conf = $config; else return false; mt_srand((double)microtime()*1000000); $this->rand = mt_rand(); return true; } /** * Connects to the server using the given username and password * * @param string $user user name * @param string $passwd password * @param boolean $allowAnonymous specifies if anonymous binds are allowed * @return mixed if connect succeeds the server handle is returned, else false */ function connect($user, $passwd, $allowAnonymous=false) { // close any prior connection @$this->close(); // do not allow anonymous bind if (!$allowAnonymous && ((!$user)||($user == "")||(!$passwd))) { return false; } // save password und username encrypted $this->encrypt_login($user, $passwd); $this->server = @ldap_connect($this->conf->get_ServerURL()); if ($this->server) { // use LDAPv3 ldap_set_option($this->server, LDAP_OPT_PROTOCOL_VERSION, 3); // start TLS if specified $useTLS = $this->conf->getUseTLS(); if (isset($useTLS) && ($useTLS == "yes")) { @ldap_start_tls($this->server); if (ldap_errno($this->server) != 0) { logNewMessage(LOG_ERR, 'Unable to start TLS encryption. Please check if your server certificate is valid and if the LDAP server supports TLS at all.'); return ldap_errno($this->server); } } $bind = @ldap_bind($this->server, $user, $passwd); if ($bind) { $return = ldap_errno($this->server); $this->is_connected = true; // return success number return $return; } // return error number else return ldap_errno($this->server); } else return false; } /** Closes connection to server */ function close() { @ldap_close($this->server); } /** * Returns the LDAP connection handle * * @return object connection handle */ function server() { if (!$this->is_connected) { $data = $this->decrypt_login(); $this->connect($data[0], $data[1]); $this->is_connected = true; } return $this->server; } /** Closes connection to LDAP server before serialization */ function __sleep() { $this->close(); // define which attributes to save return array("conf", "username", "password", "rand"); } /** Reconnects to LDAP server when deserialized */ function __wakeup() { $this->is_connected = false; // change random number mt_srand($this->rand + (microtime() * 1000000)); $this->rand = mt_rand(); // delete PDF files and images which are older than 10 min $tmpDir = dirname(__FILE__) . '/../tmp/'; $time = time(); $dir = @opendir($tmpDir); $file = @readdir($dir); while ($file) { if ((substr($file, -4) == '.pdf') || (substr($file, -4) == '.jpg')) { $path = $tmpDir . $file; if ($time - filemtime($path) > 600) { @unlink($path); } } $file = @readdir($dir); } @closedir($dir); // clean internal files that are older than 24 hours $tmpDir = dirname(__FILE__) . '/../tmp/internal/'; $time = time(); $dir = @opendir($tmpDir); $file = @readdir($dir); while ($file) { if ((substr($file, -4) == '.tmp')) { $path = $tmpDir . $file; if ($time - filemtime($path) > (3600 * 24)) { @unlink($path); } } $file = @readdir($dir); } @closedir($dir); } /** * Calculates a new value for rand * * @return int New random value */ function new_rand() { // change random number mt_srand($this->rand + (microtime() * 1000000)); $r = mt_rand(); $this->rand = $r; return $r; } /** * Encrypts a string * * @param string $data string to encrypt * @param string $prefix prefix for cookie names * @return object encrypted string */ public static function encrypt($data, $prefix='') { // use MCrypt if available if (function_exists('mcrypt_create_iv')) { // MCrypt may have been enabled in a running session if (!isset($_COOKIE[$prefix . "IV"]) || ($_COOKIE[$prefix . "IV"] == '')) return $data; if ($_COOKIE[$prefix . "IV"] == "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx") { return $data; } // read key and iv from cookie $iv = base64_decode($_COOKIE[$prefix . "IV"]); $key = base64_decode($_COOKIE[$prefix . "Key"]); // encrypt string return mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, base64_encode($data), MCRYPT_MODE_ECB, $iv); } // otherwise do not encrypt else { return $data; } } /** * Decrypts a string * * @param object $data string to decrypt * @param string $prefix prefix for cookie names * @return string decrypted string */ public static function decrypt($data, $prefix='') { // use MCrypt if available if (function_exists('mcrypt_create_iv')) { // MCrypt may have been enabled in a running session if (!isset($_COOKIE[$prefix . "IV"]) || ($_COOKIE[$prefix . "IV"] == '')) return $data; if ($_COOKIE[$prefix . "IV"] == "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx") { return $data; } // read key and iv from cookie $iv = base64_decode($_COOKIE[$prefix . "IV"]); $key = base64_decode($_COOKIE[$prefix . "Key"]); // decrypt string $ret = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB, $iv); $ret = base64_decode(str_replace(chr(00), "", $ret)); return $ret; } // otherwise do not decrypt else { return $data; } } /** * Encrypts username and password * * @param string $username LDAP user name * @param string $password LDAP password */ function encrypt_login($username, $password) { // encrypt username and password $this->username = base64_encode($this->encrypt($username)); $this->password = base64_encode($this->encrypt($password)); } /** * Decrypts username and password * * @return array array(user name, password) */ function decrypt_login() { // decrypt username and password $username = $this->decrypt(base64_decode($this->username)); $password = $this->decrypt(base64_decode($this->password)); $ret = array($username, $password); return $ret; } /** Closes connection to LDAP server and deletes encrypted username/password */ function destroy() { $this->close(); $this->username="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; $this->password="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; } } ?>