pastebin - collaborative debugging

pastebin is a collaborative debugging tool allowing you to share and modify code snippets while chatting on IRC, IM or a message board.

This site is developed to XHTML and CSS2 W3C standards. If you see this paragraph, your browser does not support those standards and you need to upgrade. Visit WaSP for a variety of options.

PHP ZTDev Pastebin View Help

Posted by lindsaym on Wed 2nd Dec 12:33 (modification of post by mlindsay view diff)
diff | download | new post

  1. <?php
  2. /*******************************************************************************\
  3. *
  4. *       This program is free software: you can redistribute it and/or modify
  5. *       it under the terms of the GNU General Public License as published by
  6. *       the Free Software Foundation, either version 2 of the License, or
  7. *       (at your option) any later version.
  8. *
  9. *       This program is distributed in the hope that it will be useful,
  10. *       but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. *       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12. *       GNU General Public License for more details.
  13. *
  14. *       You should have received a copy of the GNU General Public License
  15. *       along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16. *
  17. *
  18. *              Date:        $Date: 12/02/2009$
  19. *              Revision:                  $Rev: 6$
  20. *              Last Edited by:                $Author: Mike Lindsay (mike.lindsay@cbc.ca)$
  21. *              ID:                    $Id:$
  22. *              FileName:                  LDAP.class.php
  23. *
  24. *
  25. \*******************************************************************************/
  26.  
  27. /* required functions
  28. * ldap_auth_user($username, $pass) returns $userDN
  29. * ldap_verify_group($userDN, $this->ldap_requiredGroup_dn, $this->ldap_groupMemberSearch) returns TRUE or FALSE
  30. * ldap_usertable_sync($that, $userDN, $passphrase) returns assoc array $ldapRtnArray
  31. * ldap_usertable_cleanup($that) removes or marks inactive users from the ZT db if not an ldap/ad group member
  32. */
  33.  
  34. ##INTERNAL VARS
  35.  
  36.  
  37. ##GENERAL LDAP INTERNAL FUNCTIONS
  38. function ldapConnect($server, $port, $tls){
  39.         $GLOBALS["ldapconn"] = ldap_connect($server, $port)
  40.                         or die(ldapError("Could not connect to $ldaphost"));
  41.         //SETUP ANY LDAP OPTIONS
  42.         ldap_set_option($GLOBALS["ldapconn"], LDAP_OPT_REFERRALS, 0);
  43.  
  44.         if (!ldap_set_option($GLOBALS["ldapconn"], LDAP_OPT_PROTOCOL_VERSION, 3)) {
  45.                 die(ldapError("Failed to set LDAP Protocol version to 3, TLS not supported."));
  46.         }
  47.  
  48.         if ($GLOBALS["ldapconn"] && $tls) {
  49.             if (!ldap_start_tls($GLOBALS["ldapconn"])) {
  50.               die(ldapError("LDAP TLS Connection Failed"));
  51.             }
  52.         }
  53. }
  54.  
  55. function ldapClose(){
  56.         ldap_unbind($GLOBALS["ldapconn"]);
  57.         unset($GLOBALS["ldapconn"]);
  58. }
  59.  
  60. function ldapError($errorText){
  61.         $str = "<b><font color=\"#ff0000\">" . $errorText ;
  62.         $str .= "<br>(LDAP ERR: " . ldap_error($GLOBALS["ldapconn"]) . " : " . ldap_errno($GLOBALS["ldapconn"]);
  63.         $str .= ")</font></b>";
  64.         return($str);
  65. }
  66.  
  67.  
  68.  
  69. ##EXTERNALLY CALLED FUNCTIONS
  70. //AUTH THE USER AGAINST LDAP TO CHECK FOR VALID ACCOUNT
  71. function ldap_auth_user($userDN, $pass, $failover){
  72.         $ldapbind = ldap_bind($GLOBALS["ldapconn"], $userDN, $pass);
  73.         // verify binding
  74.         if ($ldapbind) {
  75.                 return 1;
  76.         } else {
  77.                 if(ldap_errno($GLOBALS["ldapconn"]) == "81"){
  78.                         if($failover){
  79.                                 //Get the error number
  80.                                 ldapError("falling over to internal authentication");
  81.                                 //HAND OVER AUTH TO ZT DB
  82.                                 return(999); //
  83.                         }else{
  84.                                 die(ldapError("Could not connect to LDAP Server"));
  85.                         }
  86.                 }else{
  87.                         echo ldapError("LDAP User not authenticated...");
  88.                         return 0;
  89.                 }
  90.         }
  91. }
  92.  
  93. //VERIFY THAT THE AUTH'ED USER IS A MEMBER OF THE REQUIRED GROUP
  94. function ldap_verify_group($userDN, $baseDN, $requiredGroup_dn, $groupMemberSearch){
  95.  
  96.         $justThese = array($groupMemberSearch);
  97.         $sr=ldap_search($GLOBALS["ldapconn"], $requiredGroup_dn, "(&(objectclass=*))", $justThese);
  98.         $info = ldap_get_entries($GLOBALS["ldapconn"], $sr); //retuns a nested array
  99.                 /*
  100.                  * Array (
  101.                  *           [count] => 1
  102.                  *           [0] => Array (
  103.                  *                     [$groupMemberSearch] => Array (
  104.                  *                          [count] => 7
  105.                  *                          [0] => uid=browmb,ou=People,dc=example,dc=com
  106.                  *                          [1] => uid=yellowf,ou=People,dc=example,dc=com
  107.                  *                          [2] => uid=bluel,ou=People,dc=example,dc=com
  108.                  *                          [3] => uid=greym,ou=People,dc=example,dc=com
  109.                  *                          [4] => uid=purplet,ou=People,dc=example,dc=com
  110.                  *                          [5] => uid=greenp,ou=People,dc=example,dc=com
  111.                  *                          [6] => uid=zenadmin,ou=People,dc=example,dc=com
  112.                  *                     )
  113.                  *                     [0] => $groupMemberSearch
  114.                  *                     [count] => 1
  115.                  *                     [dn] => cn=Zentrack,ou=Groups,dc=example,dc=com
  116.                  *           )
  117.                  *      )
  118. */
  119.         foreach($info[0]["$groupMemberSearch"] as $value){
  120.                 if(strtolower($value) == strtolower($userDN)){
  121.                         return TRUE; //User is part of the group
  122.                 }
  123.         }
  124.         echo ldapError("LDAP User is not part of the ZenTrack Group ($requiredGroup_dn)...");
  125.         return FALSE; //If we hit this then the User is not part of the group, or something broke
  126. }
  127.  
  128. function ldap_usertable_sync($that, $userDN, $passphrase){
  129.         //GET THE USER INFO FROM LDAP THAT IS NEEDED FOR ZT
  130.         $objectFilter=array();
  131.         foreach ($that->ldapToZTuserMapping as $value){
  132.                 $objectFilter[] .= $value;
  133.         }
  134.         $sr=ldap_search($GLOBALS["ldapconn"], $userDN, "(&(objectclass=*))", $objectFilter);
  135.         $ldapUserInfo = ldap_get_entries($GLOBALS["ldapconn"], $sr); //returns a nested array
  136.  
  137.         //FLATTEN THE RETURNED ARRAY, AND INSERT NULL VALUES IF LDAP IS MISSING OBJECTS
  138.         $i = 0;
  139.         $ldapUserFields=array();
  140.         while($i < $ldapUserInfo[0]["count"]){
  141.                 $x = $ldapUserInfo[0][$i];
  142.                 $ldapUserFields[$x] = $ldapUserInfo[0][$x][0];
  143.                 $i++;
  144.         }
  145.         unset($ldapUserInfo);
  146.         unset($value);
  147.  
  148.         foreach($that->ldapToZTuserMapping as $value){
  149.                 if(!isset($ldapUserFields["$value"])){ //If the LDAP/AD user is missing fields, set them to a default string
  150.                         $ldapUserFields["$value"] = "Missing LDAP OBJ";
  151.                 }
  152.         }
  153.  
  154.                 //creates the following array
  155.                 /*
  156.                  *      Array
  157.                  *      (
  158.                  *          [uid] => bofh
  159.                  *          [sn] => Master
  160.                  *          [givenname] => The
  161.                  *          [initials] => TM
  162.                  *          [mail] => bofh@example.ca
  163.                  *          [description] => man Sysadmin $> Bribe with beer frequently
  164.                  */
  165.  
  166.         //GET THE ZT DB FIELDS FROM THE MAP THAT WE WANT TO WORK WITH
  167.         $ztUserDBfields = "`user_id`,";
  168.         foreach ($that->ldapToZTuserMapping as $key=>$value){
  169.                 $ztUserDBfields .= "`" .$key . "`,";
  170.         }
  171.         $ztUserDBfields = rtrim($ztUserDBfields, ","); //cleans up the extra comma
  172.  
  173.         //LOOK TO SEE IF THE LDAP USER IS IN THE ZT DB
  174.         $query = "SELECT $ztUserDBfields from `" . $that->table_users
  175.               ."` where `login`=\"" . $ldapUserFields[$that->ldap_user_dn_prefix] . "\"";
  176.  
  177.         $ztUserDB = $that->db_quickIndexed( $query );
  178.  
  179.         if(!is_array($ztUserDB)){ //IF 0 ROWS ARE RETURNED INSERT THE USER INTO THE ZT USER DB
  180.                 unset($value);
  181.                 $insert = "";
  182.  
  183.                 foreach($that->ldapToZTuserMapping as $dbk=>$ldapk){ //Create the insert statment in the corect order to match the map
  184.                         $insert .= $that->checkSlashes($ldapUserFields[$ldapk]) . ",";
  185.                 }
  186.  
  187.                 $insert = rtrim($insert, ","); //cleans up the extra comma
  188.                 $query = "INSERT INTO `"$that->table_users . "` ($ztUserDBfields,`access_level`,`homebin`,`passphrase`,`active`) VALUES " .
  189.                                                 "(NULL,$insert, '$that->ldap_default_accessLevel','$that->ldap_default_homeBin', '" . md5($passphrase) ."', '1')";
  190.                 $insertionResult = $that->db_result($query);
  191.                 if(!$insertionResult){
  192.                         echo "<font color=\"ff0000\"><b>User record insertion into ZenTrack Database failed" .
  193.                                                 ", please contact your Systems Administrator</font></b><br>";
  194.                         //echo "$that->dbErrMsg <br>";
  195.                        return(0);
  196.                 }
  197.                 return(1);
  198.         }else{ //CHECK TO SEE IF THE ZT DB IS DIFFERENT FROM THE LDAP INFO
  199.                 $recordUpdate = "`passphrase`='" . md5($passphrase) . "',"; //Always re-sync the password in the ZT DB to LDAP/AD
  200.  
  201.                 foreach ($that->ldapToZTuserMapping as $dbk=>$ldapk){
  202.                         if($ldapUserFields["$ldapk"] != $ztUserDB["$dbk"]){
  203.                                 $recordUpdate .= "`" . $dbk . "`=" . $that->checkSlashes($ldapUserFields["$ldapk"]) . ",";
  204.                         }
  205.                 }
  206.  
  207.                 $recordUpdate = rtrim($recordUpdate, ",");//cleans up the extra comma
  208.  
  209.                 //NOW BUILD THE UPDATE QUERY
  210.                 $query = "UPDATE `"$that->table_users . "` SET " .
  211.                                         $recordUpdate . " WHERE " .
  212.                                         "`user_id`=" . $ztUserDB["user_id"] . " LIMIT 1";
  213.                 $insertionResult = $that->db_result($query);
  214.                 if(!$insertionResult){
  215.                         echo "<font color=\"ff0000\"><b>User record sync failed" .
  216.                                                 ", please contact your Systems Administrator</font></b><br>";
  217.                         //echo "$that->dbErrMsg <br>";
  218.                        return(0);
  219.                 }else{
  220.                         return(1);
  221.                 }
  222.         }
  223. }
  224.  
  225.  
  226. //CLEAN UP THE ZT USER DB, IF A USER IS REMOVED FROM THE ZT LDAP/AD GROUP THEN
  227. //      EITHER DELETE OR MARK INACTIVE THE USER IN THE ZT USER TABLE
  228. function ldap_usertable_cleanup($that){
  229.         //GET THE LDAP GROUP MEMBERS LIST
  230.         $justThese = array($that->ldap_groupMemberSearch);
  231.         $sr=ldap_search($GLOBALS["ldapconn"], $that->ldap_requiredGroup_dn, "(&(objectclass=*))", $justThese);
  232.         $ldapGroupMembers = ldap_get_entries($GLOBALS["ldapconn"], $sr); //retuns a nested array
  233.                 /*
  234.                  * Array (
  235.                  *           [count] => 1
  236.                  *           [0] => Array (
  237.                  *                     [$groupMemberSearch] => Array (
  238.                  *                          [count] => 7
  239.                  *                          [0] => uid=browmb,ou=People,dc=example,dc=com
  240.                  *                          [1] => uid=yellowf,ou=People,dc=example,dc=com
  241.                  *                          [2] => uid=bluel,ou=People,dc=example,dc=com
  242.                  *                          [3] => uid=greym,ou=People,dc=example,dc=com
  243.                  *                          [4] => uid=purplet,ou=People,dc=example,dc=com
  244.                  *                          [5] => uid=greenp,ou=People,dc=example,dc=com
  245.                  *                          [6] => uid=zenadmin,ou=People,dc=example,dc=com
  246.                  *                     )
  247.                  *                     [0] => $groupMemberSearch
  248.                  *                     [count] => 1
  249.                  *                     [dn] => cn=Zentrack,ou=Groups,dc=example,dc=com
  250.                  *           )
  251.                  *      )
  252. */
  253.         //GET THE user_id AND login INFO FOR ALL USERS FROM ZT DB
  254.         $protectedUsers = "(";
  255.         foreach($that->ldap_to_ZT_protected_users as $value){ //exclude protected users
  256.                         $protectedUsers .= "`login` NOT LIKE \"" . $value . "\" AND ";
  257.                 }
  258.         $protectedUsers = rtrim($protectedUsers, "AND "); //cut off the extra AND
  259.         $protectedUsers .= ")";
  260.  
  261.         $query = "SELECT `user_id`,`login` from `" . $that->table_users . "`";
  262.         if($that->ldap_delete_orphined_users){ //if false then we are only marking users inactive
  263.                 $query .= " WHERE " . $protectedUsers;
  264.         }else{
  265.                 $query .= " WHERE `active` > 0 AND " . $protectedUsers;
  266.         }
  267.  
  268.         $ztUserDB = $that->db_queryIndexed( $query );
  269.  
  270.         $i = 0;
  271.         while ($i < count($ztUserDB)){
  272.                 $pattern = "/" . $ztUserDB[$i]["login"] . "/";
  273.                 foreach($ldapGroupMembers[0]["$that->ldap_groupMemberSearch"] as $value){
  274.                         if(!preg_match($pattern,$value)){
  275.                                 $tmp[$ztUserDB[$i]["user_id"]] = $ztUserDB[$i]["login"];
  276.                         }else{
  277.                                 unset($tmp[$ztUserDB[$i]["user_id"]]);
  278.                                 break;
  279.                         }
  280.                 }
  281.  
  282.                 $i++;
  283.         }
  284.  
  285.         if(is_array($tmp) && count($tmp) > 0){ //If we have an array of extra users do the clean up
  286.                 if($that->ldap_delete_orphined_users){ //if $that->ldap_delete_orphined_users is true then delete the ZT DB account
  287.                         foreach($tmp as $key=>$value){
  288.                                 $that->db_delete($that->table_users, "user_id", $key);
  289.                         }
  290.                 }else{ //Mark the user in ZT DB inactive
  291.                         foreach($tmp as $key=>$value){
  292.                                 $query = "UPDATE `"$that->table_users . "` SET " .
  293.                                                 "`active`='0' WHERE " .
  294.                                                 "`user_id`=" . $key . " AND `login`=\"" . $value . "\" LIMIT 1";
  295.                                 if(!$that->db_result($query)){
  296.                                         echo "<font color=\"bbbb00\"><b>The house keeping job has failed" .
  297.                                                 ", this is a non-critical error. Please notify your Systems Administrator</font></b><br>";
  298.                                 }
  299.                         }
  300.                 }
  301.         }
  302.         return(1);
  303. }
  304. ?>

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:

To highlight particular lines, prefix each line with @@


Remember me