Add ldap authentication as an option.

includes/checkauth.php

@@ -45,6 +45,7 @@ session_start();
 			}
 
 		//get the domain name
+			if (count($_SESSION["domains"]) > 1) {
 				$username_array = explode("@", check_str($_REQUEST["username"]));
 				if (count($username_array) > 1) {
 					$domain_name = $username_array[count($username_array) -1];
@@ -72,10 +73,105 @@ session_start();
 						}
 					}
 				}
+			}
 
 		//get the username
 			$username = check_str($_REQUEST["username"]);
 
+		//ldap authentication
+			if ($_SESSION["ldap"]["authentication"]["text"] == "true") {
+				//use ldap to validate the user credentials
+					if ($_SESSION["ldap"]["authentication"]["text"] == "true") {
+						if (strlen(check_str($_REQUEST["domain_name"])) > 0) {
+							$domain_name = check_str($_REQUEST["domain_name"]);
+							$username .= "@".$domain_name;
+						}
+						$ad = ldap_connect("ldap://".$_SESSION["ldap"]["server_host"]["text"].":".$_SESSION["ldap"]["server_port"]["numeric"])
+							or die("Couldn't connect to AD!");
+						ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
+						$bd = ldap_bind($ad,$username,check_str($_REQUEST["password"]));
+						if ($bd) {
+							//echo "success\n";
+							$auth_failed = false;
+						}
+						else {
+							//echo "failed\n";
+							$auth_failed = true;
+						}
+					}
+
+				//check to see if the user exists
+					$sql = "select * from v_users ";
+					$sql .= "where username=:username ";
+					if (count($_SESSION["domains"]) > 1) {
+						$sql .= "and domain_uuid=:domain_uuid ";
+					}
+					$prep_statement = $db->prepare(check_sql($sql));
+					if (count($_SESSION["domains"]) > 1) {
+						$prep_statement->bindParam(':domain_uuid', $domain_uuid);
+					}
+					$prep_statement->bindParam(':username', $username);
+					$prep_statement->execute();
+					$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+					if (count($result) == 0) {
+						//salt used with the password to create a one way hash
+							$salt = generate_password('20', '4');
+							$password = generate_password('20', '4');
+
+						//prepare the uuids
+							$user_uuid = uuid();
+							$contact_uuid = uuid();
+
+						//add the user
+							$sql = "insert into v_users ";
+							$sql .= "(";
+							$sql .= "domain_uuid, ";
+							$sql .= "user_uuid, ";
+							$sql .= "contact_uuid, ";
+							$sql .= "username, ";
+							$sql .= "password, ";
+							$sql .= "salt, ";
+							$sql .= "add_date, ";
+							$sql .= "add_user, ";
+							$sql .= "user_enabled ";
+							$sql .= ") ";
+							$sql .= "values ";
+							$sql .= "(";
+							$sql .= "'$domain_uuid', ";
+							$sql .= "'$user_uuid', ";
+							$sql .= "'$contact_uuid', ";
+							$sql .= "'".$username."', ";
+							$sql .= "'".md5($salt.$password)."', ";
+							$sql .= "'".$salt."', ";
+							$sql .= "now(), ";
+							$sql .= "'".$username."', ";
+							$sql .= "'true' ";
+							$sql .= ")";
+							$db->exec(check_sql($sql));
+							unset($sql);
+
+						//add the user to group user
+							$group_name = 'user';
+							$sql = "insert into v_group_users ";
+							$sql .= "(";
+							$sql .= "group_user_uuid, ";
+							$sql .= "domain_uuid, ";
+							$sql .= "group_name, ";
+							$sql .= "user_uuid ";
+							$sql .= ")";
+							$sql .= "values ";
+							$sql .= "(";
+							$sql .= "'".uuid()."', ";
+							$sql .= "'$domain_uuid', ";
+							$sql .= "'$group_name', ";
+							$sql .= "'$user_uuid' ";
+							$sql .= ")";
+							$db->exec(check_sql($sql));
+							unset($sql);
+					}
+			}
+		//database authentication
+			else {
 				//check the username and password if they don't match then redirect to the login
 					$sql = "select * from v_users ";
 					//$sql .= "where domain_uuid='".$domain_uuid."' ";
@@ -107,6 +203,7 @@ session_start();
 								break;
 						}
 					}
+			}
 			if ($auth_failed) {
 				//log the failed auth attempt to the system, to be available for fail2ban.
 					openlog('FusionPBX', LOG_NDELAY, LOG_AUTH);