These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | $ds = @ldap_connect($config['auth_ldap_server'], $config['auth_ldap_port']); |
||
4 | |||
5 | View Code Duplication | if ($config['auth_ldap_starttls'] && ($config['auth_ldap_starttls'] == 'optional' || $config['auth_ldap_starttls'] == 'require')) { |
|
6 | $tls = ldap_start_tls($ds); |
||
7 | if ($config['auth_ldap_starttls'] == 'require' && $tls === false) { |
||
8 | echo '<h2>Fatal error: LDAP TLS required but not successfully negotiated:'.ldap_error($ds).'</h2>'; |
||
9 | exit; |
||
10 | } |
||
11 | } |
||
12 | |||
13 | |||
14 | function authenticate($username, $password) { |
||
0 ignored issues
–
show
|
|||
15 | global $config, $ds; |
||
16 | |||
17 | if ($username && $ds) { |
||
18 | if ($config['auth_ldap_version']) { |
||
19 | ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $config['auth_ldap_version']); |
||
20 | } |
||
21 | |||
22 | if (ldap_bind($ds, $config['auth_ldap_prefix'].$username.$config['auth_ldap_suffix'], $password)) { |
||
23 | if (!$config['auth_ldap_group']) { |
||
24 | return 1; |
||
25 | } |
||
26 | else { |
||
27 | $ldap_groups = get_group_list(); |
||
28 | foreach ($ldap_groups as $ldap_group) { |
||
29 | $ldap_comparison = ldap_compare( |
||
30 | $ds, |
||
31 | $ldap_group, |
||
32 | $config['auth_ldap_groupmemberattr'], |
||
33 | get_membername($username) |
||
34 | ); |
||
35 | if ($ldap_comparison === true) { |
||
36 | return 1; |
||
37 | } |
||
38 | } |
||
39 | } |
||
40 | } |
||
41 | else { |
||
42 | echo ldap_error($ds); |
||
43 | } |
||
44 | } |
||
45 | else { |
||
46 | // FIXME return a warning that LDAP couldn't connect? |
||
47 | } |
||
48 | |||
49 | return 0; |
||
50 | |||
51 | } |
||
52 | |||
53 | |||
54 | function reauthenticate($sess_id, $token) { |
||
0 ignored issues
–
show
The function
reauthenticate() has been defined more than once; this definition is ignored, only the first definition in html/includes/authentica...ctive_directory.inc.php (L62-65) is considered.
This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This
may lead to problems with the detection of function parameters and types. If you really
need to do this, you can mark the duplicate definition with the /**
* @ignore
*/
function getUser() {
}
function getUser($id, $realm) {
}
See also the PhpDoc documentation for @ignore.
Loading history...
|
|||
55 | return 0; |
||
56 | |||
57 | } |
||
58 | |||
59 | |||
60 | function passwordscanchange($username='') { |
||
0 ignored issues
–
show
The function
passwordscanchange() has been defined more than once; this definition is ignored, only the first definition in html/includes/authentica...ctive_directory.inc.php (L68-71) is considered.
This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This
may lead to problems with the detection of function parameters and types. If you really
need to do this, you can mark the duplicate definition with the /**
* @ignore
*/
function getUser() {
}
function getUser($id, $realm) {
}
See also the PhpDoc documentation for @ignore.
Loading history...
|
|||
61 | return 0; |
||
62 | |||
63 | } |
||
64 | |||
65 | |||
66 | function changepassword($username, $newpassword) { |
||
0 ignored issues
–
show
The function
changepassword() has been defined more than once; this definition is ignored, only the first definition in html/includes/authentica...ctive_directory.inc.php (L74-77) is considered.
This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This
may lead to problems with the detection of function parameters and types. If you really
need to do this, you can mark the duplicate definition with the /**
* @ignore
*/
function getUser() {
}
function getUser($id, $realm) {
}
See also the PhpDoc documentation for @ignore.
Loading history...
|
|||
67 | // Not supported (for now) |
||
68 | |||
69 | } |
||
70 | |||
71 | |||
72 | function auth_usermanagement() { |
||
0 ignored issues
–
show
The function
auth_usermanagement() has been defined more than once; this definition is ignored, only the first definition in html/includes/authentica...ctive_directory.inc.php (L80-83) is considered.
This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This
may lead to problems with the detection of function parameters and types. If you really
need to do this, you can mark the duplicate definition with the /**
* @ignore
*/
function getUser() {
}
function getUser($id, $realm) {
}
See also the PhpDoc documentation for @ignore.
Loading history...
|
|||
73 | return 0; |
||
74 | |||
75 | } |
||
76 | |||
77 | |||
78 | function adduser($username, $password, $level, $email='', $realname='', $can_modify_passwd='1') { |
||
0 ignored issues
–
show
The function
adduser() has been defined more than once; this definition is ignored, only the first definition in html/includes/authentica...ctive_directory.inc.php (L86-103) is considered.
This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This
may lead to problems with the detection of function parameters and types. If you really
need to do this, you can mark the duplicate definition with the /**
* @ignore
*/
function getUser() {
}
function getUser($id, $realm) {
}
See also the PhpDoc documentation for @ignore.
Loading history...
|
|||
79 | // Not supported |
||
80 | return 0; |
||
81 | |||
82 | } |
||
83 | |||
84 | |||
85 | function user_exists($username) { |
||
0 ignored issues
–
show
The function
user_exists() has been defined more than once; this definition is ignored, only the first definition in html/includes/authentica...ctive_directory.inc.php (L110-123) is considered.
This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This
may lead to problems with the detection of function parameters and types. If you really
need to do this, you can mark the duplicate definition with the /**
* @ignore
*/
function getUser() {
}
function getUser($id, $realm) {
}
See also the PhpDoc documentation for @ignore.
Loading history...
|
|||
86 | global $config, $ds; |
||
87 | |||
88 | $filter = '('.$config['auth_ldap_prefix'].$username.')'; |
||
89 | $search = ldap_search($ds, trim($config['auth_ldap_suffix'], ','), $filter); |
||
90 | $entries = ldap_get_entries($ds, $search); |
||
91 | if ($entries['count']) { |
||
92 | return 1; |
||
93 | } |
||
94 | |||
95 | return 0; |
||
96 | |||
97 | } |
||
98 | |||
99 | |||
100 | function get_userlevel($username) { |
||
0 ignored issues
–
show
The function
get_userlevel() has been defined more than once; this definition is ignored, only the first definition in html/includes/authentica...ctive_directory.inc.php (L126-145) is considered.
This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This
may lead to problems with the detection of function parameters and types. If you really
need to do this, you can mark the duplicate definition with the /**
* @ignore
*/
function getUser() {
}
function getUser($id, $realm) {
}
See also the PhpDoc documentation for @ignore.
Loading history...
|
|||
101 | global $config, $ds; |
||
102 | |||
103 | $userlevel = 0; |
||
104 | |||
105 | // Find all defined groups $username is in |
||
106 | $filter = '(&(|(cn='.join(')(cn=', array_keys($config['auth_ldap_groups'])).'))('.$config['auth_ldap_groupmemberattr'].'='.get_membername($username).'))'; |
||
107 | $search = ldap_search($ds, $config['auth_ldap_groupbase'], $filter); |
||
108 | $entries = ldap_get_entries($ds, $search); |
||
109 | |||
110 | // Loop the list and find the highest level |
||
111 | View Code Duplication | foreach ($entries as $entry) { |
|
112 | $groupname = $entry['cn'][0]; |
||
113 | if ($config['auth_ldap_groups'][$groupname]['level'] > $userlevel) { |
||
114 | $userlevel = $config['auth_ldap_groups'][$groupname]['level']; |
||
115 | } |
||
116 | } |
||
117 | |||
118 | return $userlevel; |
||
119 | |||
120 | } |
||
121 | |||
122 | |||
123 | function get_userid($username) { |
||
0 ignored issues
–
show
The function
get_userid() has been defined more than once; this definition is ignored, only the first definition in html/includes/authentica...ctive_directory.inc.php (L148-161) is considered.
This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This
may lead to problems with the detection of function parameters and types. If you really
need to do this, you can mark the duplicate definition with the /**
* @ignore
*/
function getUser() {
}
function getUser($id, $realm) {
}
See also the PhpDoc documentation for @ignore.
Loading history...
|
|||
124 | global $config, $ds; |
||
125 | |||
126 | $filter = '('.$config['auth_ldap_prefix'].$username.')'; |
||
127 | $search = ldap_search($ds, trim($config['auth_ldap_suffix'], ','), $filter); |
||
128 | $entries = ldap_get_entries($ds, $search); |
||
129 | |||
130 | if ($entries['count']) { |
||
131 | return $entries[0]['uidnumber'][0]; |
||
132 | } |
||
133 | |||
134 | return -1; |
||
135 | |||
136 | } |
||
137 | |||
138 | |||
139 | function deluser($username) { |
||
0 ignored issues
–
show
The function
deluser() has been defined more than once; this definition is ignored, only the first definition in html/includes/authentica...ctive_directory.inc.php (L164-171) is considered.
This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This
may lead to problems with the detection of function parameters and types. If you really
need to do this, you can mark the duplicate definition with the /**
* @ignore
*/
function getUser() {
}
function getUser($id, $realm) {
}
See also the PhpDoc documentation for @ignore.
Loading history...
|
|||
140 | // Not supported |
||
141 | return 0; |
||
142 | |||
143 | } |
||
144 | |||
145 | |||
146 | View Code Duplication | function get_userlist() { |
|
0 ignored issues
–
show
The function
get_userlist() has been defined more than once; this definition is ignored, only the first definition in html/includes/authentica...ctive_directory.inc.php (L174-217) is considered.
This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This
may lead to problems with the detection of function parameters and types. If you really
need to do this, you can mark the duplicate definition with the /**
* @ignore
*/
function getUser() {
}
function getUser($id, $realm) {
}
See also the PhpDoc documentation for @ignore.
Loading history...
|
|||
147 | global $config, $ds; |
||
148 | $userlist = array(); |
||
149 | |||
150 | $filter = '('.$config['auth_ldap_prefix'].'*)'; |
||
151 | |||
152 | $search = ldap_search($ds, trim($config['auth_ldap_suffix'], ','), $filter); |
||
153 | $entries = ldap_get_entries($ds, $search); |
||
154 | |||
155 | if ($entries['count']) { |
||
156 | foreach ($entries as $entry) { |
||
157 | $username = $entry['uid'][0]; |
||
158 | $realname = $entry['cn'][0]; |
||
159 | $user_id = $entry['uidnumber'][0]; |
||
160 | $email = $entry[$config['auth_ldap_emailattr']][0]; |
||
161 | $ldap_groups = get_group_list(); |
||
162 | foreach ($ldap_groups as $ldap_group) { |
||
163 | $ldap_comparison = ldap_compare( |
||
164 | $ds, |
||
165 | $ldap_group, |
||
166 | $config['auth_ldap_groupmemberattr'], |
||
167 | get_membername($username) |
||
168 | ); |
||
169 | if (!isset($config['auth_ldap_group']) || $ldap_comparison === true) { |
||
170 | $userlist[] = array( |
||
171 | 'username' => $username, |
||
172 | 'realname' => $realname, |
||
173 | 'user_id' => $user_id, |
||
174 | 'email' => $email, |
||
175 | ); |
||
176 | } |
||
177 | } |
||
178 | } |
||
179 | } |
||
180 | return $userlist; |
||
181 | } |
||
182 | |||
183 | |||
184 | function can_update_users() { |
||
0 ignored issues
–
show
The function
can_update_users() has been defined more than once; this definition is ignored, only the first definition in html/includes/authentica...ctive_directory.inc.php (L220-223) is considered.
This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This
may lead to problems with the detection of function parameters and types. If you really
need to do this, you can mark the duplicate definition with the /**
* @ignore
*/
function getUser() {
}
function getUser($id, $realm) {
}
See also the PhpDoc documentation for @ignore.
Loading history...
|
|||
185 | // not supported so return 0 |
||
186 | return 0; |
||
187 | |||
188 | } |
||
189 | |||
190 | |||
191 | function get_user($user_id) { |
||
0 ignored issues
–
show
The function
get_user() has been defined more than once; this definition is ignored, only the first definition in html/includes/authentica...ctive_directory.inc.php (L226-229) is considered.
This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This
may lead to problems with the detection of function parameters and types. If you really
need to do this, you can mark the duplicate definition with the /**
* @ignore
*/
function getUser() {
}
function getUser($id, $realm) {
}
See also the PhpDoc documentation for @ignore.
Loading history...
|
|||
192 | // not supported |
||
193 | return 0; |
||
194 | |||
195 | } |
||
196 | |||
197 | |||
198 | function update_user($user_id, $realname, $level, $can_modify_passwd, $email) { |
||
0 ignored issues
–
show
The function
update_user() has been defined more than once; this definition is ignored, only the first definition in html/includes/authentica...ctive_directory.inc.php (L232-234) is considered.
This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This
may lead to problems with the detection of function parameters and types. If you really
need to do this, you can mark the duplicate definition with the /**
* @ignore
*/
function getUser() {
}
function getUser($id, $realm) {
}
See also the PhpDoc documentation for @ignore.
Loading history...
|
|||
199 | // not supported |
||
200 | return 0; |
||
201 | |||
202 | } |
||
203 | |||
204 | |||
205 | View Code Duplication | function get_membername($username) { |
|
0 ignored issues
–
show
The function
get_membername() has been defined more than once; this definition is ignored, only the first definition in html/includes/authentica...p-authorization.inc.php (L256-272) is considered.
This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This
may lead to problems with the detection of function parameters and types. If you really
need to do this, you can mark the duplicate definition with the /**
* @ignore
*/
function getUser() {
}
function getUser($id, $realm) {
}
See also the PhpDoc documentation for @ignore.
Loading history...
|
|||
206 | global $config, $ds; |
||
207 | if ($config['auth_ldap_groupmembertype'] == 'fulldn') { |
||
208 | $membername = $config['auth_ldap_prefix'].$username.$config['auth_ldap_suffix']; |
||
209 | } |
||
210 | elseif ($config['auth_ldap_groupmembertype'] == 'puredn') { |
||
211 | $filter = '('.$config['auth_ldap_attr']['uid'].'='.$username.')'; |
||
212 | $search = ldap_search($ds, $config['auth_ldap_groupbase'], $filter); |
||
213 | $entries = ldap_get_entries($ds, $search); |
||
214 | $membername = $entries[0]['dn']; |
||
215 | } |
||
216 | else { |
||
217 | $membername = $username; |
||
218 | } |
||
219 | |||
220 | return $membername; |
||
221 | |||
222 | } |
||
223 | |||
224 | |||
225 | function get_group_list() { |
||
0 ignored issues
–
show
The function
get_group_list() has been defined more than once; this definition is ignored, only the first definition in html/includes/authentica...ctive_directory.inc.php (L255-279) is considered.
This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This
may lead to problems with the detection of function parameters and types. If you really
need to do this, you can mark the duplicate definition with the /**
* @ignore
*/
function getUser() {
}
function getUser($id, $realm) {
}
See also the PhpDoc documentation for @ignore.
Loading history...
|
|||
226 | global $config; |
||
227 | |||
228 | $ldap_groups = array(); |
||
229 | $default_group = 'cn=groupname,ou=groups,dc=example,dc=com'; |
||
230 | View Code Duplication | if (isset($config['auth_ldap_group'])) { |
|
231 | if ($config['auth_ldap_group'] !== $default_group) { |
||
232 | $ldap_groups[] = $config['auth_ldap_group']; |
||
233 | } |
||
234 | } |
||
235 | |||
236 | foreach ($config['auth_ldap_groups'] as $key => $value) { |
||
237 | $dn = "cn=$key,".$config['auth_ldap_groupbase']; |
||
238 | $ldap_groups[] = $dn; |
||
239 | } |
||
240 | |||
241 | return $ldap_groups; |
||
242 | |||
243 | } |
||
244 |
This check looks for functions that have already been defined in other files.
Some Codebases, like WordPress, make a practice of defining functions multiple times. This may lead to problems with the detection of function parameters and types. If you really need to do this, you can mark the duplicate definition with the
@ignore
annotation.See also the PhpDoc documentation for @ignore.