WebSVN – oidplus – Diff – /trunk/plugins/viathinksoft/publicPages/800_login_ldap/OIDplusPagePublicLoginLDAP.class.php


<?php
 
/*
 * OIDplus 2.0
 * Copyright 2019 - 2023 Daniel Marschall, ViaThinkSoft
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 
namespace ViaThinkSoft\OIDplus;
 
// phpcs:disable PSR1.Files.SideEffects
\defined('INSIDE_OIDPLUS') or die;
// phpcs:enable PSR1.Files.SideEffects
 
class OIDplusPagePublicLoginLdap extends OIDplusPagePluginPublic
        implements INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_5, /* alternativeLoginMethods */
                   INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_8  /* getNotifications */
{
 
        /**
         * @param OIDplusRA $ra
         * @param array $ldap_userinfo
         * @return void
         * @throws OIDplusException
         */
        private function registerRA(OIDplusRA $ra, array $ldap_userinfo) {
                $email = $ra->raEmail();
 
                $ra->register_ra(null); // create a user account without password
 
                /*
                OIDplus DB Field          ActiveDirectory field
                ------------------------------------------------
                ra_name                   cn
                personal_name             displayname (or: givenname + " " + sn)
                organization              company
                office                    physicaldeliveryofficename or department
                street                    streetaddress
                zip_town                  postalcode + " " + l
                country                   co (human-readable) or c (ISO country code)
                phone                     telephonenumber or homephone
                mobile                    mobile
                fax                       facsimiletelephonenumber
                (none)                    wwwhomepage
                */
 
                $opuserdata = array();
                $opuserdata['ra_name'] = \VtsLDAPUtils::getString($ldap_userinfo,'cn');
                if (!empty(\VtsLDAPUtils::getString($ldap_userinfo,'displayname'))) {
                        $opuserdata['personal_name'] = \VtsLDAPUtils::getString($ldap_userinfo,'displayname');
                } else {
                        $opuserdata['personal_name'] = trim(\VtsLDAPUtils::getString($ldap_userinfo,'givenname').' '.\VtsLDAPUtils::getString($ldap_userinfo,'sn'));
                }
                $opuserdata['organization'] = \VtsLDAPUtils::getString($ldap_userinfo,'company');
                if (!empty(\VtsLDAPUtils::getString($ldap_userinfo,'physicaldeliveryofficename'))) {
                        $opuserdata['office'] = \VtsLDAPUtils::getString($ldap_userinfo,'physicaldeliveryofficename');
                } else {
                        $opuserdata['office'] = \VtsLDAPUtils::getString($ldap_userinfo,'department');
                }
                $opuserdata['street'] = \VtsLDAPUtils::getString($ldap_userinfo,'streetaddress');
                $opuserdata['zip_town'] = trim(\VtsLDAPUtils::getString($ldap_userinfo,'postalcode').' '.\VtsLDAPUtils::getString($ldap_userinfo,'l'));
                $opuserdata['country'] = \VtsLDAPUtils::getString($ldap_userinfo,'co'); // ISO country code: \VtsLDAPUtils::getString($ldap_userinfo,'c')
                $opuserdata['phone'] = \VtsLDAPUtils::getString($ldap_userinfo,'telephonenumber'); // homephone for private phone number
                $opuserdata['mobile'] = \VtsLDAPUtils::getString($ldap_userinfo,'mobile');
                $opuserdata['fax'] = \VtsLDAPUtils::getString($ldap_userinfo,'facsimiletelephonenumber');
 
                foreach ($opuserdata as $dbfield => $val) {
                        if (!empty($val)) {
                                OIDplus::db()->query("update ###ra set ".$dbfield." = ? where email = ?", array($val, $email));
                        }
                }
        }
 
        /**
         * @param bool $remember_me
         * @param string $email
         * @param array $ldap_userinfo
         * @return void
         * @throws OIDplusException
         */
        private function doLoginRA(bool $remember_me, string $email, array $ldap_userinfo) {
                $ra = new OIDplusRA($email);
                if (!$ra->existing()) {
                        $this->registerRA($ra, $ldap_userinfo);
                        OIDplus::logger()->log("[INFO]RA($email)!", "RA '$email' was created because of successful LDAP login");
                }
 
                OIDplus::authUtils()->raLoginEx($email, $remember_me, 'LDAP');
 
                OIDplus::db()->query("UPDATE ###ra set last_login = ".OIDplus::db()->sqlDate()." where email = ?", array($email));
        }
 
        /**
         * @param string $upn
         * @return int
         * @throws OIDplusException
         */
        private function getDomainNumber(string $upn): int {
                $numDomains = OIDplus::baseConfig()->getValue('LDAP_NUM_DOMAINS', 1);
                for ($i=1; $i<=$numDomains; $i++) {
                        $cfgSuffix = $i == 1 ? '' : "__$i";
                        $upnSuffix = OIDplus::baseConfig()->getValue('LDAP_UPN_SUFFIX'.$cfgSuffix, '');
                        if (str_ends_with($upn, $upnSuffix)) return $i;
                }
                return -1;
        }
 
        /**
         * @param string $actionID
         * @param array $params
         * @return array
         * @throws OIDplusConfigInitializationException
         * @throws OIDplusException
         */
        public function action(string $actionID, array $params): array {
                if ($actionID == 'ra_login_ldap') {
                        if (!OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {
                                throw new OIDplusException(_L('LDAP authentication is disabled on this system.'));
                        }
 
                        if (!function_exists('ldap_connect')) throw new OIDplusConfigInitializationException(_L('PHP extension "%1" not installed','LDAP'));
 
                        OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha');
 
                        _CheckParamExists($params, 'email');
                        _CheckParamExists($params, 'password');
 
                        $upn = $params['email'];
                        $password = $params['password'];
 
                        $domainNumber = $this->getDomainNumber($upn);
                        if ($domainNumber <= 0) {
                                throw new OIDplusException(_L('The server is not configured to handle this domain (the part behind the at-sign)'));
                        }
                        $cfgSuffix = $domainNumber == 1 ? '' : "__$domainNumber";
 
                        if (empty($upn)) {
                                throw new OIDplusException(_L('Please enter a valid username'));
                        }
 
                        $ldap = new \VtsLDAPUtils();
 
                        try {
 
                                $cfg_ldap_server      = OIDplus::baseConfig()->getValue('LDAP_SERVER'.$cfgSuffix);
                                $cfg_ldap_port        = OIDplus::baseConfig()->getValue('LDAP_PORT'.$cfgSuffix, 389);
                                $cfg_ldap_base_dn     = OIDplus::baseConfig()->getValue('LDAP_BASE_DN'.$cfgSuffix);
 
                                // Note: Will throw an Exception if connect fails
                                $ldap->connect($cfg_ldap_server, $cfg_ldap_port);
 
                                if (!$ldap->login($upn, $password)) {
                                        if (OIDplus::config()->getValue('log_failed_ra_logins', false)) {
                                                OIDplus::logger()->log("[WARN]A!", "Failed login to RA account '$upn' using LDAP");
                                        }
                                        throw new OIDplusException(_L('Wrong password or user not registered'));
                                }
 
                                $ldap_userinfo = $ldap->getUserInfo($upn, $cfg_ldap_base_dn);
 
                                if (!$ldap_userinfo) {
                                        throw new OIDplusException(_L('The LDAP login was successful, but the own user %1 cannot be found. Please check the base configuration setting %2 and %3', $upn, "LDAP_BASE_DN$cfgSuffix", "LDAP_UPN_SUFFIX$cfgSuffix"));
                                }
 
                                $foundSomething = false;
 
                                // ---
 
                                $cfgAdminGroup = OIDplus::baseConfig()->getValue('LDAP_ADMIN_GROUP'.$cfgSuffix,'');
                                if (!empty($cfgAdminGroup)) {
                                        $isAdmin = $ldap->isMemberOfRec($ldap_userinfo, $cfgAdminGroup);
                                } else {
                                        $isAdmin = false;
                                }
                                if ($isAdmin) {
                                        $foundSomething = true;
                                        $remember_me = isset($params['remember_me']) && ($params['remember_me']);
                                        OIDplus::authUtils()->adminLoginEx($remember_me, 'LDAP login');
                                }
 
                                // ---
 
                                $cfgRaGroup = OIDplus::baseConfig()->getValue('LDAP_RA_GROUP'.$cfgSuffix,'');
                                if (!empty($cfgRaGroup)) {
                                        $isRA = $ldap->isMemberOfRec($ldap_userinfo, $cfgRaGroup);
                                } else {
                                        $isRA = true;
                                }
                                if ($isRA) {
                                        if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_UPN'.$cfgSuffix,true)) {
                                                $mail = \VtsLDAPUtils::getString($ldap_userinfo, 'userprincipalname');
                                                $foundSomething = true;
                                                $remember_me = isset($params['remember_me']) && ($params['remember_me']);
                                                $this->doLoginRA($remember_me, $mail, $ldap_userinfo);
                                        }
                                        if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_EMAIL'.$cfgSuffix,false)) {
                                                $mails = \VtsLDAPUtils::getArray($ldap_userinfo, 'mail');
                                                foreach ($mails as $mail) {
                                                        $foundSomething = true;
                                                        $remember_me = isset($params['remember_me']) && ($params['remember_me']);
                                                        $this->doLoginRA($remember_me, $mail, $ldap_userinfo);
                                                }
                                        }
                                }
 
                        } finally {
                                $ldap->disconnect();
                                $ldap = null;
                        }
 
                        if (!$foundSomething) {
                                throw new OIDplusException(_L("Error: These credentials cannot be used with OIDplus. Please check the base configuration."));
                        }
 
                        return array("status" => 0);
                } else {
                        return parent::action($actionID, $params);
                }
        }
 
        /**
         * @param bool $html
         * @return void
         */
        public function init(bool $html=true) {
                // Nothing
        }
 
        /**
         * @param string $id
         * @param array $out
         * @param bool $handled
         * @return void
         * @throws OIDplusException
         */
        public function gui(string $id, array &$out, bool &$handled) {
                if ($id === 'oidplus:login_ldap') {
                        $handled = true;
                        $out['title'] = _L('Login using LDAP / ActiveDirectory');
                        $out['icon']  = OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon.png';
 
                        if (!OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {
                                $out['icon'] = 'img/error.png';
                                $out['text'] = _L('LDAP authentication is disabled on this system.');
                                return;
                        }
 
                        if (!function_exists('ldap_connect')) {
                                $out['icon'] = 'img/error.png';
                                $out['text'] = _L('PHP extension "%1" not installed','LDAP');
                                return;
                        }
 
                        $out['text']  = '<noscript>';
                        $out['text'] .= '<p>'._L('You need to enable JavaScript to use the login area.').'</p>';
                        $out['text'] .= '</noscript>';
 
                        $out['text'] .= '<div id="loginLdapArea" style="visibility: hidden">';
 
                        $out['text'] .= OIDplus::getActiveCaptchaPlugin()->captchaGenerate(_L('Before logging in, please solve the following CAPTCHA'));
                        $out['text'] .= '<br>';
 
                        $out['text'] .= '<p><a '.OIDplus::gui()->link('oidplus:login').'><img src="img/arrow_back.png" width="16" alt="'._L('Go back').'"> '._L('Regular login method').'</a></p>';
 
                        $out['text'] .= '<h2>'._L('Login as RA').'</h2>';
 
                        $login_list = OIDplus::authUtils()->loggedInRaList();
                        if (count($login_list) > 0) {
                                foreach ($login_list as $x) {
                                        $out['text'] .= '<p>'._L('You are logged in as %1','<b>'.$x->raEmail().'</b>').' (<a href="#" onclick="return OIDplusPagePublicLogin.raLogout('.js_escape($x->raEmail()).');">'._L('Logout').'</a>)</p>';
                                }
                                $out['text'] .= '<p>'._L('If you have more accounts, you can log in with another account here.').'</p>';
                        } else {
                                $out['text'] .= '<p>'._L('Enter your domain username and your password to log in as Registration Authority.').'</p>';
                        }
                        $out['text'] .= '<form onsubmit="return OIDplusPagePublicLoginLDAP.raLoginLdapOnSubmit(this);">';
                        $out['text'] .= '<div><label class="padding_label">'._L('Username').':</label><input type="text" name="username" value="" id="raLoginLdapUsername">';
                        $out['text'] .= '&nbsp;&nbsp;';
                        $out['text'] .= '<select id="ldapUpnSuffix" name="upnSuffix">';
 
                        $numDomains = OIDplus::baseConfig()->getValue('LDAP_NUM_DOMAINS', 1);
                        for ($i=1; $i<=$numDomains; $i++) {
                                $cfgSuffix = $i == 1 ? '' : "__$i";
                                $upnSuffix = OIDplus::baseConfig()->getValue('LDAP_UPN_SUFFIX'.$cfgSuffix, '');
                                if ($upnSuffix == '') throw new OIDplusException(_L('Invalid base configuration setting: %1 is missing or empty', 'LDAP_UPN_SUFFIX'.$cfgSuffix));
                                $out['text'] .= '<option value="'.htmlentities($upnSuffix).'">'.htmlentities($upnSuffix).'</option>';
                        }
 
                        $out['text'] .= '</select>';
                        $out['text'] .= '</div>';
                        $out['text'] .= '<div><label class="padding_label">'._L('Password').':</label><input type="password" name="password" value="" id="raLoginLdapPassword"></div>';
                        if (OIDplus::baseConfig()->getValue('JWT_ALLOW_LOGIN_USER', true)) {
                                if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreJWT::class)) {
                                        if (OIDplus::authUtils()->getExtendedAttribute('oidplus_generator',-1) === OIDplusAuthContentStoreJWT::JWT_GENERATOR_LOGIN) {
                                                $att = 'disabled checked';
                                        } else {
                                                $att = 'disabled';
                                        }
                                } else if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreSession::class)) {
                                        $att = 'disabled';
                                } else {
                                        $att = '';
                                }
                                $out['text'] .= '<div><input '.$att.' type="checkbox" value="1" id="remember_me_ldap" name="remember_me_ldap"> <label for="remember_me_ldap">'._L('Remember me').'</label></div>';
                        }
                        $out['text'] .= '<br><input type="submit" value="'._L('Login').'"><br><br>';
                        $out['text'] .= '</form>';
 
                        $invitePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.2.92'); // OIDplusPageRaInvite
                        $out['text'] .= '<p><abbr title="'._L('You don\'t need to register. Just enter your Windows/Company credentials.').'">'._L('How to register?').'</abbr></p>';
 
                        $mins = ceil(OIDplus::baseConfig()->getValue('SESSION_LIFETIME', 30*60)/60);
                        $out['text'] .= '<p><font size="-1">'._L('<i>Privacy information</i>: By using the login functionality, you are accepting that a "session cookie" is temporarily stored in your browser. The session cookie is a small text file that is sent to this website every time you visit it, to identify you as an already logged in user. It does not track any of your online activities outside OIDplus. The cookie will be destroyed when you log out or after an inactivity of %1 minutes (except if the "Remember me" option is used).', $mins);
                        $privacy_document_file = 'OIDplus/privacy_documentation.html';
                        $resourcePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.1.500'); // OIDplusPagePublicResources
                        if (!is_null($resourcePlugin) && file_exists(OIDplus::localpath().'res/'.$privacy_document_file)) {
                                $out['text'] .= ' <a '.OIDplus::gui()->link('oidplus:resources$'.$privacy_document_file.'#cookies').'>'._L('More information about the cookies used').'</a>';
                        }
                        $out['text'] .= '</font></p></div>';
 
                        $out['text'] .= '<script>$("#loginLdapArea")[0].style.visibility = "visible";</script>';
                }
        }
 
        /**
         * @param array $out
         * @return void
         */
        public function publicSitemap(array &$out) {
                $out[] = 'oidplus:login_ldap';
        }
 
        /**
         * @param array $json
         * @param string|null $ra_email
         * @param bool $nonjs
         * @param string $req_goto
         * @return bool
         */
        public function tree(array &$json, string $ra_email=null, bool $nonjs=false, string $req_goto=''): bool {
                return true;
        }
 
        /**
         * @param string $request
         * @return array|false
         */
        public function tree_search(string $request) {
                return false;
        }
 
        /**
         * Implements interface INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_5
         * @return array
         * @throws OIDplusException
         */
        public function alternativeLoginMethods(): array {
                $logins = array();
                if (OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {
                        $logins[] = array(
                                'oidplus:login_ldap',
                                _L('Login using LDAP / ActiveDirectory'),
                                OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon16.png'
                        );
                }
                return $logins;
        }
 
        /**
         * Implements interface INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_8
         * @param string|null $user
         * @return array
         * @throws OIDplusException
         */
        public function getNotifications(string $user=null): array {
                $notifications = array();
                if ((!$user || ($user == 'admin')) && OIDplus::authUtils()->isAdminLoggedIn()) {
                        if (OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {
                                if (!function_exists('ldap_connect')) {
                                        $title = _L('LDAP Login');
                                        $notifications[] = array('ERR', _L('OIDplus plugin "%1" is enabled, but the required PHP extension "%2" is not installed.', htmlentities($title), 'php_ldap'));
                                }
                        }
                }
                return $notifications;
        }
 
}
 

Rev 1131	Rev 1143
1	<?php	1	<?php
2		2
3	/*	3	/*
4	* OIDplus 2.0	4	* OIDplus 2.0
5	* Copyright 2019 - 2023 Daniel Marschall, ViaThinkSoft	5	* Copyright 2019 - 2023 Daniel Marschall, ViaThinkSoft
6	*	6	*
7	* Licensed under the Apache License, Version 2.0 (the "License");	7	* Licensed under the Apache License, Version 2.0 (the "License");
8	* you may not use this file except in compliance with the License.	8	* you may not use this file except in compliance with the License.
9	* You may obtain a copy of the License at	9	* You may obtain a copy of the License at
10	*	10	*
11	* http://www.apache.org/licenses/LICENSE-2.0	11	* http://www.apache.org/licenses/LICENSE-2.0
12	*	12	*
13	* Unless required by applicable law or agreed to in writing, software	13	* Unless required by applicable law or agreed to in writing, software
14	* distributed under the License is distributed on an "AS IS" BASIS,	14	* distributed under the License is distributed on an "AS IS" BASIS,
15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.	15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16	* See the License for the specific language governing permissions and	16	* See the License for the specific language governing permissions and
17	* limitations under the License.	17	* limitations under the License.
18	*/	18	*/
19		19
20	namespace ViaThinkSoft\OIDplus;	20	namespace ViaThinkSoft\OIDplus;
21		21
22	// phpcs:disable PSR1.Files.SideEffects	22	// phpcs:disable PSR1.Files.SideEffects
23	\defined('INSIDE_OIDPLUS') or die;	23	\defined('INSIDE_OIDPLUS') or die;
24	// phpcs:enable PSR1.Files.SideEffects	24	// phpcs:enable PSR1.Files.SideEffects
25		25
26	class OIDplusPagePublicLoginLdap extends OIDplusPagePluginPublic	26	class OIDplusPagePublicLoginLdap extends OIDplusPagePluginPublic
27	implements INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_5, /* alternativeLoginMethods */	27	implements INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_5, /* alternativeLoginMethods */
28	INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_8 /* getNotifications */	28	INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_8 /* getNotifications */
29	{	29	{
30		30
31	/**	31	/**
32	* @param OIDplusRA $ra	32	* @param OIDplusRA $ra
33	* @param array $ldap_userinfo	33	* @param array $ldap_userinfo
34	* @return void	34	* @return void
35	* @throws OIDplusException	35	* @throws OIDplusException
36	*/	36	*/
37	private function registerRA(OIDplusRA $ra, array $ldap_userinfo) {	37	private function registerRA(OIDplusRA $ra, array $ldap_userinfo) {
38	$email = $ra->raEmail();	38	$email = $ra->raEmail();
39		39
40	$ra->register_ra(null); // create a user account without password	40	$ra->register_ra(null); // create a user account without password
41		41
42	/*	42	/*
43	OIDplus DB Field ActiveDirectory field	43	OIDplus DB Field ActiveDirectory field
44	------------------------------------------------	44	------------------------------------------------
45	ra_name cn	45	ra_name cn
46	personal_name displayname (or: givenname + " " + sn)	46	personal_name displayname (or: givenname + " " + sn)
47	organization company	47	organization company
48	office physicaldeliveryofficename or department	48	office physicaldeliveryofficename or department
49	street streetaddress	49	street streetaddress
50	zip_town postalcode + " " + l	50	zip_town postalcode + " " + l
51	country co (human-readable) or c (ISO country code)	51	country co (human-readable) or c (ISO country code)
52	phone telephonenumber or homephone	52	phone telephonenumber or homephone
53	mobile mobile	53	mobile mobile
54	fax facsimiletelephonenumber	54	fax facsimiletelephonenumber
55	(none) wwwhomepage	55	(none) wwwhomepage
56	*/	56	*/
57		57
58	$opuserdata = array();	58	$opuserdata = array();
59	$opuserdata['ra_name'] = \VtsLDAPUtils::getString($ldap_userinfo,'cn');	59	$opuserdata['ra_name'] = \VtsLDAPUtils::getString($ldap_userinfo,'cn');
60	if (!empty(\VtsLDAPUtils::getString($ldap_userinfo,'displayname'))) {	60	if (!empty(\VtsLDAPUtils::getString($ldap_userinfo,'displayname'))) {
61	$opuserdata['personal_name'] = \VtsLDAPUtils::getString($ldap_userinfo,'displayname');	61	$opuserdata['personal_name'] = \VtsLDAPUtils::getString($ldap_userinfo,'displayname');
62	} else {	62	} else {
63	$opuserdata['personal_name'] = trim(\VtsLDAPUtils::getString($ldap_userinfo,'givenname').' '.\VtsLDAPUtils::getString($ldap_userinfo,'sn'));	63	$opuserdata['personal_name'] = trim(\VtsLDAPUtils::getString($ldap_userinfo,'givenname').' '.\VtsLDAPUtils::getString($ldap_userinfo,'sn'));
64	}	64	}
65	$opuserdata['organization'] = \VtsLDAPUtils::getString($ldap_userinfo,'company');	65	$opuserdata['organization'] = \VtsLDAPUtils::getString($ldap_userinfo,'company');
66	if (!empty(\VtsLDAPUtils::getString($ldap_userinfo,'physicaldeliveryofficename'))) {	66	if (!empty(\VtsLDAPUtils::getString($ldap_userinfo,'physicaldeliveryofficename'))) {
67	$opuserdata['office'] = \VtsLDAPUtils::getString($ldap_userinfo,'physicaldeliveryofficename');	67	$opuserdata['office'] = \VtsLDAPUtils::getString($ldap_userinfo,'physicaldeliveryofficename');
68	} else {	68	} else {
69	$opuserdata['office'] = \VtsLDAPUtils::getString($ldap_userinfo,'department');	69	$opuserdata['office'] = \VtsLDAPUtils::getString($ldap_userinfo,'department');
70	}	70	}
71	$opuserdata['street'] = \VtsLDAPUtils::getString($ldap_userinfo,'streetaddress');	71	$opuserdata['street'] = \VtsLDAPUtils::getString($ldap_userinfo,'streetaddress');
72	$opuserdata['zip_town'] = trim(\VtsLDAPUtils::getString($ldap_userinfo,'postalcode').' '.\VtsLDAPUtils::getString($ldap_userinfo,'l'));	72	$opuserdata['zip_town'] = trim(\VtsLDAPUtils::getString($ldap_userinfo,'postalcode').' '.\VtsLDAPUtils::getString($ldap_userinfo,'l'));
73	$opuserdata['country'] = \VtsLDAPUtils::getString($ldap_userinfo,'co'); // ISO country code: \VtsLDAPUtils::getString($ldap_userinfo,'c')	73	$opuserdata['country'] = \VtsLDAPUtils::getString($ldap_userinfo,'co'); // ISO country code: \VtsLDAPUtils::getString($ldap_userinfo,'c')
74	$opuserdata['phone'] = \VtsLDAPUtils::getString($ldap_userinfo,'telephonenumber'); // homephone for private phone number	74	$opuserdata['phone'] = \VtsLDAPUtils::getString($ldap_userinfo,'telephonenumber'); // homephone for private phone number
75	$opuserdata['mobile'] = \VtsLDAPUtils::getString($ldap_userinfo,'mobile');	75	$opuserdata['mobile'] = \VtsLDAPUtils::getString($ldap_userinfo,'mobile');
76	$opuserdata['fax'] = \VtsLDAPUtils::getString($ldap_userinfo,'facsimiletelephonenumber');	76	$opuserdata['fax'] = \VtsLDAPUtils::getString($ldap_userinfo,'facsimiletelephonenumber');
77		77
78	foreach ($opuserdata as $dbfield => $val) {	78	foreach ($opuserdata as $dbfield => $val) {
79	if (!empty($val)) {	79	if (!empty($val)) {
80	OIDplus::db()->query("update ###ra set ".$dbfield." = ? where email = ?", array($val, $email));	80	OIDplus::db()->query("update ###ra set ".$dbfield." = ? where email = ?", array($val, $email));
81	}	81	}
82	}	82	}
83	}	83	}
84		84
85	/**	85	/**
86	* @param bool $remember_me	86	* @param bool $remember_me
87	* @param string $email	87	* @param string $email
88	* @param array $ldap_userinfo	88	* @param array $ldap_userinfo
89	* @return void	89	* @return void
90	* @throws OIDplusException	90	* @throws OIDplusException
91	*/	91	*/
92	private function doLoginRA(bool $remember_me, string $email, array $ldap_userinfo) {	92	private function doLoginRA(bool $remember_me, string $email, array $ldap_userinfo) {
93	$ra = new OIDplusRA($email);	93	$ra = new OIDplusRA($email);
94	if (!$ra->existing()) {	94	if (!$ra->existing()) {
95	$this->registerRA($ra, $ldap_userinfo);	95	$this->registerRA($ra, $ldap_userinfo);
96	OIDplus::logger()->log("[INFO]RA($email)!", "RA '$email' was created because of successful LDAP login");	96	OIDplus::logger()->log("[INFO]RA($email)!", "RA '$email' was created because of successful LDAP login");
97	}	97	}
98		98
99	OIDplus::authUtils()->raLoginEx($email, $remember_me, 'LDAP');	99	OIDplus::authUtils()->raLoginEx($email, $remember_me, 'LDAP');
100		100
101	OIDplus::db()->query("UPDATE ###ra set last_login = ".OIDplus::db()->sqlDate()." where email = ?", array($email));	101	OIDplus::db()->query("UPDATE ###ra set last_login = ".OIDplus::db()->sqlDate()." where email = ?", array($email));
102	}	102	}
103		103
104	/**	104	/**
105	* @param string $upn	105	* @param string $upn
106	* @return int	106	* @return int
107	* @throws OIDplusException	107	* @throws OIDplusException
108	*/	108	*/
109	private function getDomainNumber(string $upn): int {	109	private function getDomainNumber(string $upn): int {
110	$numDomains = OIDplus::baseConfig()->getValue('LDAP_NUM_DOMAINS', 1);	110	$numDomains = OIDplus::baseConfig()->getValue('LDAP_NUM_DOMAINS', 1);
111	for ($i=1; $i<=$numDomains; $i++) {	111	for ($i=1; $i<=$numDomains; $i++) {
112	$cfgSuffix = $i == 1 ? '' : "__$i";	112	$cfgSuffix = $i == 1 ? '' : "__$i";
113	$upnSuffix = OIDplus::baseConfig()->getValue('LDAP_UPN_SUFFIX'.$cfgSuffix, '');	113	$upnSuffix = OIDplus::baseConfig()->getValue('LDAP_UPN_SUFFIX'.$cfgSuffix, '');
114	if (str_ends_with($upn, $upnSuffix)) return $i;	114	if (str_ends_with($upn, $upnSuffix)) return $i;
115	}	115	}
116	return -1;	116	return -1;
117	}	117	}
118		118
119	/**	119	/**
120	* @param string $actionID	120	* @param string $actionID
121	* @param array $params	121	* @param array $params
122	* @return int[]	122	* @return array
123	* @throws OIDplusConfigInitializationException	123	* @throws OIDplusConfigInitializationException
124	* @throws OIDplusException	124	* @throws OIDplusException
125	*/	125	*/
126	public function action(string $actionID, array $params): array {	126	public function action(string $actionID, array $params): array {
127	if ($actionID == 'ra_login_ldap') {	127	if ($actionID == 'ra_login_ldap') {
128	if (!OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {	128	if (!OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {
129	throw new OIDplusException(_L('LDAP authentication is disabled on this system.'));	129	throw new OIDplusException(_L('LDAP authentication is disabled on this system.'));
130	}	130	}
131		131
132	if (!function_exists('ldap_connect')) throw new OIDplusConfigInitializationException(_L('PHP extension "%1" not installed','LDAP'));	132	if (!function_exists('ldap_connect')) throw new OIDplusConfigInitializationException(_L('PHP extension "%1" not installed','LDAP'));
133		133
134	OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha');	134	OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha');
135		135
136	_CheckParamExists($params, 'email');	136	_CheckParamExists($params, 'email');
137	_CheckParamExists($params, 'password');	137	_CheckParamExists($params, 'password');
138		138
139	$upn = $params['email'];	139	$upn = $params['email'];
140	$password = $params['password'];	140	$password = $params['password'];
141		141
142	$domainNumber = $this->getDomainNumber($upn);	142	$domainNumber = $this->getDomainNumber($upn);
143	if ($domainNumber <= 0) {	143	if ($domainNumber <= 0) {
144	throw new OIDplusException(_L('The server is not configured to handle this domain (the part behind the at-sign)'));	144	throw new OIDplusException(_L('The server is not configured to handle this domain (the part behind the at-sign)'));
145	}	145	}
146	$cfgSuffix = $domainNumber == 1 ? '' : "__$domainNumber";	146	$cfgSuffix = $domainNumber == 1 ? '' : "__$domainNumber";
147		147
148	if (empty($upn)) {	148	if (empty($upn)) {
149	throw new OIDplusException(_L('Please enter a valid username'));	149	throw new OIDplusException(_L('Please enter a valid username'));
150	}	150	}
151		151
152	$ldap = new \VtsLDAPUtils();	152	$ldap = new \VtsLDAPUtils();
153		153
154	try {	154	try {
155		155
156	$cfg_ldap_server = OIDplus::baseConfig()->getValue('LDAP_SERVER'.$cfgSuffix);	156	$cfg_ldap_server = OIDplus::baseConfig()->getValue('LDAP_SERVER'.$cfgSuffix);
157	$cfg_ldap_port = OIDplus::baseConfig()->getValue('LDAP_PORT'.$cfgSuffix, 389);	157	$cfg_ldap_port = OIDplus::baseConfig()->getValue('LDAP_PORT'.$cfgSuffix, 389);
158	$cfg_ldap_base_dn = OIDplus::baseConfig()->getValue('LDAP_BASE_DN'.$cfgSuffix);	158	$cfg_ldap_base_dn = OIDplus::baseConfig()->getValue('LDAP_BASE_DN'.$cfgSuffix);
159		159
160	// Note: Will throw an Exception if connect fails	160	// Note: Will throw an Exception if connect fails
161	$ldap->connect($cfg_ldap_server, $cfg_ldap_port);	161	$ldap->connect($cfg_ldap_server, $cfg_ldap_port);
162		162
163	if (!$ldap->login($upn, $password)) {	163	if (!$ldap->login($upn, $password)) {
164	if (OIDplus::config()->getValue('log_failed_ra_logins', false)) {	164	if (OIDplus::config()->getValue('log_failed_ra_logins', false)) {
165	OIDplus::logger()->log("[WARN]A!", "Failed login to RA account '$upn' using LDAP");	165	OIDplus::logger()->log("[WARN]A!", "Failed login to RA account '$upn' using LDAP");
166	}	166	}
167	throw new OIDplusException(_L('Wrong password or user not registered'));	167	throw new OIDplusException(_L('Wrong password or user not registered'));
168	}	168	}
169		169
170	$ldap_userinfo = $ldap->getUserInfo($upn, $cfg_ldap_base_dn);	170	$ldap_userinfo = $ldap->getUserInfo($upn, $cfg_ldap_base_dn);
171		171
172	if (!$ldap_userinfo) {	172	if (!$ldap_userinfo) {
173	throw new OIDplusException(_L('The LDAP login was successful, but the own user %1 cannot be found. Please check the base configuration setting %2 and %3', $upn, "LDAP_BASE_DN$cfgSuffix", "LDAP_UPN_SUFFIX$cfgSuffix"));	173	throw new OIDplusException(_L('The LDAP login was successful, but the own user %1 cannot be found. Please check the base configuration setting %2 and %3', $upn, "LDAP_BASE_DN$cfgSuffix", "LDAP_UPN_SUFFIX$cfgSuffix"));
174	}	174	}
175		175
176	$foundSomething = false;	176	$foundSomething = false;
177		177
178	// ---	178	// ---
179		179
180	$cfgAdminGroup = OIDplus::baseConfig()->getValue('LDAP_ADMIN_GROUP'.$cfgSuffix,'');	180	$cfgAdminGroup = OIDplus::baseConfig()->getValue('LDAP_ADMIN_GROUP'.$cfgSuffix,'');
181	if (!empty($cfgAdminGroup)) {	181	if (!empty($cfgAdminGroup)) {
182	$isAdmin = $ldap->isMemberOfRec($ldap_userinfo, $cfgAdminGroup);	182	$isAdmin = $ldap->isMemberOfRec($ldap_userinfo, $cfgAdminGroup);
183	} else {	183	} else {
184	$isAdmin = false;	184	$isAdmin = false;
185	}	185	}
186	if ($isAdmin) {	186	if ($isAdmin) {
187	$foundSomething = true;	187	$foundSomething = true;
188	$remember_me = isset($params['remember_me']) && ($params['remember_me']);	188	$remember_me = isset($params['remember_me']) && ($params['remember_me']);
189	OIDplus::authUtils()->adminLoginEx($remember_me, 'LDAP login');	189	OIDplus::authUtils()->adminLoginEx($remember_me, 'LDAP login');
190	}	190	}
191		191
192	// ---	192	// ---
193		193
194	$cfgRaGroup = OIDplus::baseConfig()->getValue('LDAP_RA_GROUP'.$cfgSuffix,'');	194	$cfgRaGroup = OIDplus::baseConfig()->getValue('LDAP_RA_GROUP'.$cfgSuffix,'');
195	if (!empty($cfgRaGroup)) {	195	if (!empty($cfgRaGroup)) {
196	$isRA = $ldap->isMemberOfRec($ldap_userinfo, $cfgRaGroup);	196	$isRA = $ldap->isMemberOfRec($ldap_userinfo, $cfgRaGroup);
197	} else {	197	} else {
198	$isRA = true;	198	$isRA = true;
199	}	199	}
200	if ($isRA) {	200	if ($isRA) {
201	if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_UPN'.$cfgSuffix,true)) {	201	if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_UPN'.$cfgSuffix,true)) {
202	$mail = \VtsLDAPUtils::getString($ldap_userinfo, 'userprincipalname');	202	$mail = \VtsLDAPUtils::getString($ldap_userinfo, 'userprincipalname');
203	$foundSomething = true;	203	$foundSomething = true;
204	$remember_me = isset($params['remember_me']) && ($params['remember_me']);	204	$remember_me = isset($params['remember_me']) && ($params['remember_me']);
205	$this->doLoginRA($remember_me, $mail, $ldap_userinfo);	205	$this->doLoginRA($remember_me, $mail, $ldap_userinfo);
206	}	206	}
207	if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_EMAIL'.$cfgSuffix,false)) {	207	if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_EMAIL'.$cfgSuffix,false)) {
208	$mails = \VtsLDAPUtils::getArray($ldap_userinfo, 'mail');	208	$mails = \VtsLDAPUtils::getArray($ldap_userinfo, 'mail');
209	foreach ($mails as $mail) {	209	foreach ($mails as $mail) {
210	$foundSomething = true;	210	$foundSomething = true;
211	$remember_me = isset($params['remember_me']) && ($params['remember_me']);	211	$remember_me = isset($params['remember_me']) && ($params['remember_me']);
212	$this->doLoginRA($remember_me, $mail, $ldap_userinfo);	212	$this->doLoginRA($remember_me, $mail, $ldap_userinfo);
213	}	213	}
214	}	214	}
215	}	215	}
216		216
217	} finally {	217	} finally {
218	$ldap->disconnect();	218	$ldap->disconnect();
219	$ldap = null;	219	$ldap = null;
220	}	220	}
221		221
222	if (!$foundSomething) {	222	if (!$foundSomething) {
223	throw new OIDplusException(_L("Error: These credentials cannot be used with OIDplus. Please check the base configuration."));	223	throw new OIDplusException(_L("Error: These credentials cannot be used with OIDplus. Please check the base configuration."));
224	}	224	}
225		225
226	return array("status" => 0);	226	return array("status" => 0);
227	} else {	227	} else {
228	return parent::action($actionID, $params);	228	return parent::action($actionID, $params);
229	}	229	}
230	}	230	}
231		231
232	/**	232	/**
233	* @param bool $html	233	* @param bool $html
234	* @return void	234	* @return void
235	*/	235	*/
236	public function init(bool $html=true) {	236	public function init(bool $html=true) {
237	// Nothing	237	// Nothing
238	}	238	}
239		239
240	/**	240	/**
241	* @param string $id	241	* @param string $id
242	* @param array $out	242	* @param array $out
243	* @param bool $handled	243	* @param bool $handled
244	* @return void	244	* @return void
245	* @throws OIDplusException	245	* @throws OIDplusException
246	*/	246	*/
247	public function gui(string $id, array &$out, bool &$handled) {	247	public function gui(string $id, array &$out, bool &$handled) {
248	if ($id === 'oidplus:login_ldap') {	248	if ($id === 'oidplus:login_ldap') {
249	$handled = true;	249	$handled = true;
250	$out['title'] = _L('Login using LDAP / ActiveDirectory');	250	$out['title'] = _L('Login using LDAP / ActiveDirectory');
251	$out['icon'] = OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon.png';	251	$out['icon'] = OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon.png';
252		252
253	if (!OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {	253	if (!OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {
254	$out['icon'] = 'img/error.png';	254	$out['icon'] = 'img/error.png';
255	$out['text'] = _L('LDAP authentication is disabled on this system.');	255	$out['text'] = _L('LDAP authentication is disabled on this system.');
256	return;	256	return;
257	}	257	}
258		258
259	if (!function_exists('ldap_connect')) {	259	if (!function_exists('ldap_connect')) {
260	$out['icon'] = 'img/error.png';	260	$out['icon'] = 'img/error.png';
261	$out['text'] = _L('PHP extension "%1" not installed','LDAP');	261	$out['text'] = _L('PHP extension "%1" not installed','LDAP');
262	return;	262	return;
263	}	263	}
264		264
265	$out['text'] = '<noscript>';	265	$out['text'] = '<noscript>';
266	$out['text'] .= '<p>'._L('You need to enable JavaScript to use the login area.').'</p>';	266	$out['text'] .= '<p>'._L('You need to enable JavaScript to use the login area.').'</p>';
267	$out['text'] .= '</noscript>';	267	$out['text'] .= '</noscript>';
268		268
269	$out['text'] .= '<div id="loginLdapArea" style="visibility: hidden">';	269	$out['text'] .= '<div id="loginLdapArea" style="visibility: hidden">';
270		270
271	$out['text'] .= OIDplus::getActiveCaptchaPlugin()->captchaGenerate(_L('Before logging in, please solve the following CAPTCHA'));	271	$out['text'] .= OIDplus::getActiveCaptchaPlugin()->captchaGenerate(_L('Before logging in, please solve the following CAPTCHA'));
272	$out['text'] .= '<br>';	272	$out['text'] .= '<br>';
273		273
274	$out['text'] .= '<p><a '.OIDplus::gui()->link('oidplus:login').'><img src="img/arrow_back.png" width="16" alt="'._L('Go back').'"> '._L('Regular login method').'</a></p>';	274	$out['text'] .= '<p><a '.OIDplus::gui()->link('oidplus:login').'><img src="img/arrow_back.png" width="16" alt="'._L('Go back').'"> '._L('Regular login method').'</a></p>';
275		275
276	$out['text'] .= '<h2>'._L('Login as RA').'</h2>';	276	$out['text'] .= '<h2>'._L('Login as RA').'</h2>';
277		277
278	$login_list = OIDplus::authUtils()->loggedInRaList();	278	$login_list = OIDplus::authUtils()->loggedInRaList();
279	if (count($login_list) > 0) {	279	if (count($login_list) > 0) {
280	foreach ($login_list as $x) {	280	foreach ($login_list as $x) {
281	$out['text'] .= '<p>'._L('You are logged in as %1','<b>'.$x->raEmail().'</b>').' (<a href="#" onclick="return OIDplusPagePublicLogin.raLogout('.js_escape($x->raEmail()).');">'._L('Logout').'</a>)</p>';	281	$out['text'] .= '<p>'._L('You are logged in as %1','<b>'.$x->raEmail().'</b>').' (<a href="#" onclick="return OIDplusPagePublicLogin.raLogout('.js_escape($x->raEmail()).');">'._L('Logout').'</a>)</p>';
282	}	282	}
283	$out['text'] .= '<p>'._L('If you have more accounts, you can log in with another account here.').'</p>';	283	$out['text'] .= '<p>'._L('If you have more accounts, you can log in with another account here.').'</p>';
284	} else {	284	} else {
285	$out['text'] .= '<p>'._L('Enter your domain username and your password to log in as Registration Authority.').'</p>';	285	$out['text'] .= '<p>'._L('Enter your domain username and your password to log in as Registration Authority.').'</p>';
286	}	286	}
287	$out['text'] .= '<form onsubmit="return OIDplusPagePublicLoginLDAP.raLoginLdapOnSubmit(this);">';	287	$out['text'] .= '<form onsubmit="return OIDplusPagePublicLoginLDAP.raLoginLdapOnSubmit(this);">';
288	$out['text'] .= '<div><label class="padding_label">'._L('Username').':</label><input type="text" name="username" value="" id="raLoginLdapUsername">';	288	$out['text'] .= '<div><label class="padding_label">'._L('Username').':</label><input type="text" name="username" value="" id="raLoginLdapUsername">';
289	$out['text'] .= '  ';	289	$out['text'] .= '  ';
290	$out['text'] .= '<select id="ldapUpnSuffix" name="upnSuffix">';	290	$out['text'] .= '<select id="ldapUpnSuffix" name="upnSuffix">';
291		291
292	$numDomains = OIDplus::baseConfig()->getValue('LDAP_NUM_DOMAINS', 1);	292	$numDomains = OIDplus::baseConfig()->getValue('LDAP_NUM_DOMAINS', 1);
293	for ($i=1; $i<=$numDomains; $i++) {	293	for ($i=1; $i<=$numDomains; $i++) {
294	$cfgSuffix = $i == 1 ? '' : "__$i";	294	$cfgSuffix = $i == 1 ? '' : "__$i";
295	$upnSuffix = OIDplus::baseConfig()->getValue('LDAP_UPN_SUFFIX'.$cfgSuffix, '');	295	$upnSuffix = OIDplus::baseConfig()->getValue('LDAP_UPN_SUFFIX'.$cfgSuffix, '');
296	if ($upnSuffix == '') throw new OIDplusException(_L('Invalid base configuration setting: %1 is missing or empty', 'LDAP_UPN_SUFFIX'.$cfgSuffix));	296	if ($upnSuffix == '') throw new OIDplusException(_L('Invalid base configuration setting: %1 is missing or empty', 'LDAP_UPN_SUFFIX'.$cfgSuffix));
297	$out['text'] .= '<option value="'.htmlentities($upnSuffix).'">'.htmlentities($upnSuffix).'</option>';	297	$out['text'] .= '<option value="'.htmlentities($upnSuffix).'">'.htmlentities($upnSuffix).'</option>';
298	}	298	}
299		299
300	$out['text'] .= '</select>';	300	$out['text'] .= '</select>';
301	$out['text'] .= '</div>';	301	$out['text'] .= '</div>';
302	$out['text'] .= '<div><label class="padding_label">'._L('Password').':</label><input type="password" name="password" value="" id="raLoginLdapPassword"></div>';	302	$out['text'] .= '<div><label class="padding_label">'._L('Password').':</label><input type="password" name="password" value="" id="raLoginLdapPassword"></div>';
303	if (OIDplus::baseConfig()->getValue('JWT_ALLOW_LOGIN_USER', true)) {	303	if (OIDplus::baseConfig()->getValue('JWT_ALLOW_LOGIN_USER', true)) {
304	if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreJWT::class)) {	304	if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreJWT::class)) {
305	if (OIDplus::authUtils()->getExtendedAttribute('oidplus_generator',-1) === OIDplusAuthContentStoreJWT::JWT_GENERATOR_LOGIN) {	305	if (OIDplus::authUtils()->getExtendedAttribute('oidplus_generator',-1) === OIDplusAuthContentStoreJWT::JWT_GENERATOR_LOGIN) {
306	$att = 'disabled checked';	306	$att = 'disabled checked';
307	} else {	307	} else {
308	$att = 'disabled';	308	$att = 'disabled';
309	}	309	}
310	} else if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreSession::class)) {	310	} else if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreSession::class)) {
311	$att = 'disabled';	311	$att = 'disabled';
312	} else {	312	} else {
313	$att = '';	313	$att = '';
314	}	314	}
315	$out['text'] .= '<div><input '.$att.' type="checkbox" value="1" id="remember_me_ldap" name="remember_me_ldap"> <label for="remember_me_ldap">'._L('Remember me').'</label></div>';	315	$out['text'] .= '<div><input '.$att.' type="checkbox" value="1" id="remember_me_ldap" name="remember_me_ldap"> <label for="remember_me_ldap">'._L('Remember me').'</label></div>';
316	}	316	}
317	$out['text'] .= '<br><input type="submit" value="'._L('Login').'"><br><br>';	317	$out['text'] .= '<br><input type="submit" value="'._L('Login').'"><br><br>';
318	$out['text'] .= '</form>';	318	$out['text'] .= '</form>';
319		319
320	$invitePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.2.92'); // OIDplusPageRaInvite	320	$invitePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.2.92'); // OIDplusPageRaInvite
321	$out['text'] .= '<p><abbr title="'._L('You don\'t need to register. Just enter your Windows/Company credentials.').'">'._L('How to register?').'</abbr></p>';	321	$out['text'] .= '<p><abbr title="'._L('You don\'t need to register. Just enter your Windows/Company credentials.').'">'._L('How to register?').'</abbr></p>';
322		322
323	$mins = ceil(OIDplus::baseConfig()->getValue('SESSION_LIFETIME', 30*60)/60);	323	$mins = ceil(OIDplus::baseConfig()->getValue('SESSION_LIFETIME', 30*60)/60);
324	$out['text'] .= '<p><font size="-1">'._L('<i>Privacy information</i>: By using the login functionality, you are accepting that a "session cookie" is temporarily stored in your browser. The session cookie is a small text file that is sent to this website every time you visit it, to identify you as an already logged in user. It does not track any of your online activities outside OIDplus. The cookie will be destroyed when you log out or after an inactivity of %1 minutes (except if the "Remember me" option is used).', $mins);	324	$out['text'] .= '<p><font size="-1">'._L('<i>Privacy information</i>: By using the login functionality, you are accepting that a "session cookie" is temporarily stored in your browser. The session cookie is a small text file that is sent to this website every time you visit it, to identify you as an already logged in user. It does not track any of your online activities outside OIDplus. The cookie will be destroyed when you log out or after an inactivity of %1 minutes (except if the "Remember me" option is used).', $mins);
325	$privacy_document_file = 'OIDplus/privacy_documentation.html';	325	$privacy_document_file = 'OIDplus/privacy_documentation.html';
326	$resourcePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.1.500'); // OIDplusPagePublicResources	326	$resourcePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.1.500'); // OIDplusPagePublicResources
327	if (!is_null($resourcePlugin) && file_exists(OIDplus::localpath().'res/'.$privacy_document_file)) {	327	if (!is_null($resourcePlugin) && file_exists(OIDplus::localpath().'res/'.$privacy_document_file)) {
328	$out['text'] .= ' <a '.OIDplus::gui()->link('oidplus:resources$'.$privacy_document_file.'#cookies').'>'._L('More information about the cookies used').'</a>';	328	$out['text'] .= ' <a '.OIDplus::gui()->link('oidplus:resources$'.$privacy_document_file.'#cookies').'>'._L('More information about the cookies used').'</a>';
329	}	329	}
330	$out['text'] .= '</font></p></div>';	330	$out['text'] .= '</font></p></div>';
331		331
332	$out['text'] .= '<script>$("#loginLdapArea")[0].style.visibility = "visible";</script>';	332	$out['text'] .= '<script>$("#loginLdapArea")[0].style.visibility = "visible";</script>';
333	}	333	}
334	}	334	}
335		335
336	/**	336	/**
337	* @param array $out	337	* @param array $out
338	* @return void	338	* @return void
339	*/	339	*/
340	public function publicSitemap(array &$out) {	340	public function publicSitemap(array &$out) {
341	$out[] = 'oidplus:login_ldap';	341	$out[] = 'oidplus:login_ldap';
342	}	342	}
343		343
344	/**	344	/**
345	* @param array $json	345	* @param array $json
346	* @param string\|null $ra_email	346	* @param string\|null $ra_email
347	* @param bool $nonjs	347	* @param bool $nonjs
348	* @param string $req_goto	348	* @param string $req_goto
349	* @return bool	349	* @return bool
350	*/	350	*/
351	public function tree(array &$json, string $ra_email=null, bool $nonjs=false, string $req_goto=''): bool {	351	public function tree(array &$json, string $ra_email=null, bool $nonjs=false, string $req_goto=''): bool {
352	return true;	352	return true;
353	}	353	}
354		354
355	/**	355	/**
356	* @param string $request	356	* @param string $request
357	* @return array\|false	357	* @return array\|false
358	*/	358	*/
359	public function tree_search(string $request) {	359	public function tree_search(string $request) {
360	return false;	360	return false;
361	}	361	}
362		362
363	/**	363	/**
364	* Implements interface INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_5	364	* Implements interface INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_5
365	* @return array	365	* @return array
366	* @throws OIDplusException	366	* @throws OIDplusException
367	*/	367	*/
368	public function alternativeLoginMethods(): array {	368	public function alternativeLoginMethods(): array {
369	$logins = array();	369	$logins = array();
370	if (OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {	370	if (OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {
371	$logins[] = array(	371	$logins[] = array(
372	'oidplus:login_ldap',	372	'oidplus:login_ldap',
373	_L('Login using LDAP / ActiveDirectory'),	373	_L('Login using LDAP / ActiveDirectory'),
374	OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon16.png'	374	OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon16.png'
375	);	375	);
376	}	376	}
377	return $logins;	377	return $logins;
378	}	378	}
379		379
380	/**	380	/**
381	* Implements interface INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_8	381	* Implements interface INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_8
382	* @param string\|null $user	382	* @param string\|null $user
383	* @return array	383	* @return array
384	* @throws OIDplusException	384	* @throws OIDplusException
385	*/	385	*/
386	public function getNotifications(string $user=null): array {	386	public function getNotifications(string $user=null): array {
387	$notifications = array();	387	$notifications = array();
388	if ((!$user \|\| ($user == 'admin')) && OIDplus::authUtils()->isAdminLoggedIn()) {	388	if ((!$user \|\| ($user == 'admin')) && OIDplus::authUtils()->isAdminLoggedIn()) {
389	if (OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {	389	if (OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {
390	if (!function_exists('ldap_connect')) {	390	if (!function_exists('ldap_connect')) {
391	$title = _L('LDAP Login');	391	$title = _L('LDAP Login');
392	$notifications[] = array('ERR', _L('OIDplus plugin "%1" is enabled, but the required PHP extension "%2" is not installed.', htmlentities($title), 'php_ldap'));	392	$notifications[] = array('ERR', _L('OIDplus plugin "%1" is enabled, but the required PHP extension "%2" is not installed.', htmlentities($title), 'php_ldap'));
393	}	393	}
394	}	394	}
395	}	395	}
396	return $notifications;	396	return $notifications;
397	}	397	}
398		398
399	}	399	}
400		400

Subversion Repositories oidplus

oidplus/trunk/plugins/viathinksoft/publicPages/800_login_ldap/OIDplusPagePublicLoginLDAP.class.php – Rev 1131 → 1143