [ 'USER' ] ) { $res = 'no session' ; }
return $res ;
}
# logging - ignore all errors
function putlog ( $msg, $user = '', $clas = '' )
{ global $USER, $CLAS ;
if ( ! $user ) { $user = $USER or $user = 'ANON' ; }
if ( ! $clas ) { $clas = $CLAS or $clas = 'NONE' ; }
$log = LOG_FILE () ;
if ( $fh = fopen ( $log, "a" ) )
{ $str = sprintf
( "%s (%s-%s) %s\n" , date ( 'r' ) , $user , $clas , $msg ) ;
fwrite ( $fh, $str ) ;
fclose ( $fh ) ;
}
else
{ echo "can't log ($s)
\n" ; }
}
?>