From: Geuten Edouard Date: Mon, 11 Sep 2006 10:43:27 +0000 (+0200) Subject: login requirement and LDAP v3 support X-Git-Tag: 0.7.1~80 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=d58523a04850fb872d477af40303f726b5c4fad2;p=contagged login requirement and LDAP v3 support This patch implements two new features: required user login - this can be configured trough a new option $conf['userlogreq'] darcs-hash:20060911104327-93f98-a5cfd56def8350e5758b263aa8fe6a2a404fe546.gz --- diff --git a/config.php b/config.php index 84cd10d..349a116 100644 --- a/config.php +++ b/config.php @@ -9,6 +9,9 @@ // Which LDAP Port Server to use? (389 is standard, 636 for ssl) $conf['ldapport'] = 389; + // Use LDAP protocol version 3? (0|1) + $conf['ldapv3'] = 1; + // What is the root dn on this Server? $conf['ldaprootdn'] = 'o=cosmocode, c=de'; @@ -31,17 +34,20 @@ // Where to store private contacts (relative to $conf['usertree']) $conf['privatebook'] = 'ou=contacts'; + // Should the public address book be viewable by logged in users only? (0|1) + $conf['userlogreq'] = 0; + // Should the additional schema ldapab.schema be used? (0|1) // Note: openxchange and extended are currently exclusive, do not use both at the same time! $conf['extended'] = 1; - + // Should we use some parts of the openxchange.schema? (0|1) // Note: openxchange and extended are currently exclusive, do not use both at the same time! $conf['openxchange'] = 0; - + // Should we try to login using the username and password provided by httpd? (0|1) $conf['httpd_auth'] = 0; - + // Dateformat for birthdays when using extended schema // see http://www.php.net/manual/en/function.strftime.php #$conf['dateformat'] = '%Y/%m/%d'; @@ -50,4 +56,4 @@ // Force recompilation of smarty templates? $conf['smartycompile'] = 0; -?> + diff --git a/functions.php b/functions.php index 5250b84..3f68561 100644 --- a/functions.php +++ b/functions.php @@ -23,8 +23,8 @@ function ldap_login(){ } } elseif ($conf['httpd_auth'] && !empty($_SERVER['PHP_AUTH_USER'])) { // use HTTP auth if wanted and possible - $_SESSION['ldapab']['username'] = $_SERVER['PHP_AUTH_USER']; - $_SESSION['ldapab']['password'] = $_SERVER['PHP_AUTH_PW']; + $_SESSION['ldapab']['username'] = $_SERVER['PHP_AUTH_USER']; + $_SESSION['ldapab']['password'] = $_SERVER['PHP_AUTH_PW']; } elseif ($_COOKIE['ldapabauth']) { // check persistent cookie $cookie = base64_decode($_COOKIE['ldapabauth']); @@ -48,7 +48,7 @@ function ldap_login(){ function do_ldap_bind($user,$pass,$dn=""){ global $conf; global $LDAP_CON; - + //create global connection to LDAP if necessary if(!$LDAP_CON){ if (!empty($conf['ldapurl'])){ @@ -61,13 +61,15 @@ function do_ldap_bind($user,$pass,$dn=""){ } } + if($conf['ldapv3']) ldap_set_option($LDAP_CON, LDAP_OPT_PROTOCOL_VERSION, 3); + if(empty($dn)){ //anonymous bind to lookup users //blank binddn or blank bindpw will result in anonymous bind if(!ldap_bind($LDAP_CON,$conf['anonbinddn'],$conf['anonbindpw'])){ die("can not bind for user lookup"); } - + //when no user was given stay connected anonymous if(empty($user)){ set_session('','',''); @@ -343,7 +345,7 @@ function get_users(){ } } } - return $users; + return $users; } /** diff --git a/index.php b/index.php index 128bd3d..8649ec6 100644 --- a/index.php +++ b/index.php @@ -51,9 +51,15 @@ $smarty->assign('search',$_REQUEST['search']); //display templates if($_REQUEST['export'] == 'csv'){ - header("Content-Type: text/csv"); - header('Content-Disposition: Attachement; filename="ldapabexport.csv"'); - $smarty->display('export_list_csv.tpl'); + if ($conf['userlogreq'] == 1 && $user == '') + { + header("HTTP/1.1 401 ACCESS DENIED"); + exit(); + } else { + header("Content-Type: text/csv"); + header('Content-Disposition: Attachement; filename="ldapabexport.csv"'); + $smarty->display('export_list_csv.tpl'); + } }else{ //save location in session $_SESSION['ldapab']['lastlocation']=$_SERVER["REQUEST_URI"]; diff --git a/templates/list.tpl b/templates/list.tpl index 9c3b02e..99acd01 100644 --- a/templates/list.tpl +++ b/templates/list.tpl @@ -1,15 +1,23 @@ {include file="header.tpl"} - {if $list == ''} + {if $conf.userlogreq == 1 && $user == ''} {else} - {* $list is a concatenation of multiple list_entry.tpl *} - {$list} + {if $list == ''} + + + + {else} + {* $list is a concatenation of multiple list_entry.tpl *} + {$list} + {/if} {/if}
- {$lang.err_noentries} + {* include un truc *} {$lang.msg_login}
+ {$lang.err_noentries} +