FAILED: '.$_SERVER['HTTP_USER_AGENT']; echo '
'; die ('Sorry, this application is not supported by this browser.'); } else { } } // start the session session_start(); /*simple checking of the data*/ if (!$_POST['username']) { die('The username cannot be blank'); } if (!$_POST['password'] ) { die('The password cannot be blank'); } ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3); $basedn = ''; //AD suffix goes here, for example, "dc=sales, dc=microsoft, dc=com" $domain = ''; // Domain suffix goes here, for example "sales.microsoft.com" $username = $_POST['username']; // Username provided in form $password = $_POST['password']; // Password provided in form $dusername = $username . "@" . $domain; // Add $domain variable to username to make FQDN $conn = ldap_connect("") // AD server goes here as IP Address or FQDN or die("Could not connect to Active Directory!"); if ($conn) { // binding to ldap server $bind = ldap_bind($conn, $dusername, $password); /* Ideally, we want to secure the login session to that not just anyone in AD can gain access to our portal session. We can do this by using an explicit define that looks for particular login ID's. If these do not matchm the session is stopped, and a denied message displayed to the user */ /* This section is broken, so disabling for now - should really be an array for multiples if (!($dusername == ''. "@". $domain)) die ("You are not permitted to logon to this section"); if (!($dusername == ''. "@". $domain)) die ("You are not permitted to logon to this section"); if (!($dusername == ''. "@". $domain)) die ("You are not permitted to logon to this section"); if (!($dusername == ''. "@". $domain)) die ("You are not permitted to logon to this section"); */ // verify binding if ($bind) { header("Location: main.php"); $_SESSION['username'] = $_POST['username']'; } else { echo "Invalid User Name/Password Please Retype"; } } ?>