Solved

php 5.3 LDAP login member of

Posted on 2013-11-22
4
968 Views
Last Modified: 2013-11-24
hello,
i have a problem with this script:
login.php
<?php
include("authenticate.php");
 
// check to see if user is logging out
if(isset($_GET['out'])) {
    // destroy session
    session_unset();
    $_SESSION = array();
    unset($_SESSION['user'],$_SESSION['access']);
    session_destroy();
}
 
// check to see if login form has been submitted
if(isset($_POST['userLogin'])){
    // run information through authenticator
    if(authenticate($_POST['userLogin'],$_POST['userPassword']))
    {
        // authentication passed
        header("Location: index.php");
        die();
    } else {
        // authentication failed
        $error = 1;
    }
}
 
// output error to user
if (isset($error)){ echo "Login failed: Incorrect user name, password, or rights<br />";}
 
// output logout success
if (isset($_GET['out'])) echo "Logout successful<br />";
?>
 
<form method="post" action="login.php">
    User: <input type="text" name="userLogin" /><br />
    Password: <input type="password" name="userPassword" /><br />
    <input type="submit" name="submit" value="Submit" />
</form>

Open in new window


authenticate.php
<?php
function authenticate($user, $password) {
    // Active Directory server
    $ldap_host = "xxxx";
 
    // Active Directory DN
    $ldap_dn = "OU=ou,DC=dc,DC=dc";
 
    // Active Directory user group
    $ldap_user_group = "Intranet Users";
 
    // Active Directory manager group
    $ldap_manager_group = "Intranet Admin";
 
    // Domain, for purposes of constructing $user
    $ldap_usr_dom = "@xxxx.xx";
 
    // connect to active directory
    $ldap = ldap_connect($ldap_host);
 
    // verify user and password
    if($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
        // valid
        // check presence in groups
        $filter = "(sAMAccountName=" . $user . ")";
        $attr = array("memberof");
        $result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
        $entries = ldap_get_entries($ldap, $result);
        ldap_unbind($ldap);
 
		//echo $entries;
        // check groups
        foreach($entries[0]['memberof'] as $grps) {
            // is manager, break loop
            if (strpos($grps, $ldap_manager_group)) { $access = 2; break; }
 
            // is user
            if (strpos($grps, $ldap_user_group)) $access = 1;
        }
 
        if ($access != 0) {
            // establish session variables
            $_SESSION['user'] = $user;
            $_SESSION['access'] = $access;
            return true;
        } else {
            // user has no rights
            return false;
        }
 
    } else {
        // invalid name or password
        return false;
    }
}
?>

Open in new window


i have this error:
PHP Notice:  Undefined index: memberof in C:\inetpub\wwwroot\authenticate.php on line 33
PHP Warning:  Invalid argument supplied for foreach() in C:\inetpub\wwwroot\authenticate.php on line 33
PHP Notice:  Undefined variable: access in C:\inetpub\wwwroot\authenticate.php on line 41

line 33 -->      
        foreach($entries[0]['memberof'] as $grps) {

Open in new window


ligne 41-->    
        if ($access != 0) {

Open in new window



can you help us.
regards.
0
Comment
Question by:iddisarl
  • 3
4 Comments
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
$entries appears to be created on line 28 with this instruction:

$entries = ldap_get_entries($ldap, $result);

Please add var_dump($entries) and post the output here.
0
 

Author Comment

by:iddisarl
Comment Utility
hello thank you for your help,
if i disable error reporting and use var_dump
i have this output:
array(2) { ["count"]=> int(1) [0]=> array(2) { ["count"]=> int(0) ["dn"]=> string(41) "CN=test,OU=MYOU,DC=MYDC,DC=MYDCLTD" } }
if i enable error reporting i still have the same errors
regards
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
Comment Utility
That tells us that the output from ldap_get_entries() looks this way

array
( ["count"]=> int(1)
, [0]=> array
        ( ["count" ] => int(0)
        , ["dn"]     => "CN=test,OU=MYOU,DC=MYDC,DC=MYDCLTD" 
        ) 
)

Open in new window

In other words, $entries[0] has two elements named "count" and "dn" but nothing named "memberof" is in there.
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This article discusses how to create an extensible mechanism for linked drop downs.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now