1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
<?php
/*
praktrack - tracking the parts of a portfolio review
Copyright (C) 2026 Friedrich Beckmann <friedrich.beckmann@tha.de>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
*/
function try_login($username,$password) {
global $admins;
if (strlen($username) < 8 or strlen($username) > 100) {
return "failed";
}
if (strlen($password) < 8 or strlen($password) > 1000) {
return "failed";
}
$ldapserver = "ldap://ldap.hs-augsburg.de";
$ldapusertree = 'ou=People, dc=fh-augsburg, dc=de';
$ldapconn = ldap_connect($ldapserver)
or die ("Cannot connect to ldap server ".$ldapserver);
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_NETWORK_TIMEOUT, 3);
$ldapbind = ldap_bind($ldapconn,"uid=$username, ".$ldapusertree,$password);
if ($ldapbind) {
// Login was successfull
session_regenerate_id(TRUE);
$sr=ldap_search($ldapconn,$ldapusertree,"uid=$username",["sn","givenname"]);
$info = ldap_get_entries($ldapconn,$sr);
ldap_unbind($ldapconn);
$vorname = $info[0]["givenname"][0];
$nachname = $info[0]["sn"][0];
$matrikelnummer = db_find_user($vorname,$nachname);
if (in_array($username,$admins)) {
$_SESSION["login"] = "admin";
return "admin";
} elseif ($matrikelnummer) {
$_SESSION["login"] = "user";
$_SESSION["myusername"] = $username;
$_SESSION["mymatrikelnummer"] = $matrikelnummer;
return "user";
} else {
$_SESSION["login"] = "nodb";
return "nodb";
}
} else {
$_SESSION["login"] = "failed";
return "failed";
}
}
?>
|
