0
I need some help between levels of access, I’ll post some of the code. It is a connection in AD (Active Diretory), authenticating the user and searching to which group he belongs.
This is the login code.php
<?php
include("auth.php");
// check to see if user is logging out
if(isset($_GET['out'])) {
// destroy session
session_unset();
$_SESSION = array();
unset($_SESSION['username'],$_SESSION['access']);
session_destroy();
}
// check to see if login form has been submitted
if(isset($_POST['username'])){
// run information through authenticator
if(authenticate($_POST['username'],$_POST['userPassword']))
{
header("Location: assets/procge.php");
die();
} else {
$error = 1;
}
}
?>
<form action="#" class="form-signin" method="POST">
<h2 style="text-align:center; font-size: 18px;">Para acesso Telas BI, <br />realize o login.</h2>
<?php
if(isset($error)) echo "<div style='color:#ff0000; text-align:center;'>ERRO!<br /> Usuário e senha inválidos ou sem acesso.</div><br />";
if(isset($_GET['out'])) echo "Sucesso ao deslogar!!!";
?>
<label for="inputEmail" class="sr-only">Usuário</label>
<input id="username" type="text" name="username" autocorrect="off" autocapitalize="off" class="form-control" placeholder="Usuário" />
<label for="inputPassword" class="sr-only">Senha</label>
<input type="password" name="userPassword" id="password" autocomplete="off" class="form-control" placeholder="Senha">
<input class="btn btn-success" name="submit" value="Acessar" type="submit">
</form>
Here the screen of Auth.php
<?php
function authenticate($username, $password) {
if(empty($username) || empty($password)) return false;
$adServer = "ldap://10.10.100.23";
$ldap = ldap_connect($adServer);
$ldaprdn = 'dominio' . "\\" . $username;
$grupolda = 'DC=dominio,DC=com,DC=br';
$grupo1 = 'grupo1';
$grupo2 = 'grupo2';
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
$bind = @ldap_bind($ldap, $ldaprdn, $password);
if ($bind) {
$filter="(sAMAccountName=$username)";
$attr = array("memberof");
$result = ldap_search($ldap,"$grupolda",$filter);
ldap_sort($ldap,$result,"sn");
$info = ldap_get_entries($ldap, $result);
for ($i=0; $i<$info["count"]; $i++) {
if($info['count'] > 1)
break;
echo "<p>Acesso ao A.D. <strong> ". $info[$i]["givenname"][0]." ".$info[$i]["sn"][0] ."</strong><br /> </p>\n";
$userDn = $info[$i]["distinguishedname"][0];
}
// check os grupos
foreach($info[0]['memberof'] as $grps) {
$access = 0;
if(strpos($grps, $grupo1) !== false) {
//Se pertence a esse grupo da acesso 1, somente a esse grupo
$access += 1;
}
elseif(strpos($grps, $grupo2) !== false) {
//Se pertence a esse grupo da acesso 2, somente a esse grupo
$access += 2;
break;
}
}
if($access != 0) {
// Cria as sessões do usuário
$_SESSION['username'] = $username;
$_SESSION['access'] = $access;
return true;
} else {
$_SESSION['loginErro'] = $erro;
// Sem direitos
return false;
}
} else {
// Usuário e senha inválidos
return false;
}
}
?>
When the user is in only one of the groups, it works, if you belong to group1 take the page of group1, If it belongs to Grupo2 takes the Grupo2 page.
But when it belongs to two groups group1e2 with access 3, it always returns to one of the accesses, leading to an individual page and not the page that should give access 3.
If anyone can give an orientation on how to proceed
This is procge.php
<?php
// initialize session
session_start();
if($_SESSION['access'] == 1){
header("Location:../grupo1/index.php");
}
if($_SESSION['access'] == 2){
header("Location: ../grupo2/index.php");
}
if($_SESSION['access'] == 3){
header("Location: ../grupo1e2/index.php");
}
else{
$_SESSION['access'] !== "Erro! Sem permissão de acesso.";
break;
header("Location: ../index.php");
}
?>
That the login:
Ever tried to trade
&
for&&
when checking if the user belongs to the two groups? By the way, what is the value of$grps
? If he starts withACESSO_1
orACESSO_2
, the functionstrpos
will return 0 and to theif
this will be false.– Woss