WebSVN – oidplus – Diff – /trunk/plugins/viathinksoft/publicPages/800_login_ldap/OIDplusPagePublicLoginLDAP.class.php


<?php
 
/*
 * OIDplus 2.0
 * Copyright 2019 - 2023 Daniel Marschall, ViaThinkSoft
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 
namespace ViaThinkSoft\OIDplus;
 
// phpcs:disable PSR1.Files.SideEffects
\defined('INSIDE_OIDPLUS') or die;
// phpcs:enable PSR1.Files.SideEffects
 
class OIDplusPagePublicLoginLdap extends OIDplusPagePluginPublic
        implements INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_5, /* alternativeLoginMethods */
                   INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_8  /* getNotifications */
{
 
        /**
         * @param OIDplusRA $ra
         * @param array $ldap_userinfo
         * @return void
         * @throws OIDplusException
         */
        private function registerRA(OIDplusRA $ra, array $ldap_userinfo) {
                $email = $ra->raEmail();
 
                $ra->register_ra(null); // create a user account without password
 
                /*
                OIDplus DB Field          ActiveDirectory field
                ------------------------------------------------
                ra_name                   cn
                personal_name             displayname (or: givenname + " " + sn)
                organization              company
                office                    physicaldeliveryofficename or department
                street                    streetaddress
                zip_town                  postalcode + " " + l
                country                   co (human-readable) or c (ISO country code)
                phone                     telephonenumber or homephone
                mobile                    mobile
                fax                       facsimiletelephonenumber
                (none)                    wwwhomepage
                */
 
                $opuserdata = array();
                $opuserdata['ra_name'] = \VtsLDAPUtils::getString($ldap_userinfo,'cn');
                if (!empty(\VtsLDAPUtils::getString($ldap_userinfo,'displayname'))) {
                        $opuserdata['personal_name'] = \VtsLDAPUtils::getString($ldap_userinfo,'displayname');
                } else {
                        $opuserdata['personal_name'] = trim(\VtsLDAPUtils::getString($ldap_userinfo,'givenname').' '.\VtsLDAPUtils::getString($ldap_userinfo,'sn'));
                }
                $opuserdata['organization'] = \VtsLDAPUtils::getString($ldap_userinfo,'company');
                if (!empty(\VtsLDAPUtils::getString($ldap_userinfo,'physicaldeliveryofficename'))) {
                        $opuserdata['office'] = \VtsLDAPUtils::getString($ldap_userinfo,'physicaldeliveryofficename');
                } else {
                        $opuserdata['office'] = \VtsLDAPUtils::getString($ldap_userinfo,'department');
                }
                $opuserdata['street'] = \VtsLDAPUtils::getString($ldap_userinfo,'streetaddress');
                $opuserdata['zip_town'] = trim(\VtsLDAPUtils::getString($ldap_userinfo,'postalcode').' '.\VtsLDAPUtils::getString($ldap_userinfo,'l'));
                $opuserdata['country'] = \VtsLDAPUtils::getString($ldap_userinfo,'co'); // ISO country code: \VtsLDAPUtils::getString($ldap_userinfo,'c')
                $opuserdata['phone'] = \VtsLDAPUtils::getString($ldap_userinfo,'telephonenumber'); // homephone for private phone number
                $opuserdata['mobile'] = \VtsLDAPUtils::getString($ldap_userinfo,'mobile');
                $opuserdata['fax'] = \VtsLDAPUtils::getString($ldap_userinfo,'facsimiletelephonenumber');
 
                foreach ($opuserdata as $dbfield => $val) {
                        if (!empty($val)) {
                                OIDplus::db()->query("update ###ra set ".$dbfield." = ? where email = ?", array($val, $email));
                        }
                }
        }
 
        /**
         * @param bool $remember_me
         * @param string $email
         * @param array $ldap_userinfo
         * @return void
         * @throws OIDplusException
         */
        private function doLoginRA(bool $remember_me, string $email, array $ldap_userinfo) {
                $ra = new OIDplusRA($email);
                if (!$ra->existing()) {
                        $this->registerRA($ra, $ldap_userinfo);
                        OIDplus::logger()->log("V2:[INFO]RA(%1)", "RA '%1' was created because of successful LDAP login", $email);
                }
 
                OIDplus::authUtils()->raLoginEx($email, $remember_me, 'LDAP');
 
                OIDplus::db()->query("UPDATE ###ra set last_login = ".OIDplus::db()->sqlDate()." where email = ?", array($email));
        }
 
        /**
         * @param string $upn
         * @return int
         * @throws OIDplusException
         */
        private function getDomainNumber(string $upn): int {
                $numDomains = OIDplus::baseConfig()->getValue('LDAP_NUM_DOMAINS', 1);
                for ($i=1; $i<=$numDomains; $i++) {
                        $cfgSuffix = $i == 1 ? '' : "__$i";
                        $upnSuffix = OIDplus::baseConfig()->getValue('LDAP_UPN_SUFFIX'.$cfgSuffix, '');
                        if (str_ends_with($upn, $upnSuffix)) return $i;
                }
                return -1;
        }
 
        /**
         * @param string $actionID
         * @param array $params
         * @return array
         * @throws OIDplusConfigInitializationException
         * @throws OIDplusException
         */
        public function action(string $actionID, array $params): array {
                if ($actionID == 'ra_login_ldap') {
                        if (!OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {
                                throw new OIDplusException(_L('LDAP authentication is disabled on this system.'));
                        }
 
                        if (!function_exists('ldap_connect')) throw new OIDplusConfigInitializationException(_L('PHP extension "%1" not installed','LDAP'));
 
                        OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha');
 
                        _CheckParamExists($params, 'email');
                        _CheckParamExists($params, 'password');
 
                        $upn = $params['email'];
                        $password = $params['password'];
 
                        $domainNumber = $this->getDomainNumber($upn);
                        if ($domainNumber <= 0) {
                                throw new OIDplusException(_L('The server is not configured to handle this domain (the part behind the at-sign)'));
                        }
                        $cfgSuffix = $domainNumber == 1 ? '' : "__$domainNumber";
 
                        if (empty($upn)) {
                                throw new OIDplusException(_L('Please enter a valid username'));
                        }
 
                        $ldap = new \VtsLDAPUtils();
 
                        try {
 
                                $cfg_ldap_server      = OIDplus::baseConfig()->getValue('LDAP_SERVER'.$cfgSuffix);
                                $cfg_ldap_port        = OIDplus::baseConfig()->getValue('LDAP_PORT'.$cfgSuffix, 389);
                                $cfg_ldap_base_dn     = OIDplus::baseConfig()->getValue('LDAP_BASE_DN'.$cfgSuffix);
 
                                // Note: Will throw an Exception if connect fails
                                $ldap->connect($cfg_ldap_server, $cfg_ldap_port);
 
                                if (!$ldap->login($upn, $password)) {
                                        if (OIDplus::config()->getValue('log_failed_ra_logins', false)) {
                                                OIDplus::logger()->log("V2:[WARN]A", "Failed login to RA account '%1' using LDAP", $upn);
                                        }
                                        throw new OIDplusException(_L('Wrong password or user not registered'));
                                }
 
                                $ldap_userinfo = $ldap->getUserInfo($upn, $cfg_ldap_base_dn);
 
                                if (!$ldap_userinfo) {
                                        throw new OIDplusException(_L('The LDAP login was successful, but the own user %1 cannot be found. Please check the base configuration setting %2 and %3', $upn, "LDAP_BASE_DN$cfgSuffix", "LDAP_UPN_SUFFIX$cfgSuffix"));
                                }
 
                                $foundSomething = false;
 
                                // ---
 
                                $cfgAdminGroup = OIDplus::baseConfig()->getValue('LDAP_ADMIN_GROUP'.$cfgSuffix,'');
                                if (!empty($cfgAdminGroup)) {
                                        $isAdmin = $ldap->isMemberOfRec($ldap_userinfo, $cfgAdminGroup);
                                } else {
                                        $isAdmin = false;
                                }
                                if ($isAdmin) {
                                        $foundSomething = true;
                                        $remember_me = isset($params['remember_me']) && ($params['remember_me']);
                                        OIDplus::authUtils()->adminLoginEx($remember_me, 'LDAP login');
                                }
 
                                // ---
 
                                $cfgRaGroup = OIDplus::baseConfig()->getValue('LDAP_RA_GROUP'.$cfgSuffix,'');
                                if (!empty($cfgRaGroup)) {
                                        $isRA = $ldap->isMemberOfRec($ldap_userinfo, $cfgRaGroup);
                                } else {
                                        $isRA = true;
                                }
                                if ($isRA) {
                                        if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_UPN'.$cfgSuffix,true)) {
                                                $mail = \VtsLDAPUtils::getString($ldap_userinfo, 'userprincipalname');
                                                $foundSomething = true;
                                                $remember_me = isset($params['remember_me']) && ($params['remember_me']);
                                                $this->doLoginRA($remember_me, $mail, $ldap_userinfo);
                                        }
                                        if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_EMAIL'.$cfgSuffix,false)) {
                                                $mails = \VtsLDAPUtils::getArray($ldap_userinfo, 'mail');
                                                foreach ($mails as $mail) {
                                                        $foundSomething = true;
                                                        $remember_me = isset($params['remember_me']) && ($params['remember_me']);
                                                        $this->doLoginRA($remember_me, $mail, $ldap_userinfo);
                                                }
                                        }
                                }
 
                        } finally {
                                $ldap->disconnect();
                                $ldap = null;
                        }
 
                        if (!$foundSomething) {
                                throw new OIDplusException(_L("Error: These credentials cannot be used with OIDplus. Please check the base configuration."));
                        }
 
                        return array("status" => 0);
                } else {
                        return parent::action($actionID, $params);
                }
        }
 
        /**
         * @param bool $html
         * @return void
         */
        public function init(bool $html=true) {
                // Nothing
        }
 
        /**
         * @param string $id
         * @param array $out
         * @param bool $handled
         * @return void
         * @throws OIDplusException
         */
        public function gui(string $id, array &$out, bool &$handled) {
                if ($id === 'oidplus:login_ldap') {
                        $handled = true;
                        $out['title'] = _L('Login using LDAP / ActiveDirectory');
                        $out['icon']  = OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon.png';
 
                        if (!OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {
                                throw new OIDplusException(_L('LDAP authentication is disabled on this system.'), $out['title']);
                        }
 
                        if (!function_exists('ldap_connect')) {
                                throw new OIDplusException(_L('PHP extension "%1" not installed','LDAP'), $out['title']);
                        }
 
                        $out['text']  = '<noscript>';
                        $out['text'] .= '<p>'._L('You need to enable JavaScript to use the login area.').'</p>';
                        $out['text'] .= '</noscript>';
 
                        $out['text'] .= '<div id="loginLdapArea" style="visibility: hidden">';
 
                        $out['text'] .= OIDplus::getActiveCaptchaPlugin()->captchaGenerate(_L('Before logging in, please solve the following CAPTCHA'));
                        $out['text'] .= '<br>';
 
                        $out['text'] .= '<p><a '.OIDplus::gui()->link('oidplus:login').'><img src="img/arrow_back.png" width="16" alt="'._L('Go back').'"> '._L('Regular login method').'</a></p>';
 
                        $out['text'] .= '<h2>'._L('Login as RA').'</h2>';
 
                        $login_list = OIDplus::authUtils()->loggedInRaList();
                        if (count($login_list) > 0) {
                                foreach ($login_list as $x) {
                                        $out['text'] .= '<p>'._L('You are logged in as %1','<b>'.$x->raEmail().'</b>').' (<a href="#" onclick="return OIDplusPagePublicLogin.raLogout('.js_escape($x->raEmail()).');">'._L('Logout').'</a>)</p>';
                                }
                                $out['text'] .= '<p>'._L('If you have more accounts, you can log in with another account here.').'</p>';
                        } else {
                                $out['text'] .= '<p>'._L('Enter your domain username and your password to log in as Registration Authority.').'</p>';
                        }
                        $out['text'] .= '<form onsubmit="return OIDplusPagePublicLoginLDAP.raLoginLdapOnSubmit(this);">';
                        $out['text'] .= '<div><label class="padding_label">'._L('Username').':</label><input type="text" name="username" value="" id="raLoginLdapUsername">';
                        $out['text'] .= '&nbsp;&nbsp;';
                        $out['text'] .= '<select id="ldapUpnSuffix" name="upnSuffix">';
 
                        $numDomains = OIDplus::baseConfig()->getValue('LDAP_NUM_DOMAINS', 1);
                        for ($i=1; $i<=$numDomains; $i++) {
                                $cfgSuffix = $i == 1 ? '' : "__$i";
                                $upnSuffix = OIDplus::baseConfig()->getValue('LDAP_UPN_SUFFIX'.$cfgSuffix, '');
                                if ($upnSuffix == '') throw new OIDplusException(_L('Invalid base configuration setting: %1 is missing or empty', 'LDAP_UPN_SUFFIX'.$cfgSuffix));
                                $out['text'] .= '<option value="'.htmlentities($upnSuffix).'">'.htmlentities($upnSuffix).'</option>';
                        }
 
                        $out['text'] .= '</select>';
                        $out['text'] .= '</div>';
                        $out['text'] .= '<div><label class="padding_label">'._L('Password').':</label><input type="password" name="password" value="" id="raLoginLdapPassword"></div>';
                        if (OIDplus::baseConfig()->getValue('JWT_ALLOW_LOGIN_USER', true)) {
                                if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreJWT::class)) {
                                        if (OIDplus::authUtils()->getExtendedAttribute('oidplus_generator',-1) === OIDplusAuthContentStoreJWT::JWT_GENERATOR_LOGIN) {
                                                $att = 'disabled checked';
                                        } else {
                                                $att = 'disabled';
                                        }
                                } else if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreSession::class)) {
                                        $att = 'disabled';
                                } else {
                                        $att = '';
                                }
                                $out['text'] .= '<div><input '.$att.' type="checkbox" value="1" id="remember_me_ldap" name="remember_me_ldap"> <label for="remember_me_ldap">'._L('Remember me').'</label></div>';
                        }
                        $out['text'] .= '<br><input type="submit" value="'._L('Login').'"><br><br>';
                        $out['text'] .= '</form>';
 
                        $invitePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.2.92'); // OIDplusPageRaInvite
                        $out['text'] .= '<p><b>'._L('How to register?').'</b> '._L('You don\'t need to register. Just enter your Windows/Company credentials.').'</p>';
 
                        $mins = ceil(OIDplus::baseConfig()->getValue('SESSION_LIFETIME', 30*60)/60);
                        $out['text'] .= '<p><font size="-1">'._L('<i>Privacy information</i>: By using the login functionality, you are accepting that a "session cookie" is temporarily stored in your browser. The session cookie is a small text file that is sent to this website every time you visit it, to identify you as an already logged in user. It does not track any of your online activities outside OIDplus. The cookie will be destroyed when you log out or after an inactivity of %1 minutes (except if the "Remember me" option is used).', $mins);
                        $privacy_document_file = 'OIDplus/privacy_documentation.html';
                        $resourcePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.1.500'); // OIDplusPagePublicResources
                        if (!is_null($resourcePlugin) && file_exists(OIDplus::localpath().'res/'.$privacy_document_file)) {
                                $out['text'] .= ' <a '.OIDplus::gui()->link('oidplus:resources$'.$privacy_document_file.'#cookies').'>'._L('More information about the cookies used').'</a>';
                        }
                        $out['text'] .= '</font></p></div>';
 
                        $out['text'] .= '<script>$("#loginLdapArea")[0].style.visibility = "visible";</script>';
                }
        }
 
        /**
         * @param array $out
         * @return void
         */
        public function publicSitemap(array &$out) {
                $out[] = 'oidplus:login_ldap';
        }
 
        /**
         * @param array $json
         * @param string|null $ra_email
         * @param bool $nonjs
         * @param string $req_goto
         * @return bool
         */
        public function tree(array &$json, string $ra_email=null, bool $nonjs=false, string $req_goto=''): bool {
                return true;
        }
 
        /**
         * @param string $request
         * @return array|false
         */
        public function tree_search(string $request) {
                return false;
        }
 
        /**
         * Implements interface INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_5
         * @return array
         * @throws OIDplusException
         */
        public function alternativeLoginMethods(): array {
                $logins = array();
                if (OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {
                        $logins[] = array(
                                'oidplus:login_ldap',
                                _L('Login using LDAP / ActiveDirectory'),
                                OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon16.png'
                        );
                }
                return $logins;
        }
 
        /**
         * Implements interface INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_8
         * @param string|null $user
         * @return array
         * @throws OIDplusException
         */
        public function getNotifications(string $user=null): array {
                $notifications = array();
                if ((!$user || ($user == 'admin')) && OIDplus::authUtils()->isAdminLoggedIn()) {
                        if (OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {
                                if (!function_exists('ldap_connect')) {
                                        $title = _L('LDAP Login');
                                        $notifications[] = new OIDplusNotification('ERR', _L('OIDplus plugin "%1" is enabled, but the required PHP extension "%2" is not installed.', htmlentities($title), 'php_ldap'));
                                }
                        }
                }
                return $notifications;
        }
 
}
 

Rev 1206	Rev 1267
1	<?php	1	<?php
2		2
3	/*	3	/*
4	* OIDplus 2.0	4	* OIDplus 2.0
5	* Copyright 2019 - 2023 Daniel Marschall, ViaThinkSoft	5	* Copyright 2019 - 2023 Daniel Marschall, ViaThinkSoft
6	*	6	*
7	* Licensed under the Apache License, Version 2.0 (the "License");	7	* Licensed under the Apache License, Version 2.0 (the "License");
8	* you may not use this file except in compliance with the License.	8	* you may not use this file except in compliance with the License.
9	* You may obtain a copy of the License at	9	* You may obtain a copy of the License at
10	*	10	*
11	* http://www.apache.org/licenses/LICENSE-2.0	11	* http://www.apache.org/licenses/LICENSE-2.0
12	*	12	*
13	* Unless required by applicable law or agreed to in writing, software	13	* Unless required by applicable law or agreed to in writing, software
14	* distributed under the License is distributed on an "AS IS" BASIS,	14	* distributed under the License is distributed on an "AS IS" BASIS,
15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.	15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16	* See the License for the specific language governing permissions and	16	* See the License for the specific language governing permissions and
17	* limitations under the License.	17	* limitations under the License.
18	*/	18	*/
19		19
20	namespace ViaThinkSoft\OIDplus;	20	namespace ViaThinkSoft\OIDplus;
21		21
22	// phpcs:disable PSR1.Files.SideEffects	22	// phpcs:disable PSR1.Files.SideEffects
23	\defined('INSIDE_OIDPLUS') or die;	23	\defined('INSIDE_OIDPLUS') or die;
24	// phpcs:enable PSR1.Files.SideEffects	24	// phpcs:enable PSR1.Files.SideEffects
25		25
26	class OIDplusPagePublicLoginLdap extends OIDplusPagePluginPublic	26	class OIDplusPagePublicLoginLdap extends OIDplusPagePluginPublic
27	implements INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_5, /* alternativeLoginMethods */	27	implements INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_5, /* alternativeLoginMethods */
28	INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_8 /* getNotifications */	28	INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_8 /* getNotifications */
29	{	29	{
30		30
31	/**	31	/**
32	* @param OIDplusRA $ra	32	* @param OIDplusRA $ra
33	* @param array $ldap_userinfo	33	* @param array $ldap_userinfo
34	* @return void	34	* @return void
35	* @throws OIDplusException	35	* @throws OIDplusException
36	*/	36	*/
37	private function registerRA(OIDplusRA $ra, array $ldap_userinfo) {	37	private function registerRA(OIDplusRA $ra, array $ldap_userinfo) {
38	$email = $ra->raEmail();	38	$email = $ra->raEmail();
39		39
40	$ra->register_ra(null); // create a user account without password	40	$ra->register_ra(null); // create a user account without password
41		41
42	/*	42	/*
43	OIDplus DB Field ActiveDirectory field	43	OIDplus DB Field ActiveDirectory field
44	------------------------------------------------	44	------------------------------------------------
45	ra_name cn	45	ra_name cn
46	personal_name displayname (or: givenname + " " + sn)	46	personal_name displayname (or: givenname + " " + sn)
47	organization company	47	organization company
48	office physicaldeliveryofficename or department	48	office physicaldeliveryofficename or department
49	street streetaddress	49	street streetaddress
50	zip_town postalcode + " " + l	50	zip_town postalcode + " " + l
51	country co (human-readable) or c (ISO country code)	51	country co (human-readable) or c (ISO country code)
52	phone telephonenumber or homephone	52	phone telephonenumber or homephone
53	mobile mobile	53	mobile mobile
54	fax facsimiletelephonenumber	54	fax facsimiletelephonenumber
55	(none) wwwhomepage	55	(none) wwwhomepage
56	*/	56	*/
57		57
58	$opuserdata = array();	58	$opuserdata = array();
59	$opuserdata['ra_name'] = \VtsLDAPUtils::getString($ldap_userinfo,'cn');	59	$opuserdata['ra_name'] = \VtsLDAPUtils::getString($ldap_userinfo,'cn');
60	if (!empty(\VtsLDAPUtils::getString($ldap_userinfo,'displayname'))) {	60	if (!empty(\VtsLDAPUtils::getString($ldap_userinfo,'displayname'))) {
61	$opuserdata['personal_name'] = \VtsLDAPUtils::getString($ldap_userinfo,'displayname');	61	$opuserdata['personal_name'] = \VtsLDAPUtils::getString($ldap_userinfo,'displayname');
62	} else {	62	} else {
63	$opuserdata['personal_name'] = trim(\VtsLDAPUtils::getString($ldap_userinfo,'givenname').' '.\VtsLDAPUtils::getString($ldap_userinfo,'sn'));	63	$opuserdata['personal_name'] = trim(\VtsLDAPUtils::getString($ldap_userinfo,'givenname').' '.\VtsLDAPUtils::getString($ldap_userinfo,'sn'));
64	}	64	}
65	$opuserdata['organization'] = \VtsLDAPUtils::getString($ldap_userinfo,'company');	65	$opuserdata['organization'] = \VtsLDAPUtils::getString($ldap_userinfo,'company');
66	if (!empty(\VtsLDAPUtils::getString($ldap_userinfo,'physicaldeliveryofficename'))) {	66	if (!empty(\VtsLDAPUtils::getString($ldap_userinfo,'physicaldeliveryofficename'))) {
67	$opuserdata['office'] = \VtsLDAPUtils::getString($ldap_userinfo,'physicaldeliveryofficename');	67	$opuserdata['office'] = \VtsLDAPUtils::getString($ldap_userinfo,'physicaldeliveryofficename');
68	} else {	68	} else {
69	$opuserdata['office'] = \VtsLDAPUtils::getString($ldap_userinfo,'department');	69	$opuserdata['office'] = \VtsLDAPUtils::getString($ldap_userinfo,'department');
70	}	70	}
71	$opuserdata['street'] = \VtsLDAPUtils::getString($ldap_userinfo,'streetaddress');	71	$opuserdata['street'] = \VtsLDAPUtils::getString($ldap_userinfo,'streetaddress');
72	$opuserdata['zip_town'] = trim(\VtsLDAPUtils::getString($ldap_userinfo,'postalcode').' '.\VtsLDAPUtils::getString($ldap_userinfo,'l'));	72	$opuserdata['zip_town'] = trim(\VtsLDAPUtils::getString($ldap_userinfo,'postalcode').' '.\VtsLDAPUtils::getString($ldap_userinfo,'l'));
73	$opuserdata['country'] = \VtsLDAPUtils::getString($ldap_userinfo,'co'); // ISO country code: \VtsLDAPUtils::getString($ldap_userinfo,'c')	73	$opuserdata['country'] = \VtsLDAPUtils::getString($ldap_userinfo,'co'); // ISO country code: \VtsLDAPUtils::getString($ldap_userinfo,'c')
74	$opuserdata['phone'] = \VtsLDAPUtils::getString($ldap_userinfo,'telephonenumber'); // homephone for private phone number	74	$opuserdata['phone'] = \VtsLDAPUtils::getString($ldap_userinfo,'telephonenumber'); // homephone for private phone number
75	$opuserdata['mobile'] = \VtsLDAPUtils::getString($ldap_userinfo,'mobile');	75	$opuserdata['mobile'] = \VtsLDAPUtils::getString($ldap_userinfo,'mobile');
76	$opuserdata['fax'] = \VtsLDAPUtils::getString($ldap_userinfo,'facsimiletelephonenumber');	76	$opuserdata['fax'] = \VtsLDAPUtils::getString($ldap_userinfo,'facsimiletelephonenumber');
77		77
78	foreach ($opuserdata as $dbfield => $val) {	78	foreach ($opuserdata as $dbfield => $val) {
79	if (!empty($val)) {	79	if (!empty($val)) {
80	OIDplus::db()->query("update ###ra set ".$dbfield." = ? where email = ?", array($val, $email));	80	OIDplus::db()->query("update ###ra set ".$dbfield." = ? where email = ?", array($val, $email));
81	}	81	}
82	}	82	}
83	}	83	}
84		84
85	/**	85	/**
86	* @param bool $remember_me	86	* @param bool $remember_me
87	* @param string $email	87	* @param string $email
88	* @param array $ldap_userinfo	88	* @param array $ldap_userinfo
89	* @return void	89	* @return void
90	* @throws OIDplusException	90	* @throws OIDplusException
91	*/	91	*/
92	private function doLoginRA(bool $remember_me, string $email, array $ldap_userinfo) {	92	private function doLoginRA(bool $remember_me, string $email, array $ldap_userinfo) {
93	$ra = new OIDplusRA($email);	93	$ra = new OIDplusRA($email);
94	if (!$ra->existing()) {	94	if (!$ra->existing()) {
95	$this->registerRA($ra, $ldap_userinfo);	95	$this->registerRA($ra, $ldap_userinfo);
96	OIDplus::logger()->log("[INFO]RA(%1)!", "RA '%1' was created because of successful LDAP login", $email);	96	OIDplus::logger()->log("V2:[INFO]RA(%1)", "RA '%1' was created because of successful LDAP login", $email);
97	}	97	}
98		98
99	OIDplus::authUtils()->raLoginEx($email, $remember_me, 'LDAP');	99	OIDplus::authUtils()->raLoginEx($email, $remember_me, 'LDAP');
100		100
101	OIDplus::db()->query("UPDATE ###ra set last_login = ".OIDplus::db()->sqlDate()." where email = ?", array($email));	101	OIDplus::db()->query("UPDATE ###ra set last_login = ".OIDplus::db()->sqlDate()." where email = ?", array($email));
102	}	102	}
103		103
104	/**	104	/**
105	* @param string $upn	105	* @param string $upn
106	* @return int	106	* @return int
107	* @throws OIDplusException	107	* @throws OIDplusException
108	*/	108	*/
109	private function getDomainNumber(string $upn): int {	109	private function getDomainNumber(string $upn): int {
110	$numDomains = OIDplus::baseConfig()->getValue('LDAP_NUM_DOMAINS', 1);	110	$numDomains = OIDplus::baseConfig()->getValue('LDAP_NUM_DOMAINS', 1);
111	for ($i=1; $i<=$numDomains; $i++) {	111	for ($i=1; $i<=$numDomains; $i++) {
112	$cfgSuffix = $i == 1 ? '' : "__$i";	112	$cfgSuffix = $i == 1 ? '' : "__$i";
113	$upnSuffix = OIDplus::baseConfig()->getValue('LDAP_UPN_SUFFIX'.$cfgSuffix, '');	113	$upnSuffix = OIDplus::baseConfig()->getValue('LDAP_UPN_SUFFIX'.$cfgSuffix, '');
114	if (str_ends_with($upn, $upnSuffix)) return $i;	114	if (str_ends_with($upn, $upnSuffix)) return $i;
115	}	115	}
116	return -1;	116	return -1;
117	}	117	}
118		118
119	/**	119	/**
120	* @param string $actionID	120	* @param string $actionID
121	* @param array $params	121	* @param array $params
122	* @return array	122	* @return array
123	* @throws OIDplusConfigInitializationException	123	* @throws OIDplusConfigInitializationException
124	* @throws OIDplusException	124	* @throws OIDplusException
125	*/	125	*/
126	public function action(string $actionID, array $params): array {	126	public function action(string $actionID, array $params): array {
127	if ($actionID == 'ra_login_ldap') {	127	if ($actionID == 'ra_login_ldap') {
128	if (!OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {	128	if (!OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {
129	throw new OIDplusException(_L('LDAP authentication is disabled on this system.'));	129	throw new OIDplusException(_L('LDAP authentication is disabled on this system.'));
130	}	130	}
131		131
132	if (!function_exists('ldap_connect')) throw new OIDplusConfigInitializationException(_L('PHP extension "%1" not installed','LDAP'));	132	if (!function_exists('ldap_connect')) throw new OIDplusConfigInitializationException(_L('PHP extension "%1" not installed','LDAP'));
133		133
134	OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha');	134	OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha');
135		135
136	_CheckParamExists($params, 'email');	136	_CheckParamExists($params, 'email');
137	_CheckParamExists($params, 'password');	137	_CheckParamExists($params, 'password');
138		138
139	$upn = $params['email'];	139	$upn = $params['email'];
140	$password = $params['password'];	140	$password = $params['password'];
141		141
142	$domainNumber = $this->getDomainNumber($upn);	142	$domainNumber = $this->getDomainNumber($upn);
143	if ($domainNumber <= 0) {	143	if ($domainNumber <= 0) {
144	throw new OIDplusException(_L('The server is not configured to handle this domain (the part behind the at-sign)'));	144	throw new OIDplusException(_L('The server is not configured to handle this domain (the part behind the at-sign)'));
145	}	145	}
146	$cfgSuffix = $domainNumber == 1 ? '' : "__$domainNumber";	146	$cfgSuffix = $domainNumber == 1 ? '' : "__$domainNumber";
147		147
148	if (empty($upn)) {	148	if (empty($upn)) {
149	throw new OIDplusException(_L('Please enter a valid username'));	149	throw new OIDplusException(_L('Please enter a valid username'));
150	}	150	}
151		151
152	$ldap = new \VtsLDAPUtils();	152	$ldap = new \VtsLDAPUtils();
153		153
154	try {	154	try {
155		155
156	$cfg_ldap_server = OIDplus::baseConfig()->getValue('LDAP_SERVER'.$cfgSuffix);	156	$cfg_ldap_server = OIDplus::baseConfig()->getValue('LDAP_SERVER'.$cfgSuffix);
157	$cfg_ldap_port = OIDplus::baseConfig()->getValue('LDAP_PORT'.$cfgSuffix, 389);	157	$cfg_ldap_port = OIDplus::baseConfig()->getValue('LDAP_PORT'.$cfgSuffix, 389);
158	$cfg_ldap_base_dn = OIDplus::baseConfig()->getValue('LDAP_BASE_DN'.$cfgSuffix);	158	$cfg_ldap_base_dn = OIDplus::baseConfig()->getValue('LDAP_BASE_DN'.$cfgSuffix);
159		159
160	// Note: Will throw an Exception if connect fails	160	// Note: Will throw an Exception if connect fails
161	$ldap->connect($cfg_ldap_server, $cfg_ldap_port);	161	$ldap->connect($cfg_ldap_server, $cfg_ldap_port);
162		162
163	if (!$ldap->login($upn, $password)) {	163	if (!$ldap->login($upn, $password)) {
164	if (OIDplus::config()->getValue('log_failed_ra_logins', false)) {	164	if (OIDplus::config()->getValue('log_failed_ra_logins', false)) {
165	OIDplus::logger()->log("[WARN]A!", "Failed login to RA account '%1' using LDAP", $upn);	165	OIDplus::logger()->log("V2:[WARN]A", "Failed login to RA account '%1' using LDAP", $upn);
166	}	166	}
167	throw new OIDplusException(_L('Wrong password or user not registered'));	167	throw new OIDplusException(_L('Wrong password or user not registered'));
168	}	168	}
169		169
170	$ldap_userinfo = $ldap->getUserInfo($upn, $cfg_ldap_base_dn);	170	$ldap_userinfo = $ldap->getUserInfo($upn, $cfg_ldap_base_dn);
171		171
172	if (!$ldap_userinfo) {	172	if (!$ldap_userinfo) {
173	throw new OIDplusException(_L('The LDAP login was successful, but the own user %1 cannot be found. Please check the base configuration setting %2 and %3', $upn, "LDAP_BASE_DN$cfgSuffix", "LDAP_UPN_SUFFIX$cfgSuffix"));	173	throw new OIDplusException(_L('The LDAP login was successful, but the own user %1 cannot be found. Please check the base configuration setting %2 and %3', $upn, "LDAP_BASE_DN$cfgSuffix", "LDAP_UPN_SUFFIX$cfgSuffix"));
174	}	174	}
175		175
176	$foundSomething = false;	176	$foundSomething = false;
177		177
178	// ---	178	// ---
179		179
180	$cfgAdminGroup = OIDplus::baseConfig()->getValue('LDAP_ADMIN_GROUP'.$cfgSuffix,'');	180	$cfgAdminGroup = OIDplus::baseConfig()->getValue('LDAP_ADMIN_GROUP'.$cfgSuffix,'');
181	if (!empty($cfgAdminGroup)) {	181	if (!empty($cfgAdminGroup)) {
182	$isAdmin = $ldap->isMemberOfRec($ldap_userinfo, $cfgAdminGroup);	182	$isAdmin = $ldap->isMemberOfRec($ldap_userinfo, $cfgAdminGroup);
183	} else {	183	} else {
184	$isAdmin = false;	184	$isAdmin = false;
185	}	185	}
186	if ($isAdmin) {	186	if ($isAdmin) {
187	$foundSomething = true;	187	$foundSomething = true;
188	$remember_me = isset($params['remember_me']) && ($params['remember_me']);	188	$remember_me = isset($params['remember_me']) && ($params['remember_me']);
189	OIDplus::authUtils()->adminLoginEx($remember_me, 'LDAP login');	189	OIDplus::authUtils()->adminLoginEx($remember_me, 'LDAP login');
190	}	190	}
191		191
192	// ---	192	// ---
193		193
194	$cfgRaGroup = OIDplus::baseConfig()->getValue('LDAP_RA_GROUP'.$cfgSuffix,'');	194	$cfgRaGroup = OIDplus::baseConfig()->getValue('LDAP_RA_GROUP'.$cfgSuffix,'');
195	if (!empty($cfgRaGroup)) {	195	if (!empty($cfgRaGroup)) {
196	$isRA = $ldap->isMemberOfRec($ldap_userinfo, $cfgRaGroup);	196	$isRA = $ldap->isMemberOfRec($ldap_userinfo, $cfgRaGroup);
197	} else {	197	} else {
198	$isRA = true;	198	$isRA = true;
199	}	199	}
200	if ($isRA) {	200	if ($isRA) {
201	if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_UPN'.$cfgSuffix,true)) {	201	if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_UPN'.$cfgSuffix,true)) {
202	$mail = \VtsLDAPUtils::getString($ldap_userinfo, 'userprincipalname');	202	$mail = \VtsLDAPUtils::getString($ldap_userinfo, 'userprincipalname');
203	$foundSomething = true;	203	$foundSomething = true;
204	$remember_me = isset($params['remember_me']) && ($params['remember_me']);	204	$remember_me = isset($params['remember_me']) && ($params['remember_me']);
205	$this->doLoginRA($remember_me, $mail, $ldap_userinfo);	205	$this->doLoginRA($remember_me, $mail, $ldap_userinfo);
206	}	206	}
207	if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_EMAIL'.$cfgSuffix,false)) {	207	if (OIDplus::baseConfig()->getValue('LDAP_AUTHENTICATE_EMAIL'.$cfgSuffix,false)) {
208	$mails = \VtsLDAPUtils::getArray($ldap_userinfo, 'mail');	208	$mails = \VtsLDAPUtils::getArray($ldap_userinfo, 'mail');
209	foreach ($mails as $mail) {	209	foreach ($mails as $mail) {
210	$foundSomething = true;	210	$foundSomething = true;
211	$remember_me = isset($params['remember_me']) && ($params['remember_me']);	211	$remember_me = isset($params['remember_me']) && ($params['remember_me']);
212	$this->doLoginRA($remember_me, $mail, $ldap_userinfo);	212	$this->doLoginRA($remember_me, $mail, $ldap_userinfo);
213	}	213	}
214	}	214	}
215	}	215	}
216		216
217	} finally {	217	} finally {
218	$ldap->disconnect();	218	$ldap->disconnect();
219	$ldap = null;	219	$ldap = null;
220	}	220	}
221		221
222	if (!$foundSomething) {	222	if (!$foundSomething) {
223	throw new OIDplusException(_L("Error: These credentials cannot be used with OIDplus. Please check the base configuration."));	223	throw new OIDplusException(_L("Error: These credentials cannot be used with OIDplus. Please check the base configuration."));
224	}	224	}
225		225
226	return array("status" => 0);	226	return array("status" => 0);
227	} else {	227	} else {
228	return parent::action($actionID, $params);	228	return parent::action($actionID, $params);
229	}	229	}
230	}	230	}
231		231
232	/**	232	/**
233	* @param bool $html	233	* @param bool $html
234	* @return void	234	* @return void
235	*/	235	*/
236	public function init(bool $html=true) {	236	public function init(bool $html=true) {
237	// Nothing	237	// Nothing
238	}	238	}
239		239
240	/**	240	/**
241	* @param string $id	241	* @param string $id
242	* @param array $out	242	* @param array $out
243	* @param bool $handled	243	* @param bool $handled
244	* @return void	244	* @return void
245	* @throws OIDplusException	245	* @throws OIDplusException
246	*/	246	*/
247	public function gui(string $id, array &$out, bool &$handled) {	247	public function gui(string $id, array &$out, bool &$handled) {
248	if ($id === 'oidplus:login_ldap') {	248	if ($id === 'oidplus:login_ldap') {
249	$handled = true;	249	$handled = true;
250	$out['title'] = _L('Login using LDAP / ActiveDirectory');	250	$out['title'] = _L('Login using LDAP / ActiveDirectory');
251	$out['icon'] = OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon.png';	251	$out['icon'] = OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon.png';
252		252
253	if (!OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {	253	if (!OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {
254	throw new OIDplusException(_L('LDAP authentication is disabled on this system.'), $out['title']);	254	throw new OIDplusException(_L('LDAP authentication is disabled on this system.'), $out['title']);
255	}	255	}
256		256
257	if (!function_exists('ldap_connect')) {	257	if (!function_exists('ldap_connect')) {
258	throw new OIDplusException(_L('PHP extension "%1" not installed','LDAP'), $out['title']);	258	throw new OIDplusException(_L('PHP extension "%1" not installed','LDAP'), $out['title']);
259	}	259	}
260		260
261	$out['text'] = '<noscript>';	261	$out['text'] = '<noscript>';
262	$out['text'] .= '<p>'._L('You need to enable JavaScript to use the login area.').'</p>';	262	$out['text'] .= '<p>'._L('You need to enable JavaScript to use the login area.').'</p>';
263	$out['text'] .= '</noscript>';	263	$out['text'] .= '</noscript>';
264		264
265	$out['text'] .= '<div id="loginLdapArea" style="visibility: hidden">';	265	$out['text'] .= '<div id="loginLdapArea" style="visibility: hidden">';
266		266
267	$out['text'] .= OIDplus::getActiveCaptchaPlugin()->captchaGenerate(_L('Before logging in, please solve the following CAPTCHA'));	267	$out['text'] .= OIDplus::getActiveCaptchaPlugin()->captchaGenerate(_L('Before logging in, please solve the following CAPTCHA'));
268	$out['text'] .= '<br>';	268	$out['text'] .= '<br>';
269		269
270	$out['text'] .= '<p><a '.OIDplus::gui()->link('oidplus:login').'><img src="img/arrow_back.png" width="16" alt="'._L('Go back').'"> '._L('Regular login method').'</a></p>';	270	$out['text'] .= '<p><a '.OIDplus::gui()->link('oidplus:login').'><img src="img/arrow_back.png" width="16" alt="'._L('Go back').'"> '._L('Regular login method').'</a></p>';
271		271
272	$out['text'] .= '<h2>'._L('Login as RA').'</h2>';	272	$out['text'] .= '<h2>'._L('Login as RA').'</h2>';
273		273
274	$login_list = OIDplus::authUtils()->loggedInRaList();	274	$login_list = OIDplus::authUtils()->loggedInRaList();
275	if (count($login_list) > 0) {	275	if (count($login_list) > 0) {
276	foreach ($login_list as $x) {	276	foreach ($login_list as $x) {
277	$out['text'] .= '<p>'._L('You are logged in as %1','<b>'.$x->raEmail().'</b>').' (<a href="#" onclick="return OIDplusPagePublicLogin.raLogout('.js_escape($x->raEmail()).');">'._L('Logout').'</a>)</p>';	277	$out['text'] .= '<p>'._L('You are logged in as %1','<b>'.$x->raEmail().'</b>').' (<a href="#" onclick="return OIDplusPagePublicLogin.raLogout('.js_escape($x->raEmail()).');">'._L('Logout').'</a>)</p>';
278	}	278	}
279	$out['text'] .= '<p>'._L('If you have more accounts, you can log in with another account here.').'</p>';	279	$out['text'] .= '<p>'._L('If you have more accounts, you can log in with another account here.').'</p>';
280	} else {	280	} else {
281	$out['text'] .= '<p>'._L('Enter your domain username and your password to log in as Registration Authority.').'</p>';	281	$out['text'] .= '<p>'._L('Enter your domain username and your password to log in as Registration Authority.').'</p>';
282	}	282	}
283	$out['text'] .= '<form onsubmit="return OIDplusPagePublicLoginLDAP.raLoginLdapOnSubmit(this);">';	283	$out['text'] .= '<form onsubmit="return OIDplusPagePublicLoginLDAP.raLoginLdapOnSubmit(this);">';
284	$out['text'] .= '<div><label class="padding_label">'._L('Username').':</label><input type="text" name="username" value="" id="raLoginLdapUsername">';	284	$out['text'] .= '<div><label class="padding_label">'._L('Username').':</label><input type="text" name="username" value="" id="raLoginLdapUsername">';
285	$out['text'] .= '  ';	285	$out['text'] .= '  ';
286	$out['text'] .= '<select id="ldapUpnSuffix" name="upnSuffix">';	286	$out['text'] .= '<select id="ldapUpnSuffix" name="upnSuffix">';
287		287
288	$numDomains = OIDplus::baseConfig()->getValue('LDAP_NUM_DOMAINS', 1);	288	$numDomains = OIDplus::baseConfig()->getValue('LDAP_NUM_DOMAINS', 1);
289	for ($i=1; $i<=$numDomains; $i++) {	289	for ($i=1; $i<=$numDomains; $i++) {
290	$cfgSuffix = $i == 1 ? '' : "__$i";	290	$cfgSuffix = $i == 1 ? '' : "__$i";
291	$upnSuffix = OIDplus::baseConfig()->getValue('LDAP_UPN_SUFFIX'.$cfgSuffix, '');	291	$upnSuffix = OIDplus::baseConfig()->getValue('LDAP_UPN_SUFFIX'.$cfgSuffix, '');
292	if ($upnSuffix == '') throw new OIDplusException(_L('Invalid base configuration setting: %1 is missing or empty', 'LDAP_UPN_SUFFIX'.$cfgSuffix));	292	if ($upnSuffix == '') throw new OIDplusException(_L('Invalid base configuration setting: %1 is missing or empty', 'LDAP_UPN_SUFFIX'.$cfgSuffix));
293	$out['text'] .= '<option value="'.htmlentities($upnSuffix).'">'.htmlentities($upnSuffix).'</option>';	293	$out['text'] .= '<option value="'.htmlentities($upnSuffix).'">'.htmlentities($upnSuffix).'</option>';
294	}	294	}
295		295
296	$out['text'] .= '</select>';	296	$out['text'] .= '</select>';
297	$out['text'] .= '</div>';	297	$out['text'] .= '</div>';
298	$out['text'] .= '<div><label class="padding_label">'._L('Password').':</label><input type="password" name="password" value="" id="raLoginLdapPassword"></div>';	298	$out['text'] .= '<div><label class="padding_label">'._L('Password').':</label><input type="password" name="password" value="" id="raLoginLdapPassword"></div>';
299	if (OIDplus::baseConfig()->getValue('JWT_ALLOW_LOGIN_USER', true)) {	299	if (OIDplus::baseConfig()->getValue('JWT_ALLOW_LOGIN_USER', true)) {
300	if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreJWT::class)) {	300	if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreJWT::class)) {
301	if (OIDplus::authUtils()->getExtendedAttribute('oidplus_generator',-1) === OIDplusAuthContentStoreJWT::JWT_GENERATOR_LOGIN) {	301	if (OIDplus::authUtils()->getExtendedAttribute('oidplus_generator',-1) === OIDplusAuthContentStoreJWT::JWT_GENERATOR_LOGIN) {
302	$att = 'disabled checked';	302	$att = 'disabled checked';
303	} else {	303	} else {
304	$att = 'disabled';	304	$att = 'disabled';
305	}	305	}
306	} else if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreSession::class)) {	306	} else if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreSession::class)) {
307	$att = 'disabled';	307	$att = 'disabled';
308	} else {	308	} else {
309	$att = '';	309	$att = '';
310	}	310	}
311	$out['text'] .= '<div><input '.$att.' type="checkbox" value="1" id="remember_me_ldap" name="remember_me_ldap"> <label for="remember_me_ldap">'._L('Remember me').'</label></div>';	311	$out['text'] .= '<div><input '.$att.' type="checkbox" value="1" id="remember_me_ldap" name="remember_me_ldap"> <label for="remember_me_ldap">'._L('Remember me').'</label></div>';
312	}	312	}
313	$out['text'] .= '<br><input type="submit" value="'._L('Login').'"><br><br>';	313	$out['text'] .= '<br><input type="submit" value="'._L('Login').'"><br><br>';
314	$out['text'] .= '</form>';	314	$out['text'] .= '</form>';
315		315
316	$invitePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.2.92'); // OIDplusPageRaInvite	316	$invitePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.2.92'); // OIDplusPageRaInvite
317	$out['text'] .= '<p><b>'._L('How to register?').'</b> '._L('You don\'t need to register. Just enter your Windows/Company credentials.').'</p>';	317	$out['text'] .= '<p><b>'._L('How to register?').'</b> '._L('You don\'t need to register. Just enter your Windows/Company credentials.').'</p>';
318		318
319	$mins = ceil(OIDplus::baseConfig()->getValue('SESSION_LIFETIME', 30*60)/60);	319	$mins = ceil(OIDplus::baseConfig()->getValue('SESSION_LIFETIME', 30*60)/60);
320	$out['text'] .= '<p><font size="-1">'._L('<i>Privacy information</i>: By using the login functionality, you are accepting that a "session cookie" is temporarily stored in your browser. The session cookie is a small text file that is sent to this website every time you visit it, to identify you as an already logged in user. It does not track any of your online activities outside OIDplus. The cookie will be destroyed when you log out or after an inactivity of %1 minutes (except if the "Remember me" option is used).', $mins);	320	$out['text'] .= '<p><font size="-1">'._L('<i>Privacy information</i>: By using the login functionality, you are accepting that a "session cookie" is temporarily stored in your browser. The session cookie is a small text file that is sent to this website every time you visit it, to identify you as an already logged in user. It does not track any of your online activities outside OIDplus. The cookie will be destroyed when you log out or after an inactivity of %1 minutes (except if the "Remember me" option is used).', $mins);
321	$privacy_document_file = 'OIDplus/privacy_documentation.html';	321	$privacy_document_file = 'OIDplus/privacy_documentation.html';
322	$resourcePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.1.500'); // OIDplusPagePublicResources	322	$resourcePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.1.500'); // OIDplusPagePublicResources
323	if (!is_null($resourcePlugin) && file_exists(OIDplus::localpath().'res/'.$privacy_document_file)) {	323	if (!is_null($resourcePlugin) && file_exists(OIDplus::localpath().'res/'.$privacy_document_file)) {
324	$out['text'] .= ' <a '.OIDplus::gui()->link('oidplus:resources$'.$privacy_document_file.'#cookies').'>'._L('More information about the cookies used').'</a>';	324	$out['text'] .= ' <a '.OIDplus::gui()->link('oidplus:resources$'.$privacy_document_file.'#cookies').'>'._L('More information about the cookies used').'</a>';
325	}	325	}
326	$out['text'] .= '</font></p></div>';	326	$out['text'] .= '</font></p></div>';
327		327
328	$out['text'] .= '<script>$("#loginLdapArea")[0].style.visibility = "visible";</script>';	328	$out['text'] .= '<script>$("#loginLdapArea")[0].style.visibility = "visible";</script>';
329	}	329	}
330	}	330	}
331		331
332	/**	332	/**
333	* @param array $out	333	* @param array $out
334	* @return void	334	* @return void
335	*/	335	*/
336	public function publicSitemap(array &$out) {	336	public function publicSitemap(array &$out) {
337	$out[] = 'oidplus:login_ldap';	337	$out[] = 'oidplus:login_ldap';
338	}	338	}
339		339
340	/**	340	/**
341	* @param array $json	341	* @param array $json
342	* @param string\|null $ra_email	342	* @param string\|null $ra_email
343	* @param bool $nonjs	343	* @param bool $nonjs
344	* @param string $req_goto	344	* @param string $req_goto
345	* @return bool	345	* @return bool
346	*/	346	*/
347	public function tree(array &$json, string $ra_email=null, bool $nonjs=false, string $req_goto=''): bool {	347	public function tree(array &$json, string $ra_email=null, bool $nonjs=false, string $req_goto=''): bool {
348	return true;	348	return true;
349	}	349	}
350		350
351	/**	351	/**
352	* @param string $request	352	* @param string $request
353	* @return array\|false	353	* @return array\|false
354	*/	354	*/
355	public function tree_search(string $request) {	355	public function tree_search(string $request) {
356	return false;	356	return false;
357	}	357	}
358		358
359	/**	359	/**
360	* Implements interface INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_5	360	* Implements interface INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_5
361	* @return array	361	* @return array
362	* @throws OIDplusException	362	* @throws OIDplusException
363	*/	363	*/
364	public function alternativeLoginMethods(): array {	364	public function alternativeLoginMethods(): array {
365	$logins = array();	365	$logins = array();
366	if (OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {	366	if (OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {
367	$logins[] = array(	367	$logins[] = array(
368	'oidplus:login_ldap',	368	'oidplus:login_ldap',
369	_L('Login using LDAP / ActiveDirectory'),	369	_L('Login using LDAP / ActiveDirectory'),
370	OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon16.png'	370	OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon16.png'
371	);	371	);
372	}	372	}
373	return $logins;	373	return $logins;
374	}	374	}
375		375
376	/**	376	/**
377	* Implements interface INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_8	377	* Implements interface INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_8
378	* @param string\|null $user	378	* @param string\|null $user
379	* @return array	379	* @return array
380	* @throws OIDplusException	380	* @throws OIDplusException
381	*/	381	*/
382	public function getNotifications(string $user=null): array {	382	public function getNotifications(string $user=null): array {
383	$notifications = array();	383	$notifications = array();
384	if ((!$user \|\| ($user == 'admin')) && OIDplus::authUtils()->isAdminLoggedIn()) {	384	if ((!$user \|\| ($user == 'admin')) && OIDplus::authUtils()->isAdminLoggedIn()) {
385	if (OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {	385	if (OIDplus::baseConfig()->getValue('LDAP_ENABLED', false)) {
386	if (!function_exists('ldap_connect')) {	386	if (!function_exists('ldap_connect')) {
387	$title = _L('LDAP Login');	387	$title = _L('LDAP Login');
388	$notifications[] = new OIDplusNotification('ERR', _L('OIDplus plugin "%1" is enabled, but the required PHP extension "%2" is not installed.', htmlentities($title), 'php_ldap'));	388	$notifications[] = new OIDplusNotification('ERR', _L('OIDplus plugin "%1" is enabled, but the required PHP extension "%2" is not installed.', htmlentities($title), 'php_ldap'));
389	}	389	}
390	}	390	}
391	}	391	}
392	return $notifications;	392	return $notifications;
393	}	393	}
394		394
395	}	395	}
396		396

Subversion Repositories oidplus

oidplus/trunk/plugins/viathinksoft/publicPages/800_login_ldap/OIDplusPagePublicLoginLDAP.class.php – Rev 1206 → 1267