Posted by Anonymous on Thu 28th May 07:08 (modification of post by view diff)
download | new post

<?php
 
/* Multi-purpose Active Directory Authentication front-end
Written by Mark Cutting. Designed to be a portal for all custom 
written applications. This function is to be executed after
the user enters their username and password. All subsequent 
pages will use an include function to call checkauth.php
This prevents any malicious users attempting to bypass 
the login prompt by chosing a page from the directory */
 
//Temporarily disable error reporting
ini_set('error_reporting', E_NONE);
 
//Temporarily disable all warnings
ini_set('display_errors', 0);
 
// Test to see which browser is being used
$_SERVER['HTTP_USER_AGENT'];
 
        $browsers = array(
//            'MSIE',
                'Chrome',
                );
 
// Loop through browser detection. If there is an unsupported browser, advise, and kill script
        foreach ($browsers as $b) {
                if (stristr($_SERVER['HTTP_USER_AGENT'], $b) !== FALSE) {
echo '<strong><font color=red>FAILED: </strong>'.$_SERVER['HTTP_USER_AGENT']; echo '<br></strong>'; 
die ('<font color=black>Sorry, this application is not supported by this browser.');
} else { 
 
}
}
// start the session
session_start();
 
/*simple checking of the data*/
if (!$_POST['username'])
{
die('<b><font color=red>The username cannot be blank</b>');
}
if (!$_POST['password'] )
{
die('<b><font color=red>The password cannot be blank</b>');
}
 
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
$basedn = ''; //AD suffix goes here, for example, "dc=sales, dc=microsoft, dc=com"
$domain = ''; // Domain suffix goes here, for example "sales.microsoft.com"
$username = $_POST['username']; // Username provided in form
$password = $_POST['password']; // Password provided in form
$dusername = $username . "@" . $domain; // Add $domain variable to username to make FQDN
 
$conn = ldap_connect("") // AD server goes here as IP Address or FQDN
   or die("Could not connect to Active Directory!");
 
if ($conn) {
 
 
   // binding to ldap server
   $bind = ldap_bind($conn, $dusername, $password);
 
/* Ideally, we want to secure the login session to that not just anyone in AD can
gain access to our portal session. We can do this by using an explicit define
that looks for particular login ID's. If these do not matchm the session is 
stopped, and a denied message displayed to the user */
 
/* This section is broken, so disabling for now - should really be an array for multiples
   if (!($dusername == ''. "@". $domain)) die ("<font color=red><b>You are not permitted to logon to this section</b>");
   if (!($dusername == ''. "@". $domain)) die ("<font color=red><b>You are not permitted to logon to this section</b>");
   if (!($dusername == ''. "@". $domain)) die ("<font color=red><b>You are not permitted to logon to this section</b>");
   if (!($dusername == ''. "@". $domain)) die ("<font color=red><b>You are not permitted to logon to this section</b>");
*/
 
   // verify binding
   if ($bind) {
   header("Location: main.php"); 
   
   $_SESSION['username'] = $_POST['username']';
   } else {
       echo "<font color=red><b>Invalid User Name/Password Please Retype</b>";
   }
}
?> 

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:

To highlight particular lines, prefix each line with @@

<?php

/* Multi-purpose Active Directory Authentication front-end
Written by Mark Cutting. Designed to be a portal for all custom 
written applications. This function is to be executed after
the user enters their username and password. All subsequent 
pages will use an include function to call checkauth.php
This prevents any malicious users attempting to bypass 
the login prompt by chosing a page from the directory */

//Temporarily disable error reporting
ini_set('error_reporting', E_NONE);

//Temporarily disable all warnings
ini_set('display_errors', 0);

// Test to see which browser is being used
$_SERVER['HTTP_USER_AGENT'];

	$browsers = array(
//		'MSIE',
		'Chrome',
		);

// Loop through browser detection. If there is an unsupported browser, advise, and kill script
	foreach ($browsers as $b) {
		if (stristr($_SERVER['HTTP_USER_AGENT'], $b) !== FALSE) {
echo '<strong><font color=red>FAILED: </strong>'.$_SERVER['HTTP_USER_AGENT']; echo '<br></strong>'; 
die ('<font color=black>Sorry, this application is not supported by this browser.');
} else { 

}
}
// start the session
session_start();

/*simple checking of the data*/
if (!$_POST['username'])
{
die('<b><font color=red>The username cannot be blank</b>');
}
if (!$_POST['password'] )
{
die('<b><font color=red>The password cannot be blank</b>');
}

ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
$basedn = ''; //AD suffix goes here, for example, "dc=sales, dc=microsoft, dc=com"
$domain = ''; // Domain suffix goes here, for example "sales.microsoft.com"
$username = $_POST['username']; // Username provided in form
$password = $_POST['password']; // Password provided in form
$dusername = $username . "@" . $domain; // Add $domain variable to username to make FQDN

$conn = ldap_connect("") // AD server goes here as IP Address or FQDN
   or die("Could not connect to Active Directory!");

if ($conn) {


   // binding to ldap server
   $bind = ldap_bind($conn, $dusername, $password);

/* Ideally, we want to secure the login session to that not just anyone in AD can
gain access to our portal session. We can do this by using an explicit define
that looks for particular login ID's. If these do not matchm the session is 
stopped, and a denied message displayed to the user */

/* This section is broken, so disabling for now - should really be an array for multiples

   if (!($dusername == ''. "@". $domain)) die ("<font color=red><b>You are not permitted to logon to this section</b>");
   if (!($dusername == ''. "@". $domain)) die ("<font color=red><b>You are not permitted to logon to this section</b>");
   if (!($dusername == ''. "@". $domain)) die ("<font color=red><b>You are not permitted to logon to this section</b>");
   if (!($dusername == ''. "@". $domain)) die ("<font color=red><b>You are not permitted to logon to this section</b>");
*/

   // verify binding
   if ($bind) {
   header("Location: main.php"); 
   
   $_SESSION['username'] = $_POST['username']';



   } else {
       echo "<font color=red><b>Invalid User Name/Password Please Retype</b>";
   }


}


?>

Your Name

Remember me

How long should your post be retained?
a day a month forever

pastebin - collaborative debugging

Recent Posts

At last!

About

Credits

Posted by Anonymous on Thu 28th May 07:08 (modification of post by view diff)
download | new post

pastebin - collaborative debugging

Recent Posts

At last!

About

Credits

Posted by Anonymous on Thu 28th May 07:08 (modification of post by view diff)download | new post

Posted by Anonymous on Thu 28th May 07:08 (modification of post by view diff)
download | new post