piler/webui/model/user/auth.php

<?php

class ModelUserAuth extends Model {

   public function checkLogin($username = '', $password = '') {
      $ok = 0;

      $query = $this->db->query("SELECT " . TABLE_USER . ".username, " . TABLE_USER . ".uid, " . TABLE_USER . ".realname, " . TABLE_USER . ".dn, " . TABLE_USER . ".password, " . TABLE_USER . ".isadmin, " . TABLE_USER . ".domain FROM " . TABLE_USER . ", " . TABLE_EMAIL . " WHERE " . TABLE_EMAIL . ".email=? AND " . TABLE_EMAIL . ".uid=" . TABLE_USER . ".uid", array($username));

      if(!isset($query->row['password'])) { return 0; }

      $pass = crypt($password, $query->row['password']);

      if($pass == $query->row['password']){
         $ok = 1;

         AUDIT(ACTION_LOGIN, $username, '', '', 'successful auth against user table');
      }
      else {
         AUDIT(ACTION_LOGIN_FAILED, $username, '', '', 'failed auth against user table');
      }

      if($ok == 0 && strlen($query->row['dn']) > 3) {
         $ok = $this->checkLoginAgainstLDAP($query->row, $password);
      }


      if($ok == 1) {
         $_SESSION['username'] = $query->row['username'];
         $_SESSION['uid'] = $query->row['uid'];
         $_SESSION['admin_user'] = $query->row['isadmin'];
         $_SESSION['email'] = $username;
         $_SESSION['domain'] = $query->row['domain'];
         $_SESSION['realname'] = $query->row['realname'];

         $_SESSION['emails'] = $this->model_user_user->get_users_all_email_addresses($query->row['uid']);
         $_SESSION['folders'] = $this->model_folder_folder->get_all_folder_ids($query->row['uid']);
         $_SESSION['extra_folders'] = $this->model_folder_folder->get_all_extra_folder_ids($query->row['uid']);

         return 1;
      }


      return 0;
   }


   private function checkLoginAgainstLDAP($user = array(), $password = '') {
      if($password == '' || !isset($user['username']) || !isset($user['domain']) || !isset($user['dn']) || strlen($user['domain']) < 2){ return 0; }

      $query = $this->db->query("SELECT remotehost, basedn FROM " . TABLE_REMOTE . " WHERE remotedomain=?", array($user['domain']));

      if($query->num_rows != 1) { return 0; }

      $ldap = new LDAP($query->row['remotehost'], $user['dn'], $password);

      if($ldap->is_bind_ok()) {
         $this->change_password($user['username'], $password);

         AUDIT(ACTION_LOGIN, $user['username'], '', '', 'changed password in local table');

         return 1;
      }
      else {
         AUDIT(ACTION_LOGIN_FAILED, $user['username'], '', '', 'failed bind to ' . $query->row['remotehost'], $user['dn']);
      }

      return 0; 
   }


   public function check_ntlm_auth() {
      if(!isset($_SERVER['REMOTE_USER'])) { return 0; }

      $u = explode("\\", $_SERVER['REMOTE_USER']);

      if(!isset($u[1])) { return 0; }

      $query = $this->db->query("SELECT " . TABLE_USER . ".username, " . TABLE_USER . ".uid, " . TABLE_USER . ".realname, " . TABLE_USER . ".dn, " . TABLE_USER . ".isadmin, " . TABLE_USER . ".domain FROM " . TABLE_USER . " WHERE " . TABLE_USER . ".samaccountname=?", array($u[1]));

      if($query->num_rows == 1) {
         $_SESSION['username'] = $query->row['username'];
         $_SESSION['uid'] = $query->row['uid'];
         $_SESSION['admin_user'] = $query->row['isadmin'];
         $_SESSION['email'] = $this->model_user_user->get_primary_email_by_domain($query->row['uid'], $query->row['domain']);
         $_SESSION['domain'] = $query->row['domain'];
         $_SESSION['realname'] = $query->row['realname'];

         $_SESSION['emails'] = $this->model_user_user->get_users_all_email_addresses($query->row['uid']);
         $_SESSION['folders'] = $this->model_folder_folder->get_all_folder_ids($query->row['uid']);
         $_SESSION['extra_folders'] = $this->model_folder_folder->get_all_extra_folder_ids($query->row['uid']);

         return 1;
      }

      return 0; 
   }


   public function change_password($username = '', $password = '') {
      if($username == "" || $password == ""){ return 0; }

      $query = $this->db->query("UPDATE " . TABLE_USER . " SET password=? WHERE username=?", array(crypt($password), $username));

      $rc = $this->db->countAffected();

      return $rc;
   }

}

?>
added the webui to the tarball 2012-02-08 23:14:28 +01:00			`<?php`

			`class ModelUserAuth extends Model {`

			`public function checkLogin($username = '', $password = '') {`
fixing initial LDAP auth issue 2012-10-06 14:18:00 +02:00			`$ok = 0;`
added the webui to the tarball 2012-02-08 23:14:28 +01:00
updated the group handling + revised admin permissions 2012-06-25 22:14:30 +02:00			`$query = $this->db->query("SELECT " . TABLE_USER . ".username, " . TABLE_USER . ".uid, " . TABLE_USER . ".realname, " . TABLE_USER . ".dn, " . TABLE_USER . ".password, " . TABLE_USER . ".isadmin, " . TABLE_USER . ".domain FROM " . TABLE_USER . ", " . TABLE_EMAIL . " WHERE " . TABLE_EMAIL . ".email=? AND " . TABLE_EMAIL . ".uid=" . TABLE_USER . ".uid", array($username));`
added the webui to the tarball 2012-02-08 23:14:28 +01:00
			`if(!isset($query->row['password'])) { return 0; }`

			`$pass = crypt($password, $query->row['password']);`

			`if($pass == $query->row['password']){`
fixing initial LDAP auth issue 2012-10-06 14:18:00 +02:00			`$ok = 1;`
added the webui to the tarball 2012-02-08 23:14:28 +01:00
fixing initial LDAP auth issue 2012-10-06 14:18:00 +02:00			`AUDIT(ACTION_LOGIN, $username, '', '', 'successful auth against user table');`
			`}`
			`else {`
			`AUDIT(ACTION_LOGIN_FAILED, $username, '', '', 'failed auth against user table');`
			`}`

			`if($ok == 0 && strlen($query->row['dn']) > 3) {`
fixed a typo in model/userr/auth.php 2012-10-06 21:35:22 +02:00			`$ok = $this->checkLoginAgainstLDAP($query->row, $password);`
fixing initial LDAP auth issue 2012-10-06 14:18:00 +02:00			`}`


			`if($ok == 1) {`
added the webui to the tarball 2012-02-08 23:14:28 +01:00			`$_SESSION['username'] = $query->row['username'];`
			`$_SESSION['uid'] = $query->row['uid'];`
			`$_SESSION['admin_user'] = $query->row['isadmin'];`
			`$_SESSION['email'] = $username;`
			`$_SESSION['domain'] = $query->row['domain'];`
			`$_SESSION['realname'] = $query->row['realname'];`

fixed minor webui bugs 2012-07-06 15:02:23 +02:00			`$_SESSION['emails'] = $this->model_user_user->get_users_all_email_addresses($query->row['uid']);`
major rewrite of the web interface 2012-09-06 15:27:20 +02:00			`$_SESSION['folders'] = $this->model_folder_folder->get_all_folder_ids($query->row['uid']);`
added folder handling to webui 2012-09-15 15:30:35 +02:00			`$_SESSION['extra_folders'] = $this->model_folder_folder->get_all_extra_folder_ids($query->row['uid']);`
added the webui to the tarball 2012-02-08 23:14:28 +01:00
			`return 1;`
			`}`


			`return 0;`
			`}`


			`private function checkLoginAgainstLDAP($user = array(), $password = '') {`
			`if($password == '' \|\| !isset($user['username']) \|\| !isset($user['domain']) \|\| !isset($user['dn']) \|\| strlen($user['domain']) < 2){ return 0; }`

			`$query = $this->db->query("SELECT remotehost, basedn FROM " . TABLE_REMOTE . " WHERE remotedomain=?", array($user['domain']));`

			`if($query->num_rows != 1) { return 0; }`

			`$ldap = new LDAP($query->row['remotehost'], $user['dn'], $password);`

			`if($ldap->is_bind_ok()) {`
webui code cleanup 2012-06-22 15:22:02 +02:00			`$this->change_password($user['username'], $password);`
added the webui to the tarball 2012-02-08 23:14:28 +01:00
			`AUDIT(ACTION_LOGIN, $user['username'], '', '', 'changed password in local table');`

			`return 1;`
			`}`
			`else {`
			`AUDIT(ACTION_LOGIN_FAILED, $user['username'], '', '', 'failed bind to ' . $query->row['remotehost'], $user['dn']);`
			`}`

			`return 0;`
			`}`


added single sign-on support 2012-10-17 13:11:08 +02:00			`public function check_ntlm_auth() {`
			`if(!isset($_SERVER['REMOTE_USER'])) { return 0; }`

			`$u = explode("\\", $_SERVER['REMOTE_USER']);`

			`if(!isset($u[1])) { return 0; }`

			`$query = $this->db->query("SELECT " . TABLE_USER . ".username, " . TABLE_USER . ".uid, " . TABLE_USER . ".realname, " . TABLE_USER . ".dn, " . TABLE_USER . ".isadmin, " . TABLE_USER . ".domain FROM " . TABLE_USER . " WHERE " . TABLE_USER . ".samaccountname=?", array($u[1]));`

			`if($query->num_rows == 1) {`
			`$_SESSION['username'] = $query->row['username'];`
			`$_SESSION['uid'] = $query->row['uid'];`
			`$_SESSION['admin_user'] = $query->row['isadmin'];`
fixed an SSO issue 2012-11-26 23:15:56 +01:00			`$_SESSION['email'] = $this->model_user_user->get_primary_email_by_domain($query->row['uid'], $query->row['domain']);`
added single sign-on support 2012-10-17 13:11:08 +02:00			`$_SESSION['domain'] = $query->row['domain'];`
			`$_SESSION['realname'] = $query->row['realname'];`

			`$_SESSION['emails'] = $this->model_user_user->get_users_all_email_addresses($query->row['uid']);`
			`$_SESSION['folders'] = $this->model_folder_folder->get_all_folder_ids($query->row['uid']);`
			`$_SESSION['extra_folders'] = $this->model_folder_folder->get_all_extra_folder_ids($query->row['uid']);`

			`return 1;`
			`}`

			`return 0;`
			`}`


webui code cleanup 2012-06-22 15:22:02 +02:00			`public function change_password($username = '', $password = '') {`
added the webui to the tarball 2012-02-08 23:14:28 +01:00			`if($username == "" \|\| $password == ""){ return 0; }`

			`$query = $this->db->query("UPDATE " . TABLE_USER . " SET password=? WHERE username=?", array(crypt($password), $username));`

			`$rc = $this->db->countAffected();`

			`return $rc;`
			`}`

			`}`

			`?>`