[SUCS Devel] site r630 - branches/sucs-site/lib

[imranh at sucs.org]

Author: imranh
Date: 2015-01-10 19:21:28 +0000 (Sat, 10 Jan 2015)
New Revision: 630

Added:
   branches/sucs-site/lib/ldap-auth.php
Log:
Add a script that checks a username and password combination to see if it's a valid sucs or uni ldap account

Added: branches/sucs-site/lib/ldap-auth.php
===================================================================
--- branches/sucs-site/lib/ldap-auth.php	                        (rev 0)
+++ branches/sucs-site/lib/ldap-auth.php	2015-01-10 19:21:28 UTC (rev 630)
@@ -0,0 +1,87 @@
+<?php
+
+/*
+Written by Imran Hussain ~imranh
+
+Used to auth people, will check SUCS then the uni ldap, will only check
+students on the uni ldap.
+
+will return "sucs" if the username/password passed is a sucs member
+will return "uni" if the user/pass passed has a student swan uni account
+will return "nope" if the user/pass passed is inavlid
+
+Example usage:
+
+include_once("ldap-auth.php");
+
+isAuthd = ldapauth("usaername", "password");
+
+if (isAuthd == "sucs"){
+	//do stuff for sucs auth
+}elseif (isAuthd == "uni"){
+	//do stuff for uni auth
+}else{
+	//do stuff for not authd peeps
+}
+
+*/
+
+// we don't care about warnings, we write our own
+error_reporting(E_ERROR | E_PARSE);
+
+// how to bind
+$sucsBindDn = 'uid=$username,ou=People,dc=sucs,dc=org';
+$lisBindDn1 = 'cn=$username,ou=$lisUsernameOu,ou=students,ou=Swansea,o=swanuni';
+$lisBindDn2 = 'cn=$username,ou=$lisOtherOu,ou=students,ou=Swansea,o=swanuni';
+
+// ldap servers
+$sucsLDAPServer = 'silver.sucs.swan.ac.uk';
+$lisLDAPServer = 'ccs-suld1.swan.ac.uk';
+
+function ldapAuth($username, $password) {
+
+	// lis auth stuffs
+	$lisUsernameOu = substr($username, -1);
+	$lisOtherOu = 'moved';
+
+	// Main auth
+
+	// Try and connect to silver
+	$ldapconnSUCS = ldap_connect($sucsLDAPServer) or die("Could not connect to SUCS LDAP server.");
+
+	if ($ldapconnSUCS) {
+
+		//echo "Connected to $sucsServer <br>";
+
+		// try and bind to sucs ldap
+		$ldapbindSUCS = ldap_bind($ldapconnSUCS, $sucsBindDn, $password);
+		if ($ldapbindSUCS) {
+			//echo "Auth'd as $username using SUCS LDAP<br>";
+			return "sucs";
+		// turns out they didn't give us valid sucs creds, lets try lis now
+		} else {
+
+			// try and connect to the lis ldap server
+			$ldapconnLIS = ldap_connect($lisLDAPServer) or die("Could not connect to uni LDAP server.");
+			//echo "Connected to $lisServer <br>";
+
+			// lets try and bind to the uni ldap
+			$ldapbindLIS1 = ldap_bind($ldapconnLIS, $lisBindDn1, $password);
+			if ($ldapbindLIS1) {
+				//echo "Auth'd as $username using uni LDAP using ou=$lisUsernameOu<br>";
+				return "uni";
+			} else {
+				$ldapbindLIS2 = ldap_bind($ldapconnLIS, $lisBindDn2, $password);
+				if ($ldapbindLIS2) {
+					//echo "Auth'd as $username using uni LDAP using ou=moved<br>";
+					return "uni";
+				// shit, couldn't bind to anything
+				} else {
+					//exit("Invalid Username or Password");
+					return "nope";
+				}
+			}
+		}
+	}
+}
+?>
\ No newline at end of file