Hi there,
I’ve been scouring the internet to make a log in using LDAP.
So far I’ve got some code but as soon as I hit submit nothing seems to be happening, I don’t know if i’m missing something so painfully obvious or i’ve coded it wrong but I would appreciate any help you can give.
Code in question:
index.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Hyperslice</title>
<meta name="description" content="">
<meta name="author" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="//fonts.googleapis.com/css?family=Raleway:400,300,600" rel="stylesheet" type="text/css">
<link rel="stylesheet" href="css/normalize.css">
<link rel="stylesheet" href="css/skeleton.css">
<link rel="icon" type="image/png" href="images/favicon.png">
</head>
<body>
<?php
// initialize session
session_start();
include("authenticate.php");
// check to see if user is logging out
if(isset($_GET['out'])) {
// destroy session
session_unset();
$_SESSION = array();
unset($_SESSION['user'],$_SESSION['access']);
session_destroy();
}
// check to see if login form has been submitted
if(isset($_POST['uname'])){
// run information through authenticator
if(authenticate($_POST['uname'],$_POST['psw']))
{
// authentication passed
header("Location: protected.php");
die();
} else {
// authentication failed
$error = 1;
}
}
// output error to user
if(isset($error)) echo "Login failed: Incorrect user name, password, or rights<br />";
// output logout success
if(isset($_GET['out'])) echo "Logout successful";
?>
<div class="container">
<div class="row">
<div class="one-half column" style="margin-top: 25%">
<form method="post" action="index.html">
<div class="container">
<label for="uname"><b>Username</b></label>
<input type="text" placeholder="Enter Username" name="uname" required>
<label for="psw"><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="psw" required>
<input type="submit" name="submit" value="submit" ></input>
<label>
<input type="checkbox" checked="checked" name="remember"> Remember me
</label>
</div>
</form>
</div>
</div>
</div>
</body>
</html>
Authenticate.php (i’ve changed the contents of the variables for security purposes)
<?php
function authenticate($user, $password){
if(empty($user) || empty($password)) return false;
$ldap_host = "1234.net";
$ldap_dn = "OU=departments,DC=1234,DC=net";
$ldap_user_group = "Users";
$ldap_manager_group = "managers";
$ldap_usr_dom = "@1234.net";
$ldap = ldap_connect($ldap_host);
ldap_set_option($ldap,LDAP_OPT_PROTOCOL_VERSION,3);
ldap_set_option($ldap,LDAP_OPT_REFERRALS,0);
// verify user and password
if($bind = @ldap_bind($ldap, $user.$ldap_usr_dom, $password)) {
// valid
// check presence in groups
$filter = "(sAMAccountName=".$user.")";
$attr = array("memberof");
$result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
$entries = ldap_get_entries($ldap, $result);
ldap_unbind($ldap);
// check groups
$access = 0;
foreach($entries[0]['memberof'] as $grps) {
// is manager, break loop
if(strpos($grps, $ldap_manager_group)) { $access = 2; break; }
// is user
if(strpos($grps, $ldap_user_group)) $access = 1;
}
if($access != 0) {
// establish session variables
$_SESSION['user'] = $user;
$_SESSION['access'] = $access;
return true;
} else {
// user has no rights
return false;
}
} else {
// invalid name or password
return false;
}
}
?>
protected.php
<?php
// initialize session
session_start();
if(!isset($_SESSION['user'])) {
// user is not logged in, do something like redirect to login.php
header("Location: index.html");
die();
}
if($_SESSION['access'] != 2) {
// another example...
// user is logged in but not a manager, let's stop him
die("Access Denied");
}
?>
<p>Welcome <?= $_SESSION['user'] ?>!</p>
<p><strong>Secret Protected Content Here!</strong></p>
<p>Mary Had a Little Lamb</p>
<p><a href="index.html?out=1">Logout</a></p>
Any help would be appreciated since i’ve been stumped on this for a few hours now.
Thanks!