Umfragen
auth.class.php
Go to the documentation of this file.
1 <?php
2 /*
3  * auth.class.php
4  *
5  * Copyright 2012 root <root@jojo-42>
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
20  * MA 02110-1301, USA.
21  *
22  *
23  */
24 
25 interface auth{
35  public function __construct($server,$port,$location,$username="",$password=""); // location=root_dn or database
36 
43  public function auth($user,$pass);
44 
50  public function get_all_groups($whitelist=array());
51 
60  public function get_all_users_from_grouplist($groups);
61 
67  public function get_gid_to_name_mapping($whitelist=array());
68 
76  public function info($user);
77 
85  public function info_ID($ID);
86 
87 }
88 
89 
90 class LDAPauth implements auth{
91  private $ds;
92  private $server;
93  private $port;
94  private $root_dn;
95 
96  public $userFullName;
97  public $userName;
98  public $userGroupID;
99  public $userDN;
100  public $userID;
101  public $projects = array();
102 
103  public $success;
104  public $reason;
105  public $groups;
106 
107 
108  function __construct($server,$port,$root_dn,$username="",$password=""){
109  $this->server = $server;
110  $this->port = $port;
111  $this->root_dn = $root_dn;
112  return true;
113  }
114 
119  private function connect(){
120  $ds = ldap_connect($this->server, $this->port);
121  if (!$ds) {
122  return FALSE;
123  }
124  if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
125  @ldap_close($ds);
126  return FALSE;
127  }
128  return $ds;
129  }
130 
135  private function auto_connect(){
136  if( !isset($this->ds) ){
137  $ds = $this->connect();
138  if( $ds !== false ){
139  $this->ds = $ds;
140  return $ds;
141  }
142  }
143  }
144 
154  private function get_user_info($user){
155  $this->auto_connect();
156  $sstr = "(uid=".$user.")";
157  if( isset($this->ds) ){
158  $res = ldap_search($this->ds , $this->root_dn , $sstr);
159  if( ldap_count_entries($this->ds , $res) != 1){
160  return array();
161  }else{
162  $res = ldap_get_entries( $this->ds , $res );
163  $data = array();
164  $data["dn"] = $res[0]["dn"] ;
165  $data["fullName"] = $res[0]["cn"][0];
166  $data["givenName"] = $res[0]["givenname"][0];
167  $data["surName"] = $res[0]["sn"][0];
168  $data["userName"] = $user;
169  $data["groupID"] = $res[0]["gidnumber"][0];
170  $data["userID"] = $res[0]["uidnumber"][0];
171  $data["projects"] = $this->get_projects_for_user($user);
172  return $data;
173  }
174 
175  }
176 
177  }
178 
188  private function get_user_info_from_ID($ID){
189  $this->auto_connect();
190  $sstr = "(uidNumber=".$ID.")";
191  if( isset($this->ds) ){
192  $res = ldap_search($this->ds , $this->root_dn , $sstr);
193  if( ldap_count_entries($this->ds , $res) != 1){
194  return array();
195  }else{
196  $res = ldap_get_entries( $this->ds , $res );
197  $data = array();
198  $data["dn"] = $res[0]["dn"] ;
199  $data["fullName"] = $res[0]["cn"][0];
200  $data["givenName"] = $res[0]["givenname"][0];
201  $data["surName"] = $res[0]["sn"][0];
202  $data["userName"] = $res[0]["uid"][0];
203  $data["groupID"] = $res[0]["gidnumber"][0];
204  $data["userID"] = $res[0]["uidnumber"][0];
205  $data["projects"] = $this->get_projects_for_user($data["userName"]);
206  return $data;
207  }
208 
209  }
210 
211  }
212 
221  private function search_for_userdn($user){
222  $this->auto_connect();
223  $sstr = "(uid=".$user.")";
224  if( isset($this->ds) ){
225  $res = ldap_search($this->ds , $this->root_dn , $sstr);
226  if( ldap_count_entries($this->ds , $res) != 1){
227  throw new Exception("username not found");
228  }else{
229  $res = ldap_get_entries( $this->ds , $res );
230  $dn = $res[0]["dn"] ;
231  $groups = array();
232  for ($i=0 ; $i<sizeof($res[0]["gidnumber"])-1 ; ++$i){
233  $groups[$i] = $res[0]["gidnumber"][$i];
234  }
235  $this->userFullName = $res[0]["cn"][0];
236  $this->userName = $user;
237  $this->userGroupID = $res[0]["gidnumber"][0];
238  $this->userID = $res[0]["uidnumber"][0];
239  $this->userGivenName = $res[0]["givenname"][0];
240  $this->userSurName = $res[0]["sn"][0];
241 
242  //$this->groups = $groups;
243  $this->projects = $this->get_projects_for_user($user);
244  $this->userDN = $dn;
245  return true;
246  }
247 
248  }
249  }
250 
251  public function auth($user,$pass){
252  if ( !isset($this->ds) ){
253  $ds = $this->connect();
254  if ($ds === false) {
255  return false;
256  }else{
257  $this->ds = $ds;
258  }
259  }
260 
261  try{
262  $res = $this->search_for_userdn($user) ;
263  }catch(Exception $e){
264  $this->reason = $e->getMessage();
265  return FALSE;
266  }
267 
268  if (!@ldap_bind($this->ds, $this->userDN, $pass)) {
269  $this->success = false;
270  $this->reason= $this->reason."invalid password";
271  return false;
272  }else{
273  $this->success = true;
274  return true;
275  }
276  }
277 
278 
287  public function info($user){
288  $res = $this->get_user_info($user);
289  if( sizeof($res) > 0 ){
290  $data = array( "fullName" => $res["fullName"],
291  "userName" => $res["userName"],
292  "givenName" => $res["givenName"],
293  "surName" => $res["surName"],
294  "groupID" => $res["groupID"] ,
295  "userID" => $res["userID"]
296  );
297  return $data;
298  }else{
299  return array( "fullName" => "", "userName" => "", "givenName" => "", "surName" => "","groupID" => "", "userID" => "");
300  }
301  }
302 
311  public function info_ID($ID){
312  $res = $this->get_user_info_from_ID($ID);
313  $data = array( "fullName" => $res["fullName"],
314  "givenName" => $res["givenName"],
315  "surName" => $res["surName"],
316  "userName" => $res["userName"],
317  "groupID" => $res["groupID"] ,
318  "userID" => $res["userID"]
319  );
320  return $data;
321  }
322 
323  public function get_all_groups($whitelist=array()){
324  // connect if not connected
325  $this->auto_connect();
326  // do ldap search for all entries which have the atribute possixGroup
327  if( sizeof($whitelist) >0 ){
328  $sstr = "(&(objectClass=posixGroup)(|";
329  foreach($whitelist as $white){
330  $sstr = $sstr."(cn=$white)";
331  }
332  $sstr = $sstr."(cn=p_*)"; // allow "projects" from paedML
333  $sstr = $sstr."))";
334  }else{
335  $sstr = "(objectClass=posixGroup)";
336  }
337 
338  if( isset($this->ds) ){
339  $res = ldap_search($this->ds , $this->root_dn , $sstr);
340  $res = ldap_get_entries( $this->ds , $res );
341 
342  // filter informations: array of array(groupName ,groupID )
343  $groups = array();
344  for($i=0 ; $i<sizeof($res)-1 ; ++$i){ // -1 wegen "count"
345  if( (isset($res[$i]["gidnumber"][0])) AND (isset($res[$i]["cn"][0])) ){
346  $groups[] = array($res[$i]["cn"][0] , $res[$i]["gidnumber"][0]);
347  }
348  }
349  }
350 
351  // return empty array if no success
352  if( (isset($groups)) AND (sizeof($groups) > 0) ){
353  asort($groups);
354  return $groups;
355  }else{
356  return array();
357  }
358  }
359 
360  public function get_all_users_from_grouplist($groups){
361  // search string
362  $sstr = "( &(objectClass=posixAccount)( |";
363  foreach($groups as $g){
364  $sstr = $sstr."(gidNumber=$g)";
365  }
366  $sstr = $sstr."))";
367 
368  // connect if not connected
369  $this->auto_connect();
370  // do search
371  if( isset($this->ds) ){
372  $res = ldap_search($this->ds , $this->root_dn , $sstr);
373  $res = ldap_get_entries( $this->ds , $res );
374 
375  $users = array();
376  if(sizeof($res) > 0){
377  for($i=0 ; $i<sizeof($res)-1 ; ++$i){
378  $user = $res[$i];
379  $info = array();
380  $info["fullName"] = $user["cn"][0];
381  $info["givenName"] = $user["givenname"][0];
382  $info["surName"] = $user["sn"][0];
383  $info["userName"] = $user["uid"][0];
384  $info["groupID"] = $user["gidnumber"][0];
385  $info["userID"] = $user["uidnumber"][0];
386  $users[ $info["userID"] ] = $info;
387  }
388  }
389 
390  // projects
391  $users2 = $this->get_all_users_from_projectlist($groups);
392  $diff = array_diff_key($users2,$users);
393  foreach($diff as $u){
394  $users[$u["userID"]] = $u;
395  }
396  return $users;
397  }else{
398  return array();
399  }
400  }
401 
409  public function get_all_users_from_projectlist($projects){
410  // connect if not connected
411  $this->auto_connect();
412 
413  // get user list
414  $sstr = "( &(objectClass=posixGroup)(cn=p_*)( |";
415  foreach($projects as $g){
416  $sstr = $sstr."(gidNumber=$g)";
417  }
418  $sstr = $sstr."))";
419 
420  if( isset($this->ds) ){
421  $res = ldap_search($this->ds , $this->root_dn , $sstr);
422  $res = ldap_get_entries( $this->ds , $res );
423  $users = array();
424  $users2 = array();
425 
426  if(sizeof($res) > 0){
427  foreach($res as $r){
428  //var_dump($r);
429  if( (is_array($r)) ){
430  foreach( array_keys($r["memberuid"]) as $index){
431  if( $index !== "count" ){
432  $users[] = $r["memberuid"][$index];
433  } // end if not count object
434  } // end foreach member
435  } // end is array
436  } // end foreach result
437  } // end if result
438 
439  // get user infos
440  $users = array_unique($users);
441  $sstr = "( &(objectClass=posixAccount)( |";
442  foreach($users as $u){
443  $sstr = $sstr."(uid=$u)";
444  }
445  $sstr = $sstr."))";
446  $res = ldap_search($this->ds , $this->root_dn , $sstr);
447  $res = ldap_get_entries( $this->ds , $res );
448 
449  foreach($res as $r){
450  if( is_array($r) ){
451  $info = array();
452  $info["fullName"] = $r["cn"][0];
453  $info["givenName"] = $r["givenname"][0];
454  $info["surName"] = $r["sn"][0];
455  $info["userName"] = $r["uid"][0];
456  $info["groupID"] = $r["gidnumber"][0];
457  $info["userID"] = $r["uidnumber"][0];
458  $users2[ $info["userID"] ] = $info;
459  }
460  }
461  return $users2;
462  } // end is connected
463 
464  }
465 
466  function get_gid_to_name_mapping($whitelist=array()){
467  $groups = $this->get_all_groups($whitelist);
468  $mapping = array();
469  foreach($groups as $group){
470  $mapping[ $group[1] ] = $group[0];
471  }
472  return $mapping;
473  }
474 
482  public function get_projects_for_user($user){
483  $sstr = "( &(cn=p_*)(objectClass=posixGroup)(memberUid=$user) )";
484 
485  $this->auto_connect();
486 
487  if( isset($this->ds) ){
488  $res = ldap_search($this->ds , $this->root_dn , $sstr);
489  $res = ldap_get_entries( $this->ds , $res );
490 
491  $groups = array();
492  if(sizeof($res) > 0){
493  foreach($res as $r){
494  if( is_array($r) ){
495  $groups[] = array( $r["cn"][0] , $r["gidnumber"][0] );
496  } // end is array
497  } // end foreach result
498  } // end if result
499  return $groups;
500  } // end if connected
501  }
502 }
503 
504 
505 
506 class MYSQLauth implements auth{
507  private $dbh;
508  public $userFullName;
509  public $userName;
510  public $userGroupID;
511  public $userDN;
512  public $userID;
513  public $reason;
514  public $success;
515 
516 
517  public function __construct($server,$port,$database,$username="",$password=""){
518  try {
519  $this->dbh = new PDO("mysql:dbname=".$database.";host=".$server.";port=".$port, $username, $password,
520  array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'"));
521  } catch (PDOException $e) {
522  die( 'Connection to authentification server failed: ' . $e->getMessage());
523  }
524  return true;
525  }
526  /*
527  public function setServer($server){
528  $this->server = $server;
529  }
530  public function setPort($port){
531  $this->port = $port;
532  }
533  public function setDatabase($database){
534  $this->database = $database;
535  }
536  public function setDatabaseUserName($username){
537  $this->username = $username;
538  }
539  public function setDatabaseUserPassword($pass){
540  $this->password = $pass;
541  }
542  */
543 
548  private function connect(){
549  throw new Exception("connect() not implemented yet.");
550  }
551 
559  private function get_user_info($username){
560  if ( !isset($this->dbh) ){
561  $this->connect();
562  }
563 
564  $info = array();
565  $info["fullName"] = "";
566  $info["givenName"] = "";
567  $info["surName"] = "";
568  $info["userName"] = $username;
569  $info["groupID"] = "";
570  $info["userID"] = "";
571  $info["password"] = "";
572  // FETCH
573  $sqh = $this->dbh->prepare("SELECT * FROM `users` WHERE `userName` = :name");
574  $r = $sqh->execute( array(":name"=>$username) );
575  if( $r !== false ){
576  $res = $sqh->fetch(PDO::FETCH_ASSOC);
577  if( $res !== false ){
578  $info["fullName"] = $res["fullName"];
579  $info["givenName"] = $res["givenName"];
580  $info["surName"] = $res["surName"];
581  $info["groupID"] = $res["gid"];
582  $info["userID"] = $res["uid"];
583  $info["password"] = $res["password"];
584  } // if result
585  } // if prepared statement
586  return $info;
587  }
588 
589 
597  private function get_user_info_from_ID($ID){
598  if ( !isset($this->dbh) ){
599  $this->connect();
600  }
601 
602  $info = array();
603  $info["fullName"] = "";
604  $info["givenName"] = "";
605  $info["surName"] = "";
606  $info["userName"] = "";
607  $info["groupID"] = "";
608  $info["userID"] = $ID;
609  $info["password"] = "";
610  // FETCH
611  $sqh = $this->dbh->prepare("SELECT * FROM `users` WHERE `uid` = :ID");
612  $r = $sqh->execute( array(":ID"=>$ID) );
613  if( $r !== false ){
614  $res = $sqh->fetch(PDO::FETCH_ASSOC);
615  if( $res !== false ){
616  $info["userName"] = $res["userName"];
617  $info["fullName"] = $res["fullName"];
618  $info["givenName"] = $res["givenName"];
619  $info["surName"] = $res["surName"];
620  $info["groupID"] = $res["gid"];
621  $info["userID"] = $res["uid"];
622  $info["password"] = $res["password"];
623  } // if result
624  } // if prepared statement
625  return $info;
626  }
627 
628  public function auth($user,$pass){
629  if ( !isset($this->dbh) ){
630  $this->connect();
631  }
632  $userInfo = $this->get_user_info($user);
633 
634  if( $userInfo["password"] === "" ){
635  $this->reason = "Benutzername existiert nicht.";
636  $this->success == false;
637  return false;
638  }
639  $passwd = $userInfo["password"];
640  $hashed_passwd = crypt($pass,$passwd);
641 
642  if( $passwd === $hashed_passwd ){
643  $this->userFullName = $userInfo["fullName"];
644  $this->userGivenName = $userInfo["givenName"];
645  $this->userSurName = $userInfo["surName"];
646  $this->userName = $user;
647  $this->userGroupID = $userInfo["groupID"];
648  $this->userDN = "";
649  $this->userID = $userInfo["userID"];
650 
651  $this->success = true;
652  return true;
653  }else{
654  $this->success = false;
655  $this->reason = "Das Password ist falsch";
656  return false;
657  }
658  }
659 
667  public function info($user){
668  $res = $this->get_user_info($user);
669  $data = array( "fullName" => $res["fullName"],
670  "userName" => $res["userName"],
671  "givenName" => $res["givenName"],
672  "surName" => $res["surName"],
673  "groupID" => $res["groupID"] ,
674  "userID" => $res["userID"]
675  );
676  return $data;
677  }
678 
679 
687  public function info_ID($ID){
688  $res = $this->get_user_info_from_ID($ID);
689  $data = array( "fullName" => $res["fullName"],
690  "userName" => $res["userName"],
691  "givenName" => $res["givenName"],
692  "surName" => $res["surName"],
693  "groupID" => $res["groupID"] ,
694  "userID" => $res["userID"]
695  );
696  return $data;
697  }
698 
699 
700  public function get_all_groups($whitelist=array()){
701  // connect if not connected
702  if ( !isset($this->dbh) ){
703  $this->connect();
704  }
705 
706  $groups = array();
707  $sqh = $this->dbh->prepare("SELECT * FROM `groups`");
708  $sqh->execute( array() );
709  $res = $sqh->fetchAll(PDO::FETCH_ASSOC);
710  if( isset($res) ){
711  foreach($res as $r){
712  // an empy whitelist deactivates whitelisting, else check if whitelisted
713  if( (in_array($r["name"],$whitelist)) OR (sizeof($whitelist) == 0) ){
714  $groups[] = array( $r["name"] , $r["gid"] );
715  } // end if whitelisted
716  } // end foreach group
717  } // end if success
718 
719  // return empty array if no success
720  if( sizeof($groups) > 0 ){
721  asort($groups);
722  return $groups;
723  }else{
724  return array();
725  }
726  }
727 
728  public function get_all_users_from_grouplist($groups){
729  // search string
730  $sstr = "";
731  $sdata = array();
732  $c = 0;
733  foreach($groups as $g){
734  $sstr = $sstr." (`gid`=:$c) OR";
735  $sdata[":$c"] = $g;
736  ++$c;
737  }
738  $sstr = trim($sstr,"OR");
739 
740  // connect if not connected
741  if ( !isset($this->dbh) ){
742  $this->connect();
743  }
744 
745  // do search
746  $sqh = $this->dbh->prepare("SELECT * FROM `users` WHERE $sstr");
747  $sqh->execute( $sdata );
748  $res = $sqh->fetchAll(PDO::FETCH_ASSOC);
749  $users = array();
750  if( isset($res) ){
751  foreach($res as $r){
752  $info = array();
753  $info["fullName"] = $r["fullName"];
754  $info["givenName"] = $r["givenName"];
755  $info["surName"] = $r["surName"];
756  $info["groupID"] = $r["gid"];
757  $info["userID"] = $r["uid"];
758  $info["userName"] = $r["userName"];
759  $users[ $info["userID"] ] = $info;
760  }
761  }
762  return $users;
763  }
764 
765  public function get_gid_to_name_mapping($whitelist=array()){
766  $groups = $this->get_all_groups($whitelist);
767  $mapping = array();
768  foreach($groups as $group){
769  $mapping[ $group[1] ] = $group[0];
770  }
771  return $mapping;
772  }
773 
774  /*public function set_password($password){
775 
776  }*/
777 
778  public function make_users_table(){
779  $sql = "
780  CREATE TABLE IF NOT EXISTS `users` (
781  `uid` int(11) NOT NULL,
782  `gid` int(11) NOT NULL,
783  `userName` varchar(256) COLLATE utf8_unicode_ci NOT NULL,
784  `fullName` varchar(256) COLLATE utf8_unicode_ci NOT NULL,
785  `givenName` varchar(256) COLLATE utf8_unicode_ci NOT NULL,
786  `surName` varchar(256) COLLATE utf8_unicode_ci NOT NULL,
787  `password` varchar(128) COLLATE utf8_unicode_ci NOT NULL,
788  PRIMARY KEY (`uid`)
789  ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
790  ";
791  $this->dbh->exec($sql);
792  }
793 }
794 
795 // ! no ending newLine
796 ?>