Authentication,script,to,authenticate,users,in,Active,Directory,through,LDAP,php

Yavuz 9/1/2016 0

Authentication script to authenticate users in Active Directory through LDAP in PHP

PHP
<? 
$server="XXX.XXX.XXX.XXX";    //change to ip address of ldap server 
$basedn="ou=users, ou=accounts, dc=domain, dc=com";    //change to reflect the ou 
and 
domain that your users are in. 
$script=$_SERVER['SCRIPT_NAME']; 
if (isset($HTTP_COOKIE_VARS['cookie'])) {       //If cookie exists, retrieve it and 
put it in an 
array for use. 
    $cookie=$HTTP_COOKIE_VARS['cookie']; 
    } 
if (isset($cookie)) {                      
    $username=$cookie['user']; 
    $password=($cookie['token']); 
    $fullname=$cookie['fullname']; 
    $fqdn=$cookie['fqdn']; 
    $dn = "cn=$username, "; 
        if (!($connect = ldap_connect($server))) { 
            die ("Could not connect to LDAP server"); 
        } 

        if (!($bind = ldap_bind($connect, "$dn" . "$basedn", $password))) { 
                   die ("Could not bind to $dn$basedn"); 
        } 
    } else { 
        if ((isset($_POST['username'])) && (isset($_POST['password']))) { 
            $username=$_POST['username']; 
            $password=$_POST['password']; 
            $filter="(&(|(!(displayname=Administrator*))(! 
(displayname=Admin*)))(cn=$username))";    //define an appropriate ldap search filter 
to 
find your users, and filter out accounts such as administrator(administrator should 
be 
renamed anyway!). 
            $dn = "cn=$username, "; 
                if (!($connect = ldap_connect($server))) { 
                           die ("Could not connect to LDAP server"); 
                } 

                if (!($bind = ldap_bind($connect, "$dn" . "$basedn", 
$password))) { 
                    die ("Could not bind to $dn"); 
                } 
        $sr = ldap_search($connect, $basedn,"$filter"); 
        $info = ldap_get_entries($connect, $sr); 
        $fullname=$info[0]["displayname"][0]; 
        $fqdn=$info[0]["dn"]; 
        setcookie("cookie[user]",$username); 
        setcookie("cookie[token]",$password); 
        setcookie("cookie[fullname]",$fullname); 
        setcookie("cookie[fqdn]", $fqdn); 
    } else { 
?> 


<html> 
<head> 
<title>Portal Login</title> 
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> 
<meta http-equiv="expires" content="0"> 
<meta http-equiv="pragma" content="no-cache"> 
</head> 
<SCRIPT LANGUAGE="JavaScript"> 
    <!-- 
        document.onmousedown=click; 
        function click() 
        { 
            if (event.button==2) {alert('Right-clicking has been 
disabled by 
the administrator.');} 
        } 
         
    //--> 
    </SCRIPT> 
<div align="center"> 
  <form method="post" action="<? echo $script; ?>"> 
         <div align="center"> 
             
             <table width="210" border="0" cellspacing="0" cellpadding="0"> 
              <tr> 
              <td align="center"> 
              <fieldset> 
                 <Legend><font face="Verdana,Tahoma,Arial,sans-serif" size="1" 
color="gray">Enter Credentials</font></Legend> 
                    <table border="0" cellspacing="3" cellpadding="0"> 
                     <tr> 
                        <td align="right" valign="middle"><b><font 
face="Verdana,Tahoma,Arial,sans- 
serif" size="1" color="gray">Username:</font></td> 
                        <td align="center" valign="middle"> 
                          <input class="clear" type="text" size="15" name="username"> 
                        </td> 
                      </tr> 
                      <tr> 
                        <td align="right" valign="middle"><b><font 
face="Verdana,Tahoma,Arial,sans- 
serif" size="1" color="gray">Password:</font></td> 
                        <td align="center" valign="middle"> 
                          <input class="pass" type="password" size="15" 
name="password"> 
                        </td> 
                      </tr> 
                      </table> 
                    <input type=image src="images/login.gif" alt="Login" 
name="image"> 
                    <br> 
                  </div> 
                </td> 
               </tr> 
           </fieldset>              
             </table> 
             <br> 
             <table width="640"><tr><td align="center"> 
             <font face="Verdana,Tahoma,Arial,sans-serif" size="1" 
color="silver">This System is 
for the use of authorized users only.  Individuals using this computer system 
without 
authority, or in excess of their authority, are subject to having their activities 
on this system 
monitored and recorded by system personnel.  In the course of monitoring individuals 
improperly using this system, or in the course of system maintenance, the activities 
of 
authorized users may also be monitored. Anyone using this system expressly consents 
to 
such monitoring and is advised that if such monitoring reveals possible criminal 
activity, 
system personnel may provide the evidence of such monitoring to law enforcement 
officals. 
This warning has been provided by the United States Department of Justice and is 
intended to 
ensure that monitoring of user activity is not in violation of the Communications 
Privacy Act of 
1986.</font> 
          </td></tr></table> 
             
          </div> 
  </form> 

</div> 
</body> 
</html> 
<? 
die (); 
} 
} 
?>
 

Report Bug

Please Login to Report Bug

Reported Bugs

Comments

Please Login to Comment

Comments