Authentication Php

Simple and fast authentication module when you want to authenticate your users
againt Active Directory through LDAP. The script will also store the username,
Display Name, and fully qualified DN ie;
DN=user,ou=users,ou=account,dc=domain,dc=com in a cookie. You could also
store any other attribute of the user in the cookie as well (email address, office
phone, etc...)
Note: you will need to change the server, basedn and filter variables for your
environment.
Just place an include "auth.in";
at the top of every file that you want protected.
$server="XXX.XXX.XXX.XXX"; //change to ip address of ldap server
$basedn="ou=users, ou=accounts, dc=domain, dc=com"; //change to reflect the ou
and
domain that your users are in.
$script=$_SERVER['SCRIPT_NAME'];
if (isset($HTTP_COOKIE_VARS['cookie'])) { //If cookie exists, retrieve it and
put it in an
array for use.
$cookie=$HTTP_COOKIE_VARS['cookie'];
}
if (isset($cookie)) {
$username=$cookie['user'];
$password=($cookie['token']);
$fullname=$cookie['fullname'];
$fqdn=$cookie['fqdn'];
$dn = "cn=$username, ";
if (!($connect = ldap_connect($server))) {
die ("Could not connect to LDAP server");
}
if (!($bind = ldap_bind($connect, "$dn" . "$basedn", $password))) {
die ("Could not bind to $dn$basedn");
}
} else {
if ((isset($_POST['username'])) && (isset($_POST['password']))) {
$username=$_POST['username'];
$password=$_POST['password'];
$filter="(&(|(!(displayname=Administrator*))(!
(displayname=Admin*)))(cn=$username))"; //define an appropriate ldap search filter
to
find your users, and filter out accounts such as administrator(administrator should
be
renamed anyway!).
$dn = "cn=$username, ";
if (!($connect = ldap_connect($server))) {
die ("Could not connect to LDAP server");
}
if (!($bind = ldap_bind($connect, "$dn" . "$basedn",
$password))) {
die ("Could not bind to $dn");
}
$sr = ldap_search($connect, $basedn,"$filter");
$info = ldap_get_entries($connect, $sr);
$fullname=$info[0]["displayname"][0];
$fqdn=$info[0]["dn"];
setcookie("cookie[user]",$username);
setcookie("cookie[token]",$password);
setcookie("cookie[fullname]",$fullname);
setcookie("cookie[fqdn]", $fqdn);
} else {
?>


Portal Login















color="gray">Enter Credentials









face="Verdana,Tahoma,Arial,sans-
serif" size="1" color="gray">Username:


face="Verdana,Tahoma,Arial,sans-
serif" size="1" color="gray">Password:

name="password">

name="image">







color="silver">This System is
for the use of authorized users only. Individuals using this computer system
without
authority, or in excess of their authority, are subject to having their activities
on this system
monitored and recorded by system personnel. In the course of monitoring individuals
improperly using this system, or in the course of system maintenance, the activities
of
authorized users may also be monitored. Anyone using this system expressly consents
to
such monitoring and is advised that if such monitoring reveals possible criminal
activity,
system personnel may provide the evidence of such monitoring to law enforcement
officals.
This warning has been provided by the United States Department of Justice and is
intended to
ensure that monitoring of user activity is not in violation of the Communications
Privacy Act of
1986.







die ();
}
}
?>