Mega Code Archive

Authentication script to authenticate users in Active Directory through LDAP

<? $server="XXX.XXX.XXX.XXX"; //change to ip address of ldap server $basedn="ou=users, ou=accounts, dc=domain, dc=com"; //change to reflect the ou and domain that your users are in. $script=$_SERVER['SCRIPT_NAME']; if (isset($HTTP_COOKIE_VARS['cookie'])) { //If cookie exists, retrieve it and put it in an array for use. $cookie=$HTTP_COOKIE_VARS['cookie']; } if (isset($cookie)) { $username=$cookie['user']; $password=($cookie['token']); $fullname=$cookie['fullname']; $fqdn=$cookie['fqdn']; $dn = "cn=$username, "; if (!($connect = ldap_connect($server))) { die ("Could not connect to LDAP server"); } if (!($bind = ldap_bind($connect, "$dn" . "$basedn", $password))) { die ("Could not bind to $dn$basedn"); } } else { if ((isset($_POST['username'])) && (isset($_POST['password']))) { $username=$_POST['username']; $password=$_POST['password']; $filter="(&(|(!(displayname=Administrator*))(! (displayname=Admin*)))(cn=$username))"; //define an appropriate ldap search filter to find your users, and filter out accounts such as administrator(administrator should be renamed anyway!). $dn = "cn=$username, "; if (!($connect = ldap_connect($server))) { die ("Could not connect to LDAP server"); } if (!($bind = ldap_bind($connect, "$dn" . "$basedn", $password))) { die ("Could not bind to $dn"); } $sr = ldap_search($connect, $basedn,"$filter"); $info = ldap_get_entries($connect, $sr); $fullname=$info[0]["displayname"][0]; $fqdn=$info[0]["dn"]; setcookie("cookie[user]",$username); setcookie("cookie[token]",$password); setcookie("cookie[fullname]",$fullname); setcookie("cookie[fqdn]", $fqdn); } else { ?> <html> <head> <title>Portal Login</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta http-equiv="expires" content="0"> <meta http-equiv="pragma" content="no-cache"> </head> <SCRIPT LANGUAGE="JavaScript">  </SCRIPT> <div align="center"> <form method="post" action="<? echo $script; ?>"> <div align="center"> <table width="210" border="0" cellspacing="0" cellpadding="0"> <tr> <td align="center"> <fieldset> <Legend><font face="Verdana,Tahoma,Arial,sans-serif" size="1" color="gray">Enter Credentials</font></Legend> <table border="0" cellspacing="3" cellpadding="0"> <tr> <td align="right" valign="middle"><b><font face="Verdana,Tahoma,Arial,sans- serif" size="1" color="gray">Username:</font></td> <td align="center" valign="middle"> <input class="clear" type="text" size="15" name="username"> </td> </tr> <tr> <td align="right" valign="middle"><b><font face="Verdana,Tahoma,Arial,sans- serif" size="1" color="gray">Password:</font></td> <td align="center" valign="middle"> <input class="pass" type="password" size="15" name="password"> </td> </tr> </table> <input type=image src="images/login.gif" alt="Login" name="image"> <br> </div> </td> </tr> </fieldset> </table> <br> <table width="640"><tr><td align="center"> <font face="Verdana,Tahoma,Arial,sans-serif" size="1" color="silver">This System is for the use of authorized users only. Individuals using this computer system without authority, or in excess of their authority, are subject to having their activities on this system monitored and recorded by system personnel. In the course of monitoring individuals improperly using this system, or in the course of system maintenance, the activities of authorized users may also be monitored. Anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals possible criminal activity, system personnel may provide the evidence of such monitoring to law enforcement officals. This warning has been provided by the United States Department of Justice and is intended to ensure that monitoring of user activity is not in violation of the Communications Privacy Act of 1986.</font> </td></tr></table> </div> </form> </div> </body> </html> <? die (); } } ?>