Adding "Quick & Dirty" AD (Windows Active Directory) authentification

[bohnelang]

I add a q&d authentification against our AD. First time users had to check-in twice. Would be nice to have a hook for other authentification targets.

function log_user($login_donne,$pass_donne){

		function check_user_in_ad($username, $password, $domain, $base_dn=""){

        		$options_ad["domain_controllers"]       = gethostbynamel($domain)[0];
        		$options_ad["account_suffix"]           = "@$domain";
        		$options_ad["base_dn"] = "";
        		if( empty( $base_dn)){
                		foreach(explode(".",$domain) as $val){ $options_ad["base_dn"] .= "dc=$val,";}
                		$options_ad["base_dn"]= substr($options_ad["base_dn"],0,-1);
        		} else {
                		$options_ad["base_dn"] = $base_dn;
        		}

        		$ad_rec=array();

        		$ds=ldap_connect($options_ad["domain_controllers"]);
        		if($ds) {
                		ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
                		ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);

                		$bind=ldap_bind($ds, $username . $options_ad["account_suffix"], $password);

                		if($bind){
                        		$result  = ldap_search($ds,$options_ad["base_dn"],"(SAMAccountName=$username)");
                        		$data = ldap_get_entries($ds, $result);
                        		ldap_close($ds);
                        		return true;
                		} else {
                        		ldap_close($ds);                                  // Verbindung schließen
                        		return false;
                		}
        		}

		}


		# create session vars
		$save=false;
		global $auto_restrict,$default_language;
		if (empty($default_language)){$default_language='en';}
	
		if(check_user_in_ad($login_donne,$pass_donne,"med.ad.uni-heaven.de") ){
                        $usernew = true;
                        foreach ($auto_restrict['users'] as $key=>$user){
                                if ( $user['login']===$login_donne){
                                        $auto_restrict['users'][$key]['pass'] = hash('sha512', $user["salt"].$pass_donne);
					save_users();
                                        $usernew = false;
                                }
                        }
                        if( $usernew ) {
		                $auto_restrict['users'][$login_donne]['login'] = $login_donne;
                		$auto_restrict['users'][$login_donne]['encryption_key'] = md5(uniqid('', true));
                		$auto_restrict['users'][$login_donne]['salt'] = generate_salt(512);
                		$auto_restrict['users'][$login_donne]['lang'] = conf('language');
                		$auto_restrict['users'][$login_donne]['status'] = 'user';
                		$auto_restrict['users'][$login_donne]['pass'] = hash('sha512', $auto_restrict['users'][$login_donne]['salt'].$pass_donne);
                                save_users();
                        }

                }

	
		foreach ($auto_restrict['users'] as $key=>$user){
			if ($user['login']===$login_donne && $user['pass']===hash('sha512', $user["salt"].$pass_donne)){				
				$_SESSION['id_user']=chiffre(id_user(),$user['encryption_key']);
				$_SESSION['login']=$user['login'];	
				$_SESSION['expire']=time()+(60*$auto_restrict['session_expiration_delay']);	
				$admin=first($auto_restrict['users']);
				$_SESSION['status']=$user['status'];
				conf('language',$user['lang']);
				if ($save){save_users();}
				return true;
			}
		}
		if ($login_donne=='dis'&&$pass_donne=='connect'){
		exit_redirect();} 
		return false;
	}