first commit

2025-07-18 16:20:14 +07:00
commit 98af45c018
16382 changed files with 3148096 additions and 0 deletions
--- a/plugins/simpleldap/pages/ajax_test_auth.php
+++ b/plugins/simpleldap/pages/ajax_test_auth.php
@@ -0,0 +1,140 @@
+<?php
+include "../../../include/boot.php";
+include "../../../include/authenticate.php"; if (!checkperm("u")) {exit ("Permission denied.");}
+
+
+
+$simpleldap['domain']                = getval('domain', '');
+$simpleldap['ldapserver']            = getval('ldapserver', '');
+$simpleldap['ldapuser']              = getval('ldapuser', '');
+$simpleldap['ldappassword']          = getval('ldappassword', '');
+$userdomain                          = getval('userdomain', '');
+$simpleldap['port']                  = getval('port', '');
+$simpleldap['ldaptype']              = getval('ldaptype', 1);
+$simpleldap['basedn']                = getval('basedn', '');
+$simpleldap['loginfield']            = getval('loginfield', '');
+$simpleldap['ldapgroupfield']        = getval('ldapgroupfield', '');
+$simpleldap['email_attribute']       = getval('email_attribute', '');
+$simpleldap['phone_attribute']       = getval('phone_attribute', '');
+$simpleldap['emailsuffix']           = getval('emailsuffix','');
+$simpleldap['LDAPTLS_REQCERT_never'] = getval('LDAPTLS_REQCERT_never', 0,true) != 0;
+
+$escaped_ldapuser = (function_exists('ldap_escape')) ? ldap_escape($simpleldap['ldapuser'], '', LDAP_ESCAPE_DN) : $simpleldap['ldapuser'];
+
+// Test we can connect to domain
+$bindsuccess=false; 
+
+if($simpleldap['LDAPTLS_REQCERT_never'])
+    {
+    putenv('LDAPTLS_REQCERT=never');
+    }
+// Set LDAP options for all connections
+ldap_set_option(null, LDAP_OPT_NETWORK_TIMEOUT, 2);
+ldap_set_option(null, LDAP_OPT_PROTOCOL_VERSION, 3);
+
+if (substr(strtolower($simpleldap['ldapserver']),0,4) == "ldap") {
+    $connstring = $simpleldap['ldapserver'];
+} elseif ($simpleldap['port'] == 636) {
+    $connstring = 'ldaps://' . $simpleldap['ldapserver'] . ':636';
+} else {
+    $connstring = 'ldap://' . $simpleldap['ldapserver'] . ':' . $simpleldap['port'];
+}
+
+$userdetails = false;
+$ds = ldap_connect($connstring);
+if ($ds !== false) {
+    if(!isset($simpleldap['ldaptype']) || $simpleldap['ldaptype'] == 1)
+        {
+        if(strpos($escaped_ldapuser, $userdomain) !== false)
+            {
+            $binduserstring = $escaped_ldapuser;
+            }
+        else
+            {
+            $binduserstring = "{$escaped_ldapuser}@{$userdomain}";
+            }
+
+        debug("LDAP - Attempting to bind to AD server as : " . $binduserstring);
+        $GLOBALS["use_error_exception"] = true;
+        try 
+            {
+            $login = ldap_bind( $ds, ldap_escape($binduserstring, "", LDAP_ESCAPE_DN), $simpleldap['ldappassword'] );
+            }
+        catch(Exception $e)
+            {
+            debug("ERROR: LDAP bind failed " . $e->getMessage());
+            $login=false;
+            }
+        unset($GLOBALS["use_error_exception"]);
+        if ($login)
+            {
+            debug("LDAP - Success binding to AD server as : " . $binduserstring);
+            $bindsuccess=true;
+            }
+        else
+            {
+            debug("LDAP - Failed binding to AD server as : " . $binduserstring);
+            }
+        }
+    else
+        {
+        $searchdns=explode(";",$simpleldap['basedn']);
+        foreach($searchdns as $searchdn)
+            {
+            $binduserstring = $simpleldap['loginfield'] . "=" . $escaped_ldapuser . "," . $searchdn;
+            debug("LDAP - Attempting to bind to AD server as : " . $binduserstring);
+            $GLOBALS["use_error_exception"] = true;
+            try 
+                {
+                $login = ldap_bind( $ds, $binduserstring, $simpleldap['ldappassword'] );
+                }
+            catch(Exception $e)
+                {
+                debug("ERROR: LDAP bind failed " . $e->getMessage());
+                $login=false;
+                }
+            unset($GLOBALS["use_error_exception"]);
+            if (!$login)
+                {
+                debug("LDAP bind failed: " . $searchdn);
+                }
+            else
+                {
+                $bindsuccess=true;
+                break;
+                }
+            }
+        }
+
+    ldap_get_option($ds, LDAP_OPT_ERROR_STRING, $last_ldap_error);
+    $response['bindsuccess'] = $bindsuccess ? $lang['status-ok'] : "{$lang['status-fail']} - " . ldap_error($ds) . " ( {$last_ldap_error} )";
+    $response['memberof']    = array();
+
+    $userdetails=simpleldap_authenticate($simpleldap['ldapuser'],$simpleldap['ldappassword']);
+
+    unset($GLOBALS["use_error_exception"]);
+
+    if ($userdetails) {
+        $response['success'] = true;
+        $response['message'] = $lang["status-ok"];
+        $response['domain'] = $userdetails['domain'];
+        $response['binduser'] = $userdetails['binduser'];
+        $response['username'] = $userdetails['username'];
+        $response['displayname'] = $userdetails['displayname'];
+        $response['group'] = $userdetails['group'];
+        $response['email'] = $userdetails['email'];
+        $response['phone'] = $userdetails['phone'];
+        $response['memberof'] = $userdetails['memberof'];
+    } else {
+        $response['success'] = false;
+        $response['message'] = $lang["status-fail"];
+    }
+} else {
+    $response['success'] = false;
+    $response['message'] = "LDAP - Invalid connection URL: '" . $connstring . "'";
+}
+
+$response['complete'] = true;
+
+echo json_encode($response);
+exit();