robin.thoni
/
docker-pdns-server
Watch 1
Star 0
Fork 0
Code Issues 4 Pull Requests 0 Releases 8 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
2 Branches
Tree: a628060c97
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a628060c97'
${ noResults }
docker-pdns-server/poweradmin/poweradmin-2.1.7/inc/auth.inc.php

auth.inc.php 13KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313 
  1. <?php

  2. /*  Poweradmin, a friendly web-based admin tool for PowerDNS.

  3.  *  See <http://www.poweradmin.org> for more details.

  4.  *

  5.  *  Copyright 2007-2009  Rejo Zenger <rejo@zenger.nl>

  6.  *  Copyright 2010-2014  Poweradmin Development Team

  7.  *      <http://www.poweradmin.org/credits.html>

  8.  *

  9.  *  This program is free software: you can redistribute it and/or modify

  10.  *  it under the terms of the GNU General Public License as published by

  11.  *  the Free Software Foundation, either version 3 of the License, or

  12.  *  (at your option) any later version.

  13.  *

  14.  *  This program is distributed in the hope that it will be useful,

  15.  *  but WITHOUT ANY WARRANTY; without even the implied warranty of

  16.  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  17.  *  GNU General Public License for more details.

  18.  *

  19.  *  You should have received a copy of the GNU General Public License

  20.  *  along with this program.  If not, see <http://www.gnu.org/licenses/>.

  21.  */

  22. 

  23. /**

  24.  * Authentication functions

  25.  *

  26.  * @package Poweradmin

  27.  * @copyright   2007-2010 Rejo Zenger <rejo@zenger.nl>

  28.  * @copyright   2010-2014 Poweradmin Development Team

  29.  * @license     http://opensource.org/licenses/GPL-3.0 GPL

  30.  */

  31. 

  32. /** Authenticate Session

  33.  *

  34.  * Checks if user is logging in, logging out, or session expired and performs

  35.  * actions accordingly

  36.  *

  37.  * @return null

  38.  */

  39. function doAuthenticate() {

  40.     global $iface_expire;

  41.     global $session_key;

  42.     global $ldap_use;

  43. 

  44.     if (isset($_SESSION['userid']) && isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] == "logout") {

  45.         logout(_('You have logged out.'), 'success');

  46.     }

  47. 

  48.     // If a user had just entered his/her login && password, store them in our session.

  49.     if (isset($_POST["authenticate"])) {

  50.         $_SESSION["userpwd"] = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($session_key), $_POST['password'], MCRYPT_MODE_CBC, md5(md5($session_key))));

  51. 

  52.         $_SESSION["userlogin"] = $_POST["username"];

  53.         $_SESSION["userlang"] = $_POST["userlang"];

  54.     }

  55. 

  56.     // Check if the session hasnt expired yet.

  57.     if ((isset($_SESSION["userid"])) && ($_SESSION["lastmod"] != "") && ((time() - $_SESSION["lastmod"]) > $iface_expire)) {

  58.         logout(_('Session expired, please login again.'), 'error');

  59.     }

  60. 

  61.     // If the session hasn't expired yet, give our session a fresh new timestamp.

  62.     $_SESSION["lastmod"] = time();

  63. 

  64.     if ($ldap_use && userUsesLDAP()) {

  65.         LDAPAuthenticate();

  66.     } else {

  67.         SQLAuthenticate();

  68.     }

  69. }

  70. 

  71. function userUsesLDAP() {

  72.     global $db;

  73. 

  74.     $rowObj = $db->queryRow("SELECT id FROM users WHERE username=" . $db->quote($_SESSION["userlogin"], 'text') . " AND use_ldap=1");

  75.     if ($rowObj) {

  76.         return true;

  77.     }

  78.     return false;

  79. }

  80. 

  81. function LDAPAuthenticate() {

  82.     global $db;

  83.     global $session_key;

  84.     global $ldap_uri;

  85.     global $ldap_debug;

  86.     global $ldap_basedn;

  87.     global $ldap_binddn;

  88.     global $ldap_bindpw;

  89.     global $ldap_proto;

  90.     global $ldap_user_attribute;

  91. 

  92.     if (isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"])) {

  93.         if ($ldap_debug) {

  94.             ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

  95.         }

  96.         $ldapconn = ldap_connect($ldap_uri);

  97.         if (!$ldapconn) {

  98.             if (isset($_POST["authenticate"]))

  99.                 log_error(sprintf('Failed LDAP authentication attempt from [%s] Reason: ldap_connect failed', $_SERVER['REMOTE_ADDR']));

  100.             logout(_('Failed to connect to LDAP server!'), 'error');

  101.             return;

  102.         }

  103. 

  104.         $ldapbind = ldap_bind($ldapconn, $ldap_binddn, $ldap_bindpw);

  105.         ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, $ldap_proto);

  106.         if (!$ldapbind) {

  107.             if (isset($_POST["authenticate"])) 

  108.                 log_error(sprintf('Failed LDAP authentication attempt from [%s] Reason: ldap_bind failed', $_SERVER['REMOTE_ADDR']));

  109.             logout(_('Failed to bind to LDAP server!'), 'error');

  110.             return;

  111.         }

  112. 

  113.         $attributes = array($ldap_user_attribute, 'dn');

  114.         $filter = "(" . $ldap_user_attribute . "=" . $_SESSION["userlogin"] . ")";

  115.         $ldapsearch = ldap_search($ldapconn, $ldap_basedn, $filter, $attributes);

  116.         if (!$ldapsearch) {

  117.             if (isset($_POST["authenticate"]) ) 

  118.                 log_error(sprintf('Failed LDAP authentication attempt from [%s] Reason: ldap_search failed', $_SERVER['REMOTE_ADDR']));

  119.             logout(_('Failed to search LDAP.'), 'error');

  120.             return;

  121.         }

  122. 

  123.         //Checking first that we only found exactly 1 user, get the DN of this user.  We'll use this to perform the actual authentication.

  124.         $entries = ldap_get_entries($ldapconn, $ldapsearch);

  125.         if ($entries["count"] != 1) {

  126.             if (isset($_POST["authenticate"])) {

  127.                 if ($entries["count"] == 0 ){ 

  128.                     log_warn(sprintf('Failed LDAP authentication attempt from [%s] for user \'%s\' Reason: No such user', $_SERVER['REMOTE_ADDR'], $_SESSION["userlogin"])); 

  129.                 } else {

  130.                     log_error(sprintf('Failed LDAP authentication attempt from [%s] for user \'%s\' Reason: Duplicate usernames detected', $_SERVER['REMOTE_ADDR'], $_SESSION["userlogin"]));

  131.                 }

  132.             }

  133.             logout(_('Failed to authenticate against LDAP.'), 'error');

  134.             return;

  135.         }

  136.         $user_dn = $entries[0]["dn"];

  137. 

  138.         $session_pass = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($session_key), base64_decode($_SESSION["userpwd"]), MCRYPT_MODE_CBC, md5(md5($session_key))), "\0");

  139.         $ldapbind = ldap_bind($ldapconn, $user_dn, $session_pass);

  140.         if (!$ldapbind) {

  141.             if (isset($_POST["authenticate"]) ) 

  142.                 log_warn(sprintf('Failed LDAP authentication attempt from [%s] for user \'%s\' Reason: Incorrect password', $_SERVER['REMOTE_ADDR'], $_SESSION["userlogin"]));

  143.             auth(_('LDAP Authentication failed!'), "error");

  144.             return;

  145.         }

  146.         //LDAP AUTH SUCCESSFUL

  147.         //Make sure the user is 'active' and fetch id and name.

  148.         $rowObj = $db->queryRow("SELECT id, fullname FROM users WHERE username=" . $db->quote($_SESSION["userlogin"], 'text') . " AND active=1");

  149.         if (!$rowObj) {

  150.             if (isset($_POST["authenticate"]) )

  151.                 log_warn(sprintf('Failed LDAP authentication attempt from [%s] for user \'%s\' Reason: User is inactive', $_SERVER['REMOTE_ADDR'], $_SESSION["userlogin"]));

  152.             auth(_('LDAP Authentication failed!'), "error");

  153.             return;

  154.         }

  155.         $_SESSION["userid"] = $rowObj["id"];

  156.         $_SESSION["name"] = $rowObj["fullname"];

  157.         $_SESSION["auth_used"] = "ldap";

  158. 

  159.         if (isset($_POST["authenticate"])) {

  160.             log_notice( sprintf('Successful LDAP authentication attempt from [%s] for user \'%s\'', $_SERVER['REMOTE_ADDR'], $_SESSION["userlogin"]) );

  161.             //If a user has just authenticated, redirect him to requested page

  162.             session_write_close();

  163.             $redirect_url = ($_POST["query_string"] ? $_SERVER['SCRIPT_NAME'] . "?" . $_POST["query_string"] : $_SERVER['SCRIPT_NAME']);

  164.             clean_page($redirect_url);

  165.             exit;

  166.         }

  167.     } else {

  168.         //No username and password set, show auth form (again).

  169.         auth();

  170.     }

  171. }

  172. 

  173. function SQLAuthenticate() {

  174.     global $db;

  175.     global $password_encryption;

  176.     global $session_key;

  177. 

  178.     if (isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"])) {

  179.         //Username and password are set, lets try to authenticate.

  180.         $session_pass = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($session_key), base64_decode($_SESSION["userpwd"]), MCRYPT_MODE_CBC, md5(md5($session_key))), "\0");

  181. 

  182.         $rowObj = $db->queryRow("SELECT id, fullname, password FROM users WHERE username=" . $db->quote($_SESSION["userlogin"], 'text') . " AND active=1");

  183. 

  184.         if ($rowObj) {

  185.             if ($password_encryption == 'md5salt') {

  186.                 $session_password = mix_salt(extract_salt($rowObj["password"]), $session_pass);

  187.             } else {

  188.                 $session_password = md5($session_pass);

  189.             }

  190. 

  191.             if ($session_password == $rowObj["password"]) {

  192. 

  193.                 $_SESSION["userid"] = $rowObj["id"];

  194.                 $_SESSION["name"] = $rowObj["fullname"];

  195.                 $_SESSION["auth_used"] = "internal";

  196. 

  197.                 if (isset($_POST["authenticate"])) {

  198.                     log_notice(sprintf('Successful authentication attempt from [%s] for user \'%s\'', $_SERVER['REMOTE_ADDR'], $_SESSION["userlogin"]));

  199.                     //If a user has just authenticated, redirect him to requested page

  200.                     session_write_close();

  201.                     $redirect_url = ($_POST["query_string"] ? $_SERVER['SCRIPT_NAME'] . "?" . $_POST["query_string"] : $_SERVER['SCRIPT_NAME']);

  202.                     clean_page($redirect_url);

  203.                     exit;

  204.                 }

  205.             } else if (isset($_POST['authenticate'])) {

  206. //				auth( _('Authentication failed! - <a href="reset_password.php">(forgot password)</a>'),"error");

  207.                 auth(_('Authentication failed!'), "error");

  208.             } else {

  209.                 auth();

  210.             }

  211.         } else if (isset($_POST['authenticate'])) {

  212.             log_warn(sprintf('Failed authentication attempt from [%s]', $_SERVER['REMOTE_ADDR']));

  213. 

  214.             //Authentication failed, retry.

  215. //			auth( _('Authentication failed! - <a href="reset_password.php">(forgot password)</a>'),"error");

  216.             auth(_('Authentication failed!'), "error");

  217.         } else {

  218.             unset($_SESSION["userpwd"]);

  219.             unset($_SESSION["userlogin"]);

  220.             auth();

  221.         }

  222.     } else {

  223.         //No username and password set, show auth form (again).

  224.         auth();

  225.     }

  226. }

  227. 

  228. /** Print the login form

  229.  *

  230.  * @param string $msg Error Message

  231.  * @param string $type Message type [default='success', 'error']

  232.  *

  233.  * @return null

  234.  */

  235. function auth($msg = "", $type = "success") {

  236.     include_once('inc/header.inc.php');

  237.     include('inc/config.inc.php');

  238. 

  239.     if ($msg) {

  240.         print "<div class=\"$type\">$msg</div>\n";

  241.     }

  242.     ?>

  243.     <h2><?php echo _('Log in'); ?></h2>

  244.     <form method="post" action="<?php echo htmlentities($_SERVER["PHP_SELF"], ENT_QUOTES); ?>">

  245.         <input type="hidden" name="query_string" value="<?php echo htmlentities($_SERVER["QUERY_STRING"]); ?>">

  246.         <table border="0">

  247.             <tr>

  248.                 <td class="n" width="100"><?php echo _('Username'); ?>:</td>

  249.                 <td class="n"><input type="text" class="input" name="username" id="username"></td>

  250.             </tr>

  251.             <tr>

  252.                 <td class="n"><?php echo _('Password'); ?>:</td>

  253.                 <td class="n"><input type="password" class="input" name="password"></td>

  254.             </tr>

  255.             <tr>

  256.                 <td class="n"><?php echo _('Language'); ?>:</td>

  257.                 <td class="n">

  258.                     <select class="input" name="userlang">

  259.                         <?php

  260.                         // List available languages (sorted alphabetically)

  261.                         include_once('inc/countrycodes.inc.php');

  262.                         $locales = scandir('locale/');

  263.                         foreach ($locales as $locale) {

  264.                             if (strlen($locale) == 5) {

  265.                                 $locales_fullname[$locale] = $countrycodes[substr($locale, 0, 2)];

  266.                             }

  267.                         }

  268.                         asort($locales_fullname);

  269.                         foreach ($locales_fullname as $locale => $language) {

  270.                             if ($locale == $iface_lang) {

  271.                                 echo _('<option selected value="' . $locale . '">' . $language);

  272.                             } else {

  273.                                 echo _('<option value="' . $locale . '">' . $language);

  274.                             }

  275.                         }

  276.                         ?>

  277.                     </select>

  278.                 </td>

  279.             </tr>

  280.             <tr>

  281.                 <td class="n">&nbsp;</td>

  282.                 <td class="n">

  283.                     <input type="submit" name="authenticate" class="button" value=" <?php echo _('Go'); ?> ">

  284.                 </td>

  285.             </tr>

  286.         </table>

  287.     </form>

  288.     <script type="text/javascript">

  289.         <!--

  290.       document.getElementById('username').focus();

  291.     //-->

  292.     </script>

  293.     <?php

  294.     include_once('inc/footer.inc.php');

  295.     exit;

  296. }

  297. 

  298. /** Logout the user

  299.  *

  300.  * Logout the user and kickback to login form

  301.  *

  302.  * @param string $msg Error Message

  303.  * @param string $type Message type [default='']

  304.  *

  305.  * @return null

  306.  */

  307. function logout($msg = "", $type = "") {

  308.     session_unset();

  309.     session_destroy();

  310.     session_write_close();

  311.     auth($msg, $type);

  312.     exit;

  313. }