+ if ($ldap_user_account) {
+ // LDAP account
+ return ldap_auth($username, $password);
+ } else {
+ // Defined users in pukiwiki.ini.php
+ if (in_array($user, array_keys($auth_users))) {
+ if (pkwk_hash_compute(
+ $password,
+ $auth_users[$user]) === $auth_users[$user]) {
+ session_start();
+ session_regenerate_id(true); // require: PHP5.1+
+ $_SESSION['authenticated_user'] = $user;
+ $_SESSION['authenticated_user_fullname'] = $user;
+ return true;
+ }
+ }
+ }
+ return false;
+}
+
+function ldap_auth($username, $password)
+{
+ global $ldap_server, $ldap_base_dn, $ldap_bind_dn, $ldap_bind_password;
+ $ldapconn = ldap_connect($ldap_server);
+ if ($ldapconn) {
+ ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
+ ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
+ if (preg_match('#\$login\b#', $ldap_bind_dn)) {
+ // Bind by user credential
+ $username_esc = pkwk_ldap_escape_dn($username);
+ $bind_dn_user = preg_replace('#\$login\b#', $username_esc, $ldap_bind_dn);
+ $ldap_bind_user = ldap_bind($ldapconn, $bind_dn_user, $password);
+ if ($ldap_bind_user) {
+ $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
+ if ($user_info) {
+ $ldap_groups = get_ldap_groups_with_user($ldapconn, $username, $user_info['is_ad']);
+ session_regenerate_id(true); // require: PHP5.1+
+ $_SESSION['authenticated_user'] = $user_info['uid'];
+ $_SESSION['authenticated_user_fullname'] = $user_info['fullname'];
+ $_SESSION['dynamic_member_groups'] = $ldap_groups;
+ return true;
+ }
+ }
+ } else {
+ // Bind by bind dn
+ $ldap_bind = ldap_bind($ldapconn, $ldap_bind_dn, $ldap_bind_password);
+ if ($ldap_bind) {
+ $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
+ if ($user_info) {
+ $ldap_bind_user2 = ldap_bind($ldapconn, $user_info['dn'], $password);
+ if ($ldap_bind_user2) {
+ $ldap_groups = get_ldap_groups_with_user($ldapconn, $username, $user_info['is_ad']);
+ session_regenerate_id(true); // require: PHP5.1+
+ $_SESSION['authenticated_user'] = $user_info['uid'];
+ $_SESSION['authenticated_user_fullname'] = $user_info['fullname'];
+ $_SESSION['dynamic_member_groups'] = $ldap_groups;
+ return true;
+ }
+ }
+ }
+ }
+ }
+ return false;
+}
+
+// Get LDAP user info via bind DN
+function ldap_get_simple_user_info($username)
+{
+ global $ldap_server, $ldap_base_dn, $ldap_bind_dn, $ldap_bind_password;
+ $ldapconn = ldap_connect($ldap_server);
+ if ($ldapconn) {
+ ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
+ ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
+ // Bind by bind dn
+ $ldap_bind = ldap_bind($ldapconn, $ldap_bind_dn, $ldap_bind_password);
+ if ($ldap_bind) {
+ $user_info = get_ldap_user_info($ldapconn, $username, $ldap_base_dn);
+ if ($user_info) {
+ $ldap_groups = get_ldap_groups_with_user($ldapconn,
+ $username, $user_info['is_ad']);
+ $user_info['dynamic_member_groups'] = $ldap_groups;
+ return $user_info;
+ }
+ }
+ }
+ return false;
+}
+
+/**
+ * Search user and get 'dn', 'uid', 'fullname' and 'mail'
+ * @param type $ldapconn
+ * @param type $username
+ * @param type $base_dn
+ * @return boolean
+ */
+function get_ldap_user_info($ldapconn, $username, $base_dn) {
+ $username_esc = pkwk_ldap_escape_filter($username);
+ $filter = "(|(uid=$username_esc)(sAMAccountName=$username_esc))";
+ $result1 = ldap_search($ldapconn, $base_dn, $filter, array('dn', 'uid', 'cn', 'samaccountname', 'displayname', 'mail'));
+ $entries = ldap_get_entries($ldapconn, $result1);
+ if (!isset($entries[0])) {
+ return false;
+ }
+ $info = $entries[0];
+ if (isset($info['dn'])) {
+ $user_dn = $info['dn'];
+ $cano_username = $username;
+ $is_active_directory = false;
+ if (isset($info['uid'][0])) {
+ $cano_username = $info['uid'][0];
+ } elseif (isset($info['samaccountname'][0])) {
+ $cano_username = $info['samaccountname'][0];
+ $is_active_directory = true;
+ }
+ $cano_fullname = $username;
+ if (isset($info['displayname'][0])) {
+ $cano_fullname = $info['displayname'][0];
+ } elseif (isset($info['cn'][0])) {
+ $cano_fullname = $info['cn'][0];