*/
define('IN_COPPERMINE', true);
define('LOGIN_PHP', true);
require_once('include/init.inc.php');
// activate magic_quotes
set_magic_quotes_runtime(1);
import_request_variables('gP', 'ext_');
import_request_variables('C', 'cookie_');
/* ============== O P T I O N S =========== */
define('LDAP_SERVER', $CONFIG['ldapserver']);
define('LDAP_DN', $CONFIG['ldapdn']);
define('LDAP_FORCE_HTTPS', $CONFIG['ldapforcehttps']);
define('LDAP_DEBUG', 0);
define('PHP_SELF', $_SERVER['SCRIPT_NAME']);
define('CPG_DB_SERVER', $CONFIG['dbserver']);
define('CPG_DB_USER', $CONFIG['dbuser']);
define('CPG_DB_PASSWORD', $CONFIG['dbpass']);
define('CPG_DB_NAME', $CONFIG['dbname']);
define('CPG_DB_USERS', $CONFIG['TABLE_USERS']);
define('CPG_DB_SESSIONS', $CONFIG['TABLE_PREFIX']."sessions");
/* ============== M A I N =========== */
// force http request to https
if ((LDAP_FORCE_HTTPS) && (!isset($_SERVER['HTTPS'])))
{
header("Location: https://" . $_SERVER['HTTP_HOST'] ."/". PHP_SELF);
}
if (USER_ID) cpg_die(ERROR, $lang_login_php['err_already_logged_in'], __FILE__, __LINE__);
$referer = $_GET['referer'] ? $_GET['referer'] : 'index.php';
if (strpos($referer, "http") !== false)
{
$referer = "index.php";
}
$login_failed = '';
$cookie_warning = '';
// process
if (isset($ext_submitted))
{
$_POST['username'] = trim($_POST['username']);
$_POST['username'] = addslashes($_POST['username']);
$_POST['password'] = trim($_POST['password']);
$_POST['password'] = addslashes($_POST['password']);
$ldap_connect = ldap_connect(LDAP_SERVER)
or die("Could not connect to LDAP server.");
ldap_set_option($ldap_connect, LDAP_OPT_PROTOCOL_VERSION, 3);
if ($ldap_connect)
{
$ldap_dn = "uid=".$_POST['username'].",".LDAP_DN;
$ldap_bind = ldap_bind($ldap_connect, $ldap_dn, $_POST['password']);
if ($ldap_bind)
{
$link = cpg_db_connect();
$query = "SELECT user_id, user_name, user_active FROM `".CPG_DB_USERS."` WHERE `user_active` = 'YES' AND `user_name` = '".addslashes($_POST['username'])."'";
$result = mysql_query($query) or die("request failed: " . mysql_error());
$fetch_tmp = mysql_fetch_array($result);
mysql_free_result($result);
mysql_close($link);
if (!isset($fetch_tmp['0']))
{
//user doesn't exists in database
// CREATING USER!
$link = cpg_db_connect();
$sql_ins = "INSERT INTO ".CPG_DB_USERS." ".
"(user_regdate, user_active, user_name, user_email) ".
"VALUES (NOW(), 'YES', '" . trim(addslashes($_POST['username'])) . "', '" . trim(addslashes($_POST['username'])) . "@c-base.org')";
mysql_query($sql_ins) or die("blubb");
$query = "SELECT user_id, user_name FROM `".CPG_DB_USERS."` WHERE `user_active` = 'YES' AND `user_name` = '".addslashes($_POST['username'])."'";
$result = mysql_query($query) or die("request failed: " . mysql_error());
$fetch_tmp_2 = mysql_fetch_array($result);
mysql_free_result($result);
mysql_close($link);
sleep(5);
pageheader('LDAP Login');
starttable('-1', $lang_login_php['enter_login_pswd'], 2);
echo <<< EOT
|
$lang_login_php['ldap_user_created_msg']
|
| {$lang_login_php['password']} |
|
| {$lang_login_php['remember_me']} |
|
|
EOT;
endtable();
pagefooter();
}
else
{
//user is existing in database
if ($USER_DATA = $cpg_udb->login( addslashes($_POST['username']), isset($_POST['remember_me'])))
{
$referer=preg_replace("'&'","&",$referer);
pageheader($lang_login_php['login'], "");
msg_box($lang_login_php['login'], sprintf($lang_login_php['welcome'], $USER_DATA['user_name']), $lang_continue, $referer);
pagefooter();
exit;
}
else
{
log_write("Failed login attempt with Username: {$_POST['username']} from IP {$_SERVER['REMOTE_ADDR']} on " . localised_date(-1,$log_date_fmt),CPG_SECURITY_LOG);
$login_failed = '| '.$lang_login_php['err_login'].' |
';
}
}
}
else
{
// Back to login formular
pageheader('LDAP Login');
starttable('-1', $lang_login_php['ldap_group_failure'], 2);
echo <<< EOT
|
{$lang_login_php['ldap_group_failure_msg']}
|
EOT;
endtable();
pagefooter();
}
}
}
else
{
pageheader('LDAP Login');
starttable('-1', $lang_login_php['enter_login_pswd'], 2);
echo <<< EOT
| {$lang_login_php['password']} |
|
| {$lang_login_php['remember_me']} |
|
|
EOT;
endtable();
pagefooter();
}
?>