Issues in auth_ldap.php (master) - Issues in master - XOOPS/XoopsCore25 - Measure and Improve Code Quality continuously with Scrutinizer

Issues (3083)

htdocs/class/auth/auth_ldap.php (1 issue)

Labels

Severity

Minor 1

<?php
/**
 * XOOPS Authentification base class
 *
 * You may not change or alter any portion of this comment or credits
 * of supporting developers from this source code or any supporting source code
 * which is considered copyrighted (c) material of the original comment or credit authors.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 *
 * @copyright           The XOOPS Project (https://xoops.org)
 * @license             GNU GPL 2 (https://www.gnu.org/licenses/gpl-2.0.html)
 * @package             kernel
 * @subpackage          auth
 * @since               2.0
 * @author              Pierre-Eric MENUET <[email protected]>
 */
defined('XOOPS_ROOT_PATH') || exit('Restricted access');

/**
 *
 * @package             kernel
 * @subpackage          auth
 * @description         Authentification class for standard LDAP Server V2 or V3
 * @author              Pierre-Eric MENUET <[email protected]>
 * @copyright       (c) 2000-2016 XOOPS Project (www.xoops.org)
 */
if (file_exists($file = $GLOBALS['xoops']->path('class/auth/auth_provisionning.php'))) {
    include_once $file;
}

if (!class_exists('XoopsAuthProvisionning')) {
    trigger_error('Required class XoopsAuthProvisionning was not found at line ' . __FILE__ . ' at line ' . __LINE__, E_USER_WARNING);

    return false;
}

/**
 * XoopsAuthLdap
 *
 * @package
 * @author              John
 * @copyright       (c) 2000-2016 XOOPS Project (www.xoops.org)
 * @access              public
 */
class XoopsAuthLdap extends XoopsAuth
{
    public $cp1252_map = array(
        "\xc2\x80" => "\xe2\x82\xac",
        /**
         * EURO SIGN
         */
        "\xc2\x82" => "\xe2\x80\x9a",
        /**
         * SINGLE LOW-9 QUOTATION MARK
         */
        "\xc2\x83" => "\xc6\x92",
        /**
         * LATIN SMALL LETTER F WITH HOOK
         */
        "\xc2\x84" => "\xe2\x80\x9e",
        /**
         * DOUBLE LOW-9 QUOTATION MARK
         */
        "\xc2\x85" => "\xe2\x80\xa6",
        /**
         * HORIZONTAL ELLIPSIS
         */
        "\xc2\x86" => "\xe2\x80\xa0",
        /**
         * DAGGER
         */
        "\xc2\x87" => "\xe2\x80\xa1",
        /**
         * DOUBLE DAGGER
         */
        "\xc2\x88" => "\xcb\x86",
        /**
         * MODIFIER LETTER CIRCUMFLEX ACCENT
         */
        "\xc2\x89" => "\xe2\x80\xb0",
        /**
         * PER MILLE SIGN
         */
        "\xc2\x8a" => "\xc5\xa0",
        /**
         * LATIN CAPITAL LETTER S WITH CARON
         */
        "\xc2\x8b" => "\xe2\x80\xb9",
        /**
         * SINGLE LEFT-POINTING ANGLE QUOTATION
         */
        "\xc2\x8c" => "\xc5\x92",
        /**
         * LATIN CAPITAL LIGATURE OE
         */
        "\xc2\x8e" => "\xc5\xbd",
        /**
         * LATIN CAPITAL LETTER Z WITH CARON
         */
        "\xc2\x91" => "\xe2\x80\x98",
        /**
         * LEFT SINGLE QUOTATION MARK
         */
        "\xc2\x92" => "\xe2\x80\x99",
        /**
         * RIGHT SINGLE QUOTATION MARK
         */
        "\xc2\x93" => "\xe2\x80\x9c",
        /**
         * LEFT DOUBLE QUOTATION MARK
         */
        "\xc2\x94" => "\xe2\x80\x9d",
        /**
         * RIGHT DOUBLE QUOTATION MARK
         */
        "\xc2\x95" => "\xe2\x80\xa2",
        /**
         * BULLET
         */
        "\xc2\x96" => "\xe2\x80\x93",
        /**
         * EN DASH
         */
        "\xc2\x97" => "\xe2\x80\x94",
        /**
         * EM DASH
         */
        "\xc2\x98" => "\xcb\x9c",
        /**
         * SMALL TILDE
         */
        "\xc2\x99" => "\xe2\x84\xa2",
        /**
         * TRADEMARK SIGN
         */
        "\xc2\x9a" => "\xc5\xa1",
        /**
         * LATIN SMALL LETTER S WITH CARON
         */
        "\xc2\x9b" => "\xe2\x80\xba",
        /**
         * SINGLE RIGHT-POINTING ANGLE QUOTATION
         */
        "\xc2\x9c" => "\xc5\x93",
        /**
         * LATIN SMALL LIGATURE OE
         */
        "\xc2\x9e" => "\xc5\xbe",
        /**
         * LATIN SMALL LETTER Z WITH CARON
         */
        "\xc2\x9f" => "\xc5\xb8");
    /**
     * LATIN CAPITAL LETTER Y WITH DIAERESIS
     */

    public $ldap_server;
    public $ldap_port    = '389';
    public $ldap_version = '3';
    public $ldap_base_dn;
    public $ldap_loginname_asdn;
    public $ldap_loginldap_attr;
    public $ldap_mail_attr;
    public $ldap_name_attr;
    public $ldap_surname_attr;
    public $ldap_givenname_attr;
    public $ldap_manager_dn;
    public $ldap_manager_pass;
    public $_ds;

    /**
     * Authentication Service constructor
     * @param XoopsDatabase $dao
     */
    public function __construct(XoopsDatabase $dao = null)
    {
        $this->_dao = $dao;
        // The config handler object allows us to look at the configuration options that are stored in the database
        /** @var XoopsConfigHandler $config_handler */
        $config_handler = xoops_getHandler('config');
        $config         = $config_handler->getConfigsByCat(XOOPS_CONF_AUTH);
        $confcount      = count($config);

        foreach ($config as $key => $val) {
            $this->$key = $val;
        }
    }

    /**
     * XoopsAuthLdap::cp1252_to_utf8()
     *
     * @param mixed $str
     *
     * @return string
     */
    public function cp1252_to_utf8($str)
    {
        return strtr(xoops_utf8_encode($str), $this->cp1252_map);
    }

    /**
     * Authenticate  user again LDAP directory (Bind)
     *               2 options :
     *         Authenticate directly with uname in the DN
     *         Authenticate with manager, search the dn
     *
     * @param  string $uname Username
     * @param  string $pwd   Password
     * @return bool
     */
    public function authenticate($uname, $pwd = null)
    {
        $authenticated = false;
        if (!extension_loaded('ldap')) {
            $this->setErrors(0, _AUTH_LDAP_EXTENSION_NOT_LOAD);

            return $authenticated;
        }
        $this->_ds = ldap_connect($this->ldap_server, $this->ldap_port);
        if ($this->_ds) {
            ldap_set_option($this->_ds, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version);
            if ($this->ldap_use_TLS) { // We use TLS secure connection
                if (!ldap_start_tls($this->_ds)) {
                    $this->setErrors(0, _AUTH_LDAP_START_TLS_FAILED);
                }
            }
            // If the uid is not in the DN we proceed to a search
            // The uid is not always in the dn
            $userDN = $this->getUserDN($uname);
            if (!$userDN) {
                return false;
            }
            // We bind as user to test the credentials
            $authenticated = ldap_bind($this->_ds, $userDN, stripslashes($pwd));
            if ($authenticated) {
                // We load the Xoops User database
                return $this->loadXoopsUser($userDN, $uname, $pwd);
            } else {
                $this->setErrors(ldap_errno($this->_ds), ldap_err2str(ldap_errno($this->_ds)) . '(' . $userDN . ')');
            }
        } else {
            $this->setErrors(0, _AUTH_LDAP_SERVER_NOT_FOUND);
        }
        @ldap_close($this->_ds);

        return $authenticated;
    }

    /**
     * Compose the user DN with the configuration.
     *
     * @param $uname
     * @return userDN or false
     */
    public function getUserDN($uname)
    {
        $userDN = false;
        if (!$this->ldap_loginname_asdn) {
            // Bind with the manager
            if (!ldap_bind($this->_ds, $this->ldap_manager_dn, stripslashes($this->ldap_manager_pass))) {
                $this->setErrors(ldap_errno($this->_ds), ldap_err2str(ldap_errno($this->_ds)) . '(' . $this->ldap_manager_dn . ')');

                return false;
            }
            $filter = $this->getFilter($uname);
            $sr     = ldap_search($this->_ds, $this->ldap_base_dn, $filter);
            $info   = ldap_get_entries($this->_ds, $sr);
            if ($info['count'] > 0) {
                $userDN = $info[0]['dn'];
            } else {
                $this->setErrors(0, sprintf(_AUTH_LDAP_USER_NOT_FOUND, $uname, $filter, $this->ldap_base_dn));
            }
        } else {
            $userDN = $this->ldap_loginldap_attr . '=' . $uname . ',' . $this->ldap_base_dn;
        }

        return $userDN;
    }

    /**
     * Load user from XOOPS Database
     *
     * @param $uname
     * @return XoopsUser object
     */
    public function getFilter($uname)
    {
        $filter = '';
        if ($this->ldap_filter_person != '') {
            $filter = str_replace('@@loginname@@', $uname, $this->ldap_filter_person);
        } else {
            $filter = $this->ldap_loginldap_attr . '=' . $uname;
        }

        return $filter;
    }

    /**
     * XoopsAuthLdap::loadXoopsUser()
     *
     * @param  mixed $userdn
     * @param  mixed $uname
     * @param  mixed $pwd
     * @return bool
     */
    public function loadXoopsUser($userdn, $uname, $pwd = null)
    {
        $provisHandler = XoopsAuthProvisionning::getInstance($this);
        $sr            = ldap_read($this->_ds, $userdn, '(objectclass=*)');
        $entries       = ldap_get_entries($this->_ds, $sr);
        if ($entries['count'] > 0) {
            $xoopsUser = $provisHandler->sync($entries[0], $uname, $pwd);
        } else {
            $this->setErrors(0, sprintf('loadXoopsUser - ' . _AUTH_LDAP_CANT_READ_ENTRY, $userdn));
        }

        return $xoopsUser;
    }
} // end class



1			<?php
2			/**
3			* XOOPS Authentification base class
4			*
5			* You may not change or alter any portion of this comment or credits
6			* of supporting developers from this source code or any supporting source code
7			* which is considered copyrighted (c) material of the original comment or credit authors.
8			* This program is distributed in the hope that it will be useful,
9			* but WITHOUT ANY WARRANTY; without even the implied warranty of
10			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
11			*
12			* @copyright The XOOPS Project (https://xoops.org)
13			* @license GNU GPL 2 (https://www.gnu.org/licenses/gpl-2.0.html)
14			* @package kernel
15			* @subpackage auth
16			* @since 2.0
17			* @author Pierre-Eric MENUET <[email protected]>
18			*/
19			defined('XOOPS_ROOT_PATH') \|\| exit('Restricted access');
20
21			/**
22			*
23			* @package kernel
24			* @subpackage auth
25			* @description Authentification class for standard LDAP Server V2 or V3
26			* @author Pierre-Eric MENUET <[email protected]>
27			* @copyright (c) 2000-2016 XOOPS Project (www.xoops.org)
28			*/
29			if (file_exists($file = $GLOBALS['xoops']->path('class/auth/auth_provisionning.php'))) {
30			include_once $file;
31			}
32
33			if (!class_exists('XoopsAuthProvisionning')) {
34			trigger_error('Required class XoopsAuthProvisionning was not found at line ' . __FILE__ . ' at line ' . __LINE__, E_USER_WARNING);
35
36			return false;
37			}
38
39			/**
40			* XoopsAuthLdap
41			*
42			* @package
43			* @author John
44			* @copyright (c) 2000-2016 XOOPS Project (www.xoops.org)
45			* @access public
46			*/
47			class XoopsAuthLdap extends XoopsAuth
48			{
49			public $cp1252_map = array(
50			"\xc2\x80" => "\xe2\x82\xac",
51			/**
52			* EURO SIGN
53			*/
54			"\xc2\x82" => "\xe2\x80\x9a",
55			/**
56			* SINGLE LOW-9 QUOTATION MARK
57			*/
58			"\xc2\x83" => "\xc6\x92",
59			/**
60			* LATIN SMALL LETTER F WITH HOOK
61			*/
62			"\xc2\x84" => "\xe2\x80\x9e",
63			/**
64			* DOUBLE LOW-9 QUOTATION MARK
65			*/
66			"\xc2\x85" => "\xe2\x80\xa6",
67			/**
68			* HORIZONTAL ELLIPSIS
69			*/
70			"\xc2\x86" => "\xe2\x80\xa0",
71			/**
72			* DAGGER
73			*/
74			"\xc2\x87" => "\xe2\x80\xa1",
75			/**
76			* DOUBLE DAGGER
77			*/
78			"\xc2\x88" => "\xcb\x86",
79			/**
80			* MODIFIER LETTER CIRCUMFLEX ACCENT
81			*/
82			"\xc2\x89" => "\xe2\x80\xb0",
83			/**
84			* PER MILLE SIGN
85			*/
86			"\xc2\x8a" => "\xc5\xa0",
87			/**
88			* LATIN CAPITAL LETTER S WITH CARON
89			*/
90			"\xc2\x8b" => "\xe2\x80\xb9",
91			/**
92			* SINGLE LEFT-POINTING ANGLE QUOTATION
93			*/
94			"\xc2\x8c" => "\xc5\x92",
95			/**
96			* LATIN CAPITAL LIGATURE OE
97			*/
98			"\xc2\x8e" => "\xc5\xbd",
99			/**
100			* LATIN CAPITAL LETTER Z WITH CARON
101			*/
102			"\xc2\x91" => "\xe2\x80\x98",
103			/**
104			* LEFT SINGLE QUOTATION MARK
105			*/
106			"\xc2\x92" => "\xe2\x80\x99",
107			/**
108			* RIGHT SINGLE QUOTATION MARK
109			*/
110			"\xc2\x93" => "\xe2\x80\x9c",
111			/**
112			* LEFT DOUBLE QUOTATION MARK
113			*/
114			"\xc2\x94" => "\xe2\x80\x9d",
115			/**
116			* RIGHT DOUBLE QUOTATION MARK
117			*/
118			"\xc2\x95" => "\xe2\x80\xa2",
119			/**
120			* BULLET
121			*/
122			"\xc2\x96" => "\xe2\x80\x93",
123			/**
124			* EN DASH
125			*/
126			"\xc2\x97" => "\xe2\x80\x94",
127			/**
128			* EM DASH
129			*/
130			"\xc2\x98" => "\xcb\x9c",
131			/**
132			* SMALL TILDE
133			*/
134			"\xc2\x99" => "\xe2\x84\xa2",
135			/**
136			* TRADEMARK SIGN
137			*/
138			"\xc2\x9a" => "\xc5\xa1",
139			/**
140			* LATIN SMALL LETTER S WITH CARON
141			*/
142			"\xc2\x9b" => "\xe2\x80\xba",
143			/**
144			* SINGLE RIGHT-POINTING ANGLE QUOTATION
145			*/
146			"\xc2\x9c" => "\xc5\x93",
147			/**
148			* LATIN SMALL LIGATURE OE
149			*/
150			"\xc2\x9e" => "\xc5\xbe",
151			/**
152			* LATIN SMALL LETTER Z WITH CARON
153			*/
154			"\xc2\x9f" => "\xc5\xb8");
155			/**
156			* LATIN CAPITAL LETTER Y WITH DIAERESIS
157			*/
158
159			public $ldap_server;
160			public $ldap_port = '389';
161			public $ldap_version = '3';
162			public $ldap_base_dn;
163			public $ldap_loginname_asdn;
164			public $ldap_loginldap_attr;
165			public $ldap_mail_attr;
166			public $ldap_name_attr;
167			public $ldap_surname_attr;
168			public $ldap_givenname_attr;
169			public $ldap_manager_dn;
170			public $ldap_manager_pass;
171			public $_ds;
172
173			/**
174			* Authentication Service constructor
175			* @param XoopsDatabase $dao
176			*/
177			public function __construct(XoopsDatabase $dao = null)
178			{
179			$this->_dao = $dao;
180			// The config handler object allows us to look at the configuration options that are stored in the database
181			/** @var XoopsConfigHandler $config_handler */
182			$config_handler = xoops_getHandler('config');
183			$config = $config_handler->getConfigsByCat(XOOPS_CONF_AUTH);
184			$confcount = count($config);
			0 ignored issues – show Unused Code introduced 2018-06-11 05:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$confcount` is dead and can be removed. Loading history...
185			foreach ($config as $key => $val) {
186			$this->$key = $val;
187			}
188			}
189
190			/**
191			* XoopsAuthLdap::cp1252_to_utf8()
192			*
193			* @param mixed $str
194			*
195			* @return string
196			*/
197			public function cp1252_to_utf8($str)
198			{
199			return strtr(xoops_utf8_encode($str), $this->cp1252_map);
200			}
201
202			/**
203			* Authenticate user again LDAP directory (Bind)
204			* 2 options :
205			* Authenticate directly with uname in the DN
206			* Authenticate with manager, search the dn
207			*
208			* @param string $uname Username
209			* @param string $pwd Password
210			* @return bool
211			*/
212			public function authenticate($uname, $pwd = null)
213			{
214			$authenticated = false;
215			if (!extension_loaded('ldap')) {
216			$this->setErrors(0, _AUTH_LDAP_EXTENSION_NOT_LOAD);
217
218			return $authenticated;
219			}
220			$this->_ds = ldap_connect($this->ldap_server, $this->ldap_port);
221			if ($this->_ds) {
222			ldap_set_option($this->_ds, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version);
223			if ($this->ldap_use_TLS) { // We use TLS secure connection
224			if (!ldap_start_tls($this->_ds)) {
225			$this->setErrors(0, _AUTH_LDAP_START_TLS_FAILED);
226			}
227			}
228			// If the uid is not in the DN we proceed to a search
229			// The uid is not always in the dn
230			$userDN = $this->getUserDN($uname);
231			if (!$userDN) {
232			return false;
233			}
234			// We bind as user to test the credentials
235			$authenticated = ldap_bind($this->_ds, $userDN, stripslashes($pwd));
236			if ($authenticated) {
237			// We load the Xoops User database
238			return $this->loadXoopsUser($userDN, $uname, $pwd);
239			} else {
240			$this->setErrors(ldap_errno($this->_ds), ldap_err2str(ldap_errno($this->_ds)) . '(' . $userDN . ')');
241			}
242			} else {
243			$this->setErrors(0, _AUTH_LDAP_SERVER_NOT_FOUND);
244			}
245			@ldap_close($this->_ds);
246
247			return $authenticated;
248			}
249
250			/**
251			* Compose the user DN with the configuration.
252			*
253			* @param $uname
254			* @return userDN or false
255			*/
256			public function getUserDN($uname)
257			{
258			$userDN = false;
259			if (!$this->ldap_loginname_asdn) {
260			// Bind with the manager
261			if (!ldap_bind($this->_ds, $this->ldap_manager_dn, stripslashes($this->ldap_manager_pass))) {
262			$this->setErrors(ldap_errno($this->_ds), ldap_err2str(ldap_errno($this->_ds)) . '(' . $this->ldap_manager_dn . ')');
263
264			return false;
265			}
266			$filter = $this->getFilter($uname);
267			$sr = ldap_search($this->_ds, $this->ldap_base_dn, $filter);
268			$info = ldap_get_entries($this->_ds, $sr);
269			if ($info['count'] > 0) {
270			$userDN = $info[0]['dn'];
271			} else {
272			$this->setErrors(0, sprintf(_AUTH_LDAP_USER_NOT_FOUND, $uname, $filter, $this->ldap_base_dn));
273			}
274			} else {
275			$userDN = $this->ldap_loginldap_attr . '=' . $uname . ',' . $this->ldap_base_dn;
276			}
277
278			return $userDN;
279			}
280
281			/**
282			* Load user from XOOPS Database
283			*
284			* @param $uname
285			* @return XoopsUser object
286			*/
287			public function getFilter($uname)
288			{
289			$filter = '';
290			if ($this->ldap_filter_person != '') {
291			$filter = str_replace('@@loginname@@', $uname, $this->ldap_filter_person);
292			} else {
293			$filter = $this->ldap_loginldap_attr . '=' . $uname;
294			}
295
296			return $filter;
297			}
298
299			/**
300			* XoopsAuthLdap::loadXoopsUser()
301			*
302			* @param mixed $userdn
303			* @param mixed $uname
304			* @param mixed $pwd
305			* @return bool
306			*/
307			public function loadXoopsUser($userdn, $uname, $pwd = null)
308			{
309			$provisHandler = XoopsAuthProvisionning::getInstance($this);
310			$sr = ldap_read($this->_ds, $userdn, '(objectclass=*)');
311			$entries = ldap_get_entries($this->_ds, $sr);
312			if ($entries['count'] > 0) {
313			$xoopsUser = $provisHandler->sync($entries[0], $uname, $pwd);
314			} else {
315			$this->setErrors(0, sprintf('loadXoopsUser - ' . _AUTH_LDAP_CANT_READ_ENTRY, $userdn));
316			}
317
318			return $xoopsUser;
319			}
320			} // end class
321
322

XOOPS / XoopsCore25

Issues (3083)

htdocs/class/auth/auth_ldap.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like