1 files changed, 203 insertions, 203 deletions
diff --git a/endpoints/lib/auth/ActiveDirectory.php b/endpoints/lib/auth/ActiveDirectory.php
index ce8c4df..cc227dd 100644
--- a/endpoints/lib/auth/ActiveDirectory.php
+++ b/endpoints/lib/auth/ActiveDirectory.php
@@ -1,203 +1,203 @@
-<?php
-/*
- * $Id: ActiveDirectory.php 501 2013-07-11 17:44:37Z imooreyahoo@gmail.com $
-* Experimental!
-*/
-class phpvbAuthActiveDirectory implements phpvbAuth {
-
-	var $capabilities = array(
-		'canChangePassword' => false,
-		'canLogout' => true
-	);
-
-	var $config = array(
-		'host' => '127.0.0.1',
-		'admin_group' => null,
-		'adminUser' => null,
-		'user_group' => null,
-		'container' => 'CN=Users',
-		'domain' =>   'internal.local',
-		'filter' => '(&(objectclass=User)(objectCategory=Person))'
-	);
-
-	/**
-	 * Constructor
-	 * @param array $userConfig - user configuration for this module
-	 */
-	function phpvbAuthActiveDirectory($userConfig = null) {
-		// Merge user config
-		if($userConfig) {
-			$this->config = array_merge($this->config,$userConfig);
-		}		
-	}
-
-	/**
-	 * Test log in and set $_SESSION vars
-	 * @param string $username
-	 * @param string $password
-	 * @see phpvbAuth::login()
-	 */
-	function login($username, $password)
-	{
-		global $_SESSION;
-
-
-		/*
-		 * Check for LDAP functionality and provide some direction
-		 */
-		if(!function_exists('ldap_connect')) {
-
-			$ex = 'LDAP support is not enabled in your PHP configuration.';
-
-			if(strtolower(substr(PHP_OS, 0, 3)) == 'win') {
-
-				ob_start();
-				phpinfo(INFO_GENERAL);
-				$phpinfo = ob_get_contents();
-				ob_end_clean();
-				preg_match('/Loaded Configuration File <\/td><td.*?>(.*?)\s*</', $phpinfo, $phpinfo);
-
-				$ex .= ' You probably just need to uncomment the line ;extension=php_ldap.dll in php.ini'.
-						(count($phpinfo) > 1 ? ' (' .trim($phpinfo[1]).')' : '') . ' by removing the ";" and restart your web server.';
-
-			} else if(strtolower(substr(PHP_OS, 0, 5)) == 'Linux') {
-
-				$ex .= ' You probably need to install the php5-ldap (or similar depending on your distribution) package and restart your web server.';
-					
-			}
-			throw new Exception($ex);
-		}
-
-		$_SESSION['valid'] = false;
-
-		// Connect to server
-		if(!($auth = ldap_connect($this->config['host']))) {
-			throw new Exception('Active Directory error ('.ldap_errno($auth).') ' . ldap_error($auth));
-		}
-
-		// Set relevant LDAP options
-		ldap_set_option($auth,LDAP_OPT_PROTOCOL_VERSION, 3);
-		
-
-		// Main login /bind
-		if(!($bind = @ldap_bind($auth, $username . "@" .$this->config['domain'], $password))) {
-			if(ldap_errno($auth) == 49) return false;
-			throw new Exception('Active Directory error ('.ldap_errno($auth).') ' . ldap_error($auth));
-		}
-		
-		
-		// Get user information from AD
-		////////////////////////////////////
-		
-		
-		// Set filter and sanitize username before sending it to AD
-		$filter = "(sAMAccountName=" .
-			str_replace(array(',','=','+','<','>',';','\\','"','#','(',')','*',chr(0)), '', $username) . ")";
-		if($this->config['filter'] && false) {
-			$filter = '(&'. $this->config['filter'] .' ('. $filter .'))';
-		}
-		
-		$result = @ldap_search($auth,
-				$this->config['container'] . ',DC=' . join(',DC=', explode('.', $this->config['domain'])),
-				$filter, array("memberof","useraccountcontrol"));
-
-		if(!result) throw new Exception ("Unable to search Active Directory server: " . ldap_error($auth));
-		@list($entries) = @ldap_get_entries($auth, $result);
-		@ldap_unbind($auth);
-		if(!$entries) {
-			throw new Exception("Permission denied");
-		}
-		
-		
-		// Check for disabled user
-		if((intval($entries['useraccountcontrol'][0]) & 2)) {
-			throw new Exception('This account is disabled in Active Directory.');
-		}
-
-		// check for valid admin group
-		if($this->config['admin_group']) {
-			foreach($entries['memberof'] as $group) {
-				list($group) = explode(',', $group);
-				if(strtolower($group) == strtolower('cn='.$this->config['admin_group'])) {
-					$_SESSION['admin'] = $_SESSION['valid'] = true;
-					break;
-				}
-			}
-		}
-		
-		// Admin user explicitly set?
-		if(!$_SESSION['admin'] && $this->config['adminUser']) {
-			$_SESSION['admin'] = (strtolower($this->config['adminUser']) == strtolower($username));
-			// Admin is ok
-			$_SESSION['valid'] = ($_SESSION['admin'] || $_SESSION['valid']);
-		}
-
-		// check for valid user group
-		if($this->config['user_group'] && !$_SESSION['valid']) {
-			foreach($entries['memberof'] as $group) {
-				list($group) = explode(',', $group);
-				if(strtolower($group) == strtolower('cn='.$this->config['user_group'])) {
-					$_SESSION['valid'] = true;
-					break;
-				}
-			}
-		} else {
-			$_SESSION['valid'] = true;
-		}
-		
-		if(!$_SESSION['valid'])
-			throw new Exception("Permission denied");
-
-		// Admin user explicitly set?
-		if(!$_SESSION['admin'] && $this->config['adminUser']) {
-			$_SESSION['admin'] = (strtolower($this->config['adminUser']) == strtolower($username));
-		}
-
-		// No admin information specified makes everyone an admin
-		if(!$this->config['adminUser'] && !$this->config['admin_group'])
-			$_SESSION['admin'] = true;
-		
-		// user has permission. establish session variables
-		$_SESSION['user'] = $username;
-		$_SESSION['authCheckHeartbeat'] = time();
-
-		
-		return true;
-		
-	}
-
-	function heartbeat($vbox)
-	{
-		global $_SESSION;
-
-		$_SESSION['valid'] = true;
-		$_SESSION['authCheckHeartbeat'] = time();
-	}
-
-	function changePassword($old, $new)
-	{
-	}
-
-	function logout(&$response)
-	{
-		global $_SESSION;
-		if(function_exists('session_destroy')) session_destroy();
-		else unset($_SESSION['valid']);
-		$response['data']['result'] = 1;
-	}
-
-	function listUsers()
-	{
-
-	}
-
-	function updateUser($vboxRequest, $skipExistCheck)
-	{
-
-	}
-
-	function deleteUser($user)
-	{
-
-	}
-}
+<?php
+/*
+ * $Id: ActiveDirectory.php 501 2013-07-11 17:44:37Z imooreyahoo@gmail.com $
+* Experimental!
+*/
+class phpvbAuthActiveDirectory implements phpvbAuth {
+
+	var $capabilities = array(
+		'canChangePassword' => false,
+		'canLogout' => true
+	);
+
+	var $config = array(
+		'host' => '127.0.0.1',
+		'admin_group' => null,
+		'adminUser' => null,
+		'user_group' => null,
+		'container' => 'CN=Users',
+		'domain' =>   'internal.local',
+		'filter' => '(&(objectclass=User)(objectCategory=Person))'
+	);
+
+	/**
+	 * Constructor
+	 * @param array $userConfig - user configuration for this module
+	 */
+	function phpvbAuthActiveDirectory($userConfig = null) {
+		// Merge user config
+		if($userConfig) {
+			$this->config = array_merge($this->config,$userConfig);
+		}		
+	}
+
+	/**
+	 * Test log in and set $_SESSION vars
+	 * @param string $username
+	 * @param string $password
+	 * @see phpvbAuth::login()
+	 */
+	function login($username, $password)
+	{
+		global $_SESSION;
+
+
+		/*
+		 * Check for LDAP functionality and provide some direction
+		 */
+		if(!function_exists('ldap_connect')) {
+
+			$ex = 'LDAP support is not enabled in your PHP configuration.';
+
+			if(strtolower(substr(PHP_OS, 0, 3)) == 'win') {
+
+				ob_start();
+				phpinfo(INFO_GENERAL);
+				$phpinfo = ob_get_contents();
+				ob_end_clean();
+				preg_match('/Loaded Configuration File <\/td><td.*?>(.*?)\s*</', $phpinfo, $phpinfo);
+
+				$ex .= ' You probably just need to uncomment the line ;extension=php_ldap.dll in php.ini'.
+						(count($phpinfo) > 1 ? ' (' .trim($phpinfo[1]).')' : '') . ' by removing the ";" and restart your web server.';
+
+			} else if(strtolower(substr(PHP_OS, 0, 5)) == 'Linux') {
+
+				$ex .= ' You probably need to install the php5-ldap (or similar depending on your distribution) package and restart your web server.';
+					
+			}
+			throw new Exception($ex);
+		}
+
+		$_SESSION['valid'] = false;
+
+		// Connect to server
+		if(!($auth = ldap_connect($this->config['host']))) {
+			throw new Exception('Active Directory error ('.ldap_errno($auth).') ' . ldap_error($auth));
+		}
+
+		// Set relevant LDAP options
+		ldap_set_option($auth,LDAP_OPT_PROTOCOL_VERSION, 3);
+		
+
+		// Main login /bind
+		if(!($bind = @ldap_bind($auth, $username . "@" .$this->config['domain'], $password))) {
+			if(ldap_errno($auth) == 49) return false;
+			throw new Exception('Active Directory error ('.ldap_errno($auth).') ' . ldap_error($auth));
+		}
+		
+		
+		// Get user information from AD
+		////////////////////////////////////
+		
+		
+		// Set filter and sanitize username before sending it to AD
+		$filter = "(sAMAccountName=" .
+			str_replace(array(',','=','+','<','>',';','\\','"','#','(',')','*',chr(0)), '', $username) . ")";
+		if($this->config['filter'] && false) {
+			$filter = '(&'. $this->config['filter'] .' ('. $filter .'))';
+		}
+		
+		$result = @ldap_search($auth,
+				$this->config['container'] . ',DC=' . join(',DC=', explode('.', $this->config['domain'])),
+				$filter, array("memberof","useraccountcontrol"));
+
+		if(!result) throw new Exception ("Unable to search Active Directory server: " . ldap_error($auth));
+		@list($entries) = @ldap_get_entries($auth, $result);
+		@ldap_unbind($auth);
+		if(!$entries) {
+			throw new Exception("Permission denied");
+		}
+		
+		
+		// Check for disabled user
+		if((intval($entries['useraccountcontrol'][0]) & 2)) {
+			throw new Exception('This account is disabled in Active Directory.');
+		}
+
+		// check for valid admin group
+		if($this->config['admin_group']) {
+			foreach($entries['memberof'] as $group) {
+				list($group) = explode(',', $group);
+				if(strtolower($group) == strtolower('cn='.$this->config['admin_group'])) {
+					$_SESSION['admin'] = $_SESSION['valid'] = true;
+					break;
+				}
+			}
+		}
+		
+		// Admin user explicitly set?
+		if(!$_SESSION['admin'] && $this->config['adminUser']) {
+			$_SESSION['admin'] = (strtolower($this->config['adminUser']) == strtolower($username));
+			// Admin is ok
+			$_SESSION['valid'] = ($_SESSION['admin'] || $_SESSION['valid']);
+		}
+
+		// check for valid user group
+		if($this->config['user_group'] && !$_SESSION['valid']) {
+			foreach($entries['memberof'] as $group) {
+				list($group) = explode(',', $group);
+				if(strtolower($group) == strtolower('cn='.$this->config['user_group'])) {
+					$_SESSION['valid'] = true;
+					break;
+				}
+			}
+		} else {
+			$_SESSION['valid'] = true;
+		}
+		
+		if(!$_SESSION['valid'])
+			throw new Exception("Permission denied");
+
+		// Admin user explicitly set?
+		if(!$_SESSION['admin'] && $this->config['adminUser']) {
+			$_SESSION['admin'] = (strtolower($this->config['adminUser']) == strtolower($username));
+		}
+
+		// No admin information specified makes everyone an admin
+		if(!$this->config['adminUser'] && !$this->config['admin_group'])
+			$_SESSION['admin'] = true;
+		
+		// user has permission. establish session variables
+		$_SESSION['user'] = $username;
+		$_SESSION['authCheckHeartbeat'] = time();
+
+		
+		return true;
+		
+	}
+
+	function heartbeat($vbox)
+	{
+		global $_SESSION;
+
+		$_SESSION['valid'] = true;
+		$_SESSION['authCheckHeartbeat'] = time();
+	}
+
+	function changePassword($old, $new)
+	{
+	}
+
+	function logout(&$response)
+	{
+		global $_SESSION;
+		if(function_exists('session_destroy')) session_destroy();
+		else unset($_SESSION['valid']);
+		$response['data']['result'] = 1;
+	}
+
+	function listUsers()
+	{
+
+	}
+
+	function updateUser($vboxRequest, $skipExistCheck)
+	{
+
+	}
+
+	function deleteUser($user)
+	{
+
+	}
+}