sharing-gallery/etc/authentication.php

<?php
$realm = "MY REALM HERE";
$ldaphost = "my.ldap.host";
$ldaptls = "yes";
$ldapbase = "dc=my,dc=server,dc=com";
$checkuser = "cn";
function basicAuth() {
    global $realm;
    header('WWW-Authenticate: Basic realm="'.$realm.'"');
    header('HTTP/1.0 401 Unauthorized');
    exit;
}
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    basicAuth();
} else {
    $tstusername = $_SERVER['PHP_AUTH_USER'];
    $password = $_SERVER['PHP_AUTH_PW'];
    $ldapconn = ldap_connect($ldaphost, 389) 
        or error_die("connection to LDAP host failed");
    ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3)
        or error_die("failed to set LDAP protocol version 3");
    if ($ldaptls!="no" && $ldaptls!=0 && $ldaptlS)
        ldap_start_tls($ldapconn)
            or error_die($ldapconn, "cannot start LDAP TLS");
    if ($ldapbind = @ldap_bind($ldapconn, $checkuser.'='.$tstusername.','.$ldapbase, $password)) {
        $search = ldap_search($ldapconn, $ldapbase, $checkuser.'='.$tstusername, array('mail', 'cn'));
        $data = ldap_get_entries($ldapconn, $search);
        ldap_close($ldapconn);
        $username = $tstusername;
        $email = array('count' => 1, 0 => $username.'@'.$_SERVER['HTTP_HOST']);
        $fullname = $username;
        if ($data['count']==1) {
            if (isset($data[0]['mail']))
                $email = $data[0]['mail'];
            if (isset($data[0]['cn'][0]))
                $fullname = $data[0]['cn'][0];
        }
    } else {
        error_log("user login failed: ".$checkuser.'='.$tstusername.','.$ldapbase);
        error_log(ldap_error($ldapconn));
        ldap_close($ldapconn);
        basicAuth();
    }
}
?>
configuration added and updated 2017-02-26 11:11:41 +00:00			`<?php`
			`$realm = "MY REALM HERE";`
			`$ldaphost = "my.ldap.host";`
bugfixes after first tests 2017-02-27 20:54:12 +00:00			`$ldaptls = "yes";`
build fixed 2017-02-26 21:28:18 +00:00			`$ldapbase = "dc=my,dc=server,dc=com";`
make cn or uid configurable 2017-02-27 23:29:04 +00:00			`$checkuser = "cn";`
bugfixes after first tests 2017-02-27 20:54:12 +00:00			`function basicAuth() {`
bugs fixed 2017-02-28 12:25:29 +00:00			`global $realm;`
make cn or uid configurable 2017-02-27 23:29:04 +00:00			`header('WWW-Authenticate: Basic realm="'.$realm.'"');`
configuration added and updated 2017-02-26 11:11:41 +00:00			`header('HTTP/1.0 401 Unauthorized');`
			`exit;`
bugfixes after first tests 2017-02-27 20:54:12 +00:00			`}`
			`if (!isset($_SERVER['PHP_AUTH_USER'])) {`
			`basicAuth();`
configuration added and updated 2017-02-26 11:11:41 +00:00			`} else {`
bugs fixed 2017-02-28 12:25:29 +00:00			`$tstusername = $_SERVER['PHP_AUTH_USER'];`
configuration added and updated 2017-02-26 11:11:41 +00:00			`$password = $_SERVER['PHP_AUTH_PW'];`
			`$ldapconn = ldap_connect($ldaphost, 389)`
			`or error_die("connection to LDAP host failed");`
			`ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3)`
			`or error_die("failed to set LDAP protocol version 3");`
bugfixes after first tests 2017-02-27 20:54:12 +00:00			`if ($ldaptls!="no" && $ldaptls!=0 && $ldaptlS)`
			`ldap_start_tls($ldapconn)`
			`or error_die($ldapconn, "cannot start LDAP TLS");`
bugs fixed 2017-02-28 12:25:29 +00:00			`if ($ldapbind = @ldap_bind($ldapconn, $checkuser.'='.$tstusername.','.$ldapbase, $password)) {`
fixed qr code 2017-03-01 14:36:08 +00:00			`$search = ldap_search($ldapconn, $ldapbase, $checkuser.'='.$tstusername, array('mail', 'cn'));`
fix get user data; fix qrcode library 2017-03-01 09:08:27 +00:00			`$data = ldap_get_entries($ldapconn, $search);`
bugs fixed 2017-02-28 12:25:29 +00:00			`ldap_close($ldapconn);`
			`$username = $tstusername;`
fixed qr code 2017-03-01 14:36:08 +00:00			`$email = array('count' => 1, 0 => $username.'@'.$_SERVER['HTTP_HOST']);`
fix get user data; fix qrcode library 2017-03-01 09:08:27 +00:00			`$fullname = $username;`
			`if ($data['count']==1) {`
			`if (isset($data[0]['mail']))`
			`$email = $data[0]['mail'];`
			`if (isset($data[0]['cn'][0]))`
			`$fullname = $data[0]['cn'][0];`
			`}`
bugs fixed 2017-02-28 12:25:29 +00:00			`} else {`
			`error_log("user login failed: ".$checkuser.'='.$tstusername.','.$ldapbase);`
			`error_log(ldap_error($ldapconn));`
			`ldap_close($ldapconn);`
			`basicAuth();`
			`}`
configuration added and updated 2017-02-26 11:11:41 +00:00			`}`
fixed qr code 2017-03-01 14:36:08 +00:00			`?>`