|
PHP - Ldap (active Directory) And Login To Php/mysql Based Application Help
I am new to PHP. I have been trying to do some research online for a few days and not getting very far. I feel like I know less now than I did before I started.
Here's the story: I've set up a LAMP server that runs a Wiki and AppGini (http://www.bigprof.com/appgini/) - AppGini allows you to "Create web database applications instantly without writing any code" - The only downside we have with it, is it's got it's own set of user accounts. My team all logs in with the default admin account which isn't a big deal but we'd prefer to use LDAP to AD for reasons I won't get into right now. I emailed AppGini support and asked about LDAP integration. Their response was that it's "a little bit of work" and "You can modify the login authentication function to authenticate using LDAP ... please see the example code he http://code.activestate.com/recipes/101525-ldap-authentication/ (needs some modifications to work with AppGini)" I've googled around and found 2 dozen different LDAP PHP samples. I've gotten some of them to work. By work I mean they connect to my domain controller and say "success" I'm not actually logged into anything. So I'm looking for a little help from square one. I need to have a better understanding of how things are supposed to work so I know where I'm supposed to go with all of this. Where do I start? What do I do? What would YOU do? This is the current "index.php" that logs you into the site. Code: [Select] <?php error_reporting(E_ALL ^ E_NOTICE); $d=dirname(__FILE__); include("$d/defaultLang.php"); include("$d/language.php"); include("$d/incCommon.php"); $x->TableTitle=$Translation['homepage']; include("$d/header.php"); if($_GET['signOut']==1){ logOutMember(); } $tablesPerRow=2; $arrTables=getTableList(); ?> <div align="center"><table cellpadding="8"> <?php if($_GET['loginFailed']==1 || $_GET['signIn']==1){ ?> <tr><td colspan="2" align="center"> <?php if($_GET['loginFailed']){ ?> <div class="Error"><?php echo $Translation['login failed']; ?></div> <?php } ?> <form method="post" action="index.php"> <table border="0" cellspacing="1" cellpadding="4" align="center"> <tr> <td colspan="2" class="TableHeader"> <div class="TableTitle"><?php echo $Translation['sign in here']; ?></div> </td> </tr> <tr> <td align="right" class="TableHeader"> <?php echo $Translation['username']; ?> </td> <td align="left" class="TableBody"> <input type="text" name="username" value="" size="20" class="TextBox"> </td> </tr> <tr> <td align="right" class="TableHeader"> <?php echo $Translation['password']; ?> </td> <td align="left" class="TableBody"> <input type="password" name="password" value="" size="20"class="TextBox"> </td> </tr> <tr> <td colspan="2" align="right" class="TableHeader"> <span style="margin: 0 20px;"><input type="checkbox" name="rememberMe" id="rememberMe" value="1"> <label for="rememberMe"><?php echo $Translation['remember me']; ?></label></span> <input type="submit" name="signIn" value="<?php echo $Translation['sign in']; ?>"> </td> </tr> <tr> <td colspan="2" align="left" class="TableHeader"> <?php echo $Translation['go to signup']; ?> <br /><br /> </td> </tr> <tr> <td colspan="2" align="left" class="TableHeader"> <?php echo $Translation['forgot password']; ?> <br /><br /> </td> </tr> <tr> <td colspan="2" align="left" class="TableHeader"> <?php echo $Translation['browse as guest']; ?> <br /><br /> </td> </tr> </table> </form> <script>document.getElementsByName('username')[0].focus();</script> </td></tr> <?php } ?> <?php if(!$_GET['signIn'] && !$_GET['loginFailed']){ if(is_array($arrTables)){ if(getLoggedAdmin()){ ?><tr><td colspan="<?php echo ($tablesPerRow*3-1); ?>" class="TableTitle" style="text-align: center;"><a href="admin/"><img src=table.gif border=0 align="top"></a> <a href="admin/" class="TableTitle" style="color: red;"><?php echo $Translation['admin area']; ?></a><br /><br /></td></tr><?php } $i=0; foreach($arrTables as $tn=>$tc){ $tChk=array_search($tn, array()); if($tChk!==false && $tChk!==null){ $searchFirst='?Filter_x=1'; }else{ $searchFirst=''; } if(!$i % $tablesPerRow){ echo '<tr>'; } ?><td valign="top"><a href=<?php echo $tn; ?>_view.php<?php echo $searchFirst; ?>><img src=<?php echo $tc[2];?> border=0></a></td><td valign="top" align="left"><a href=<?php echo $tn; ?>_view.php<?php echo $searchFirst; ?> class="TableTitle"><?php echo $tc[0]; ?></a><br /><?php echo $tc[1]; ?></td><?php if($i % $tablesPerRow == ($tablesPerRow - 1)){ echo '</tr>'; }else{ echo '<td width="50"> </td>'; } $i++; } }else{ ?><tr><td><div class="Error"><?php echo $Translation['no table access']; ?><script language="javaScript">setInterval("window.location='index.php?signOut=1'", 2000);</script></div></td></tr><?php } } ?> </table><br /><br /><div class="TableFooter"><b><a href=http://bigprof.com/appgini/>BigProf Software</a> - <?php echo $Translation['powered by']; ?> AppGini 4.61</b></div> </div> </html> Similar TutorialsHi, I need a small help. Here is my situation. I am using a MVC application (e.g. Joomla or Drupal) which has a .htaccess redirect rule that all requests are passed through index.php file. That's normal and this is my main application. Now I installed another application within the application folder structure. What I want do do here is to allow opening the third party application URLs after one logged into my main application. Can anybody provide me some pointers to do the same? Please let me know if you need any further information on this. Any solution irrespective of framework will work. Thanks! Anupam Hello everyone, I'm new to PHP and I have a question about a PHP Login page using LDAP. I have received a project from my boss. A project to digitizing a form. Well having that part done, my boss said to make login page that uses LDAP. A page that using the username and password from the AD to login and redirected to a different page. So that the person doesn't have to remember different usernames and passwords. Is there a simple script, doing this? Kind regards, Rinse Ringma ( Don't mind my bad English ) I have an application that uses the PHP LDAP library to connect to the Windows Active Directory:
$ds = ldap_connect($ini['ad_server']) or die("Could not connect");
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); I am wondering if anyone knows if this upcoming patch "2020 LDAP channel binding and LDAP signing" coming from Microsoft will break any PHP applications that are using this ldap library. Thanks in advance,
M Sorry if i posted this in the wrong place but i dident see anthing about Active Directory or Security Questions
But has anyone used Active Directory as their User Database? Has anyone even tryed braking Active Directory with injection attacks?
Notes that i have found so far:
Php Sends to CMD first so encode userdata in base64 as a transport layer
$rand is a random number to prevent users from useing Success: as a ligitimate user
You will need to clean up the many many spaces that powershell sends back as it is a concole
Special Charicters dont need to be escaped
I am using
Win 2008 RC2
Apache
PHP (of course)
Powershell
Active Directory
PHP Script
$psScriptPath = 'C:/Apache/PSScripts/' //Path outside Website Root
$rand = mt_rand(mt_getrandmax(),mt_getrandmax());
//UTF-8 Standard only
$username = utf8_decode($_POST["username"]);
$password = utf8_decode($_POST["password"]);
$base64_username = base64_encode($username); //Transport Layer Base64
$base64_password = base64_encode($password); //Transport Layer Base64
//The danger happens here as it is sent to powershell.
$query = shell_exec('powershell.exe -ExecutionPolicy ByPass -command "' . $psScriptPath . '" < NUL -rand "' . $rand . '" < NUL -base64_username "' . $base64_username . '" < NUL -base64_password "' . $base64_password . '" < NUL');// Execute the PowerShell script, passing the parameters
Powershell Script
#*=============================================================================
#* Script Name: adpwchange2014.ps1
#* Created: 2014-10-07
#* Author:
#* Purpose: This is a simple script that queries AD users.
#* Reference Website: http://theboywonder.co.uk/2012/07/29/executing-powershell-using-php-and-iis/
#*
#*=============================================================================
#*=============================================================================
#* PARAMETER DECLARATION
#*=============================================================================
param(
[string]$base64_username,
[string]$base64_password,
[string]$rand
)
#*=============================================================================
#* IMPORT LIBRARIES
#*=============================================================================
if ((Get-Module | where {$_.Name -match "ActiveDirectory"}) -eq $null){
#Loading module
Write-Host "Loading module AcitveDirectory..."
Import-Module ActiveDirectory
}else{
write-output "Error: Please install ActiveDirectory Module"
EXIT
NUL
Stop-Process -processname powershell*
}
#*=============================================================================
#* PARAMETERS
#*=============================================================================
$username = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_username))
$password = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_password))
#*=============================================================================
#* INITIALISE VARIABLES
#*=============================================================================
# Increase buffer width/height to avoid PowerShell from wrapping the text before
# sending it back to PHP (this results in weird spaces).
$pshost = Get-Host
$pswindow = $pshost.ui.rawui
$newsize = $pswindow.buffersize
$newsize.height = 1000
$newsize.width = 300
$pswindow.buffersize = $newsize
#*=============================================================================
#* EXCEPTION HANDLER
#*=============================================================================
#*=============================================================================
#* FUNCTION LISTINGS
#*=============================================================================
Function Test-ADAuthentication {
Param($Auth_User, $Auth_Pass)
Write-Output "Running Function Test-ADAuthenication"
$domain = $env:USERDOMAIN
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$pc = New-Object System.DirectoryServices.AccountManagement.PrincipalContext($ct, $domain)
$pc.ValidateCredentials($Auth_User, $Auth_Pass).ToString()
}
#*=============================================================================
#* SCRIPT BODY
#*=============================================================================
Write-Output $PSVersionTable
Write-Output " "
$authentication = Test-ADAuthentication "$username" "$password"
if ($authentication -eq $TRUE) {
Write-Output "Success:$rand Authentication"
}elseif ($authentication -eq $FALSE) {
Write-Output "Failed:$rand Authentication"
}else {
Write-Output "Error: EOS"
EXIT
NUL
Stop-Process -processname powershell*
}
#*=============================================================================
#* SCRIPT Exit
#*=============================================================================
Write-Output "End Of Script"
EXIT
NUL
Stop-Process -processname powershell*
Hi... I am pretty new to ldap and active directory I am creating a site and want to use Active Directory users as the login to the site. This would be the best way to allow everyone to the site and keep the users and passwords up to date. How do you use PHP to talk with Active Directory to do this login? I have read things about LDAP. Do you have to have that? If so, how do you get that to work? and how to configure ldap and where to configure ldap is it server or in my local system. Please give me an idea how to configure n how to integrate active directory Hello there, I'm quite new on PHP language.I'm trying to make an simple Phone book apps.I added insert & show options in Phone book.Now i want to add "update & delete" option.How can i do that. This is add code: Code: [Select] <?php mysql_connect("localhost","admin",""); mysql_select_db("simphp"); //Get Values from form $name=$_POST['name']; $email=$_POST['email']; $number=$_POST['number']; mysql_query("insert into phonebook(name,email,number) values('$name','$email','$number')"); echo"Saved Sucessfully"; echo "<br/>"; echo '<a href="index.php/">Homepage</a>'; echo "<br/>"; echo '<a href="select.php/">Show Data</a>'; echo "<br/>"; echo '<a href=update.php>Update</a>'; mysql_close(); ?>Show.php=>> Code: [Select] <?php mysql_connect("localhost","admin",""); mysql_select_db("simphp"); $query="select *from phonebook"; $result=mysql_query($query); $num=mysql_numrows($result); echo"Number of records Stored:$num"; $i=0; while($i<$num) { $name=mysql_result($result,$i,"Name"); $email=mysql_result($result,$i,"Email"); $number=mysql_result($result,$i,"number"); echo "<br/>"; echo "Name :<b> $name </b><br/>"; echo "<br/>"; echo "Email : <b>$email</b> <br/>"; echo "<br/>"; echo "Phone :<b>$number</b><br/>"; echo '<a href=update.php>Update</a>'; $i++; } ?> How can i update and delete data?? :confused:help me Hello, I am slightly nervous about posting this because I am almost completely new to php, I have a few introductory books on the subject which I am working through at the moment as well as some reference books but I am still getting through the basics of it all. I recently downloaded a login script, which allows a user to login and also allows the protection of some pages if users are not logged in. This script was a free one from easykiss123. it comes with other .php files and I have given them all a look over and I get the general idea of what's going on for the most part, and I THINK as I keep reading my books I will understand everything even more. However, what I really want to do right now is make it so a website would know which user is logged on, and then use this information elsewhere. For example if a particular user logged on and submitted something, I would like obviously the submission to be recorded but also the id of the user that submitted it, at the moment with this code, I do not think that is possible, however I could be wrong. I am looking for any pointers or a nudge in the right direction or link to a tutorial of how I would go about this, anything that may help. I think I would be storing the user ID in a global variable that can be used throughout the site, but again I am not sure. Thanks in advance for any help, I have included both the login script and the script used for protecting pages, as its already freely available online I see no issue with posting snippits of it here since the source has been referenced. Code: [Select] <?php # Script 16.8 - login.php // This is the login page for the site. require_once ('includes/config.inc.php'); $page_title = 'Login'; include ('includes/header.html'); if (isset($_POST['submitted'])) { require_once (MYSQL); // Validate the email address: if (!empty($_POST['email'])) { $e = mysqli_real_escape_string ($dbc, $_POST['email']); } else { $e = FALSE; echo '<p class="error">You forgot to enter your email address!</p>'; } // Validate the password: if (!empty($_POST['pass'])) { $p = mysqli_real_escape_string ($dbc, $_POST['pass']); } else { $p = FALSE; echo '<p class="error">You forgot to enter your password!</p>'; } if ($e && $p) { // If everything's OK. // Query the database: $q = "SELECT user_id, first_name, user_level FROM users WHERE (email='$e' AND pass=SHA1('$p')) AND active IS NULL"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); if (@mysqli_num_rows($r) == 1) { // A match was made. // Register the values & redirect: $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); mysqli_free_result($r); mysqli_close($dbc); $url = BASE_URL . 'index.php'; // Define the URL: ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } else { // No match was made. echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>'; } } else { // If everything wasn't OK. echo '<p class="error">Please try again.</p>'; } mysqli_close($dbc); } // End of SUBMIT conditional. ?> <h1>Login</h1> <p>Your browser must allow cookies in order to log in.</p> <form action="login.php" method="post"> <fieldset> <p><b>Email Address:</b> <input type="text" name="email" size="20" maxlength="40" /></p> <p><b>Password:</b> <input type="password" name="pass" size="20" maxlength="20" /></p> <div align="center"><input type="submit" name="submit" value="Login" /></div> <input type="hidden" name="submitted" value="TRUE" /> </fieldset> </form> <?php // Include the HTML footer. include ('includes/footer.html'); ?> Code: [Select] <?php require_once ('includes/config.inc.php'); $page_title = 'YOUR PAGE TITLE GOES HERE'; // Start output buffering: ob_start(); // Initialize a session: session_start(); // Check for a $page_title value: if (!isset($page_title)) { $page_title = 'User Registration'; } // If no first_name session variable exists, redirect the user: if (!isset($_SESSION['first_name'])) { $url = BASE_URL . 'index.php'; // Define the URL. ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } ?> Code: [Select] <?php // Flush the buffered output. ob_end_flush(); ?> We have a php application that is just a form, that takes in data to a mysql database and then displays that data in queue(php web page) for the client. It has been working for the past 5 or more years. Six weeks ago, the client noticed that the numbering started skipping a number each time a request was entered. It then seemed to stop, now it has started again. See attached image. Some detail he after user has completed web form and hits submit, three fields are populated in the mysql "REQUEST" table, then the actually data from the submitted web form is sent to the ANSWER table. The REQUEST table is in sync and is always populated, and numbering is in sequence but upon submit, the actual data from the request does NOT always go to the ANSWER table hence the "skipping of numbers." What do I even begin looking at/for to determine what happened? Reminder: this is a 5+ year old app that worked fine until maybe 6 weeks ago. No changes have been made to the database or the code base since 2008. The code that adds the data to the ANSWER table [the one that appears to skip] is below. The applicate is in php 4.3.1, mysql 5, linux server. This topic has been moved to Third Party PHP Scripts. http://www.phpfreaks.com/forums/index.php?topic=358615.0 Alright, I've been assigned a project at work. I did not develop the application and the individual who did used CodeIgnited framework and mysql as the db.
Here's the problem, I'm not given much OT to do this and in our meeting the best way to proceed was to replicate the database for different parts of the organization. Basically we are a subsidiary and have been using an application that other groups within the organization want to use. Usually I would reconfigure the db schema and add org ids and in the user table add the appropriate organization to go to. However, they are not giving me enough time to do that.
So what I'm thinking is to just create a copy of the database we use (just the structure) and create a new database.
What I want to know is how to use mysql to check to see if a user exists in one database and if they don't then to go on to the next database. I understand this is a very sloppy way to do it, but it's the way we are moving forward.
I found the code to connect to the db in CodeIgnitor... how can I connect to a database, check to see if the user exists, then close that db connection and try the next database?
/**
* Select the database
*
* @access private called by the base class
* @return resource
*/
function db_select()
{
return @mysql_select_db($this->database, $this->conn_id);
}
Thanks in advance.
hi to all.Im currently displaying the images from my upload directory but the image does not display.please help thanks I wrote wrong LDAP server for test but my script dont die! why ? in php.ini I wrote extension=php_ldap.dll and I have this lib in php/ext/ error_reporting(1); $ldaphost = 'my.office.company.com'; // Connecting to LDAP $ip = gethostbyname($ldaphost); $ldapconn = ldap_connect($ip) or die("Could not connect to $ldaphost"); echo 'done'; Hi, I'm completely new to LDAP authentication but have managed to get a fairly smooth working script. However, I was wondering what is the easiest way to get a BASEDN from a Fully Qualified Domain Name. At the moment I have a loop which would take: example.com and turn it into dc=examplem,dc=com But is that the best way? Hi guys, I have this problem and id appreciate all your advice in helping solve it. I'm working on a service with is "cloud" hosted. However I want it so when a person employed by Corporation A logs onto myservice.corporationa.com they enter their Corporation A LDAP details but somehow that sends them to myservice.com and authenticates them. I know how to do the get LDAP details part to put on myservice.corporationa.com but no idea how to do the rest and make it send back etc. Any ideas? Many many thanks in advance. (PS - If this all makes sense please do let me know) Hi,
I haven't worked with PHP in years and was asked to debug something. Maybe you can help me out since I'm stuck. This error popped up when we upgraded from PHP 5.3 to 5.4.
It is setting LDAP options.
Here is the code:
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0) or die ("Could not set option referrals"); Both of these statement are throwing the following error message to the log. 52 is not a valid ldap link resource Anything I can check or look at? I am a little clueless here. Thanks I'm using Active Directory and PHP with LDAP. I have been trying to create a script that will list all the members of each group in a OU. When I run this script in an OU with Users, it will return an array with all the available attributes of each User. However when I use it with a group, it doesn't return any attributes of the group. Code: [Select] <?php $ig_ldaphost="LDAP://domain/"; //filtered for security $ig_ldapou="OU=Drive Security,OU=Groups,DC=this,DC=and,dc=that"; //filtered for security $ig_ldapconn=ldap_connect($ig_ldaphost) or die("Could not connect to {$ig_ldaphost}"); $ig_ldapopt=ldap_set_option($ig_ldapconn,LDAP_OPT_PROTOCOL_VERSION,3) or die("Could not set options: {$ig_ldapopt}"); $ig_ldapbind=ldap_bind($ig_ldapconn) or die("Could not bind: {$ig_ldapbind}"); $ig_ldapsearch=ldap_search($ig_ldapconn,$ig_ldapou,"objectClass=*"); for ($ig_ldapentry=ldap_first_entry($ig_ldapconn,$ig_ldapsearch);$ig_ldapentry!=FALSE;$ig_ldapentry=ldap_next_entry($ig_ldapconn,$ig_ldapentry)) { $ig_ldapvalues=ldap_get_attributes($ig_ldapconn,$ig_ldapentry); $ig_ldapdn=ldap_explode_dn(ldap_get_dn($ig_ldapconn,$ig_ldapentry),1); echo "/".$ig_ldapdn[1]."/".$ig_ldapdn[0]."<br />"; var_dump($ig_ldapvalues); echo "<br /><br />"; } ldap_close($ig_ldapconn); ?> Can anyone help with this? I am having trouble using ldap_start_tls(). I am using the same code I have seen in a dozen different forums: $ds = ldap_connect($ldap['host'],$ldap['port']); ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); ldap_start_tls($ds); ldap_bind($ds,$ldap['user'],$ldap['pass']) ldap_close($ds); but I still receive the same error message: Warning: ldap_start_tls() [function.ldap-start-tls]: Unable to start TLS: Connect error The LDAP authentication had been working fine without the ldap_start_tls. I feel like I must have missed something big - is ldap_start_tls() dependent on having a local certificate? is OpenSSL a pre-requisite? I've seen lots of discussions turn towards OpenLDAP, but I had assumed this was only on the target server. Can anyone confirm that? Any help would greatly appreciated. Darren I used search function, could not find a subject that addressed my need. I hope I am not repeating a well answered question.
I have two MySql fields I want to hyperlink, but not as text links, but with an image.
Here is truncated code, if more deatail is need, I can post. Both links work fine now, but show the person's email name and google map link text - looks unproffessional and I think the email links may be able to be harvested by spammers.
The E-mail link:
echo "<td><a href=mailto:".$row['email'] . ">" .$row['email'] . "</a></td>";
The Google map link:
echo "<td><a target='_blank' href=".$row['location_map_link'] . ">" .$row['location_map_link'] . "</a></td>";
Can we use images in this code?
I am not a PHP coder!!
Ron so im trying to setup a page for my bills that i pay monthly so me and my gf can access it remotely whenever we need to. we have a few loans that we are paying off in installment loans every month so i created a table like the picture below (which is actually in excel but it looks about the same). i know how to pull via select and sum everything that i need but what i'm actually going for is this: every month on those certain due dates i'd like for the monthly payment to be subtracted from the balance automatically..and it show the reflected balance. i'm not sure how to go about such a thing though as i've never worked with dates and times. my logic is that i have to setup a beginning time stamp for it to work off of..and then every 30 days from that time stamp..subtract the payment. then again, there's not always 30 days in a month and it'd get off track. any ideas? |
|||||||