ok i get another parse error

Parse error: parse error, unexpected ';' in C:\Program Files\Apache Group\Apache2\htdocs\ldapstuff\connect1.php on line 48

line 48

print_r($ldap["info"];

however if i comment it out, no errors.

Now beciase i just wanna check username and password in the ldap directory

i think i need to change these lines right

$SESSION["userdept"] = $ldap["info"][0]["department"][0];
$SESSION["usermail"] = $ldap["info"][0]["mail"][0];

maybe to

$SESSION["uname"] = $ldap["info"][0]["uname"][0];
$SESSION["password"] = $ldap["info"][0]["password"][0];

now im not 100% sure about this becuase the attribute fields in the ldap server are called uid userPassword. So maybe they should be in there, is that right

Not my day...

change that line to

print_r($ldap["info"]);

This would print the info array in a readable way thus helping you figuring out how to get the data out of the info array.

Use print_r just to debug ... you'll get some header errors on the $_SESSION lines but they will disappear as soon as you comment out the print_r line.

Thomas

yep works, sorry i should have spotted that bracket.
I hold my head in shame.

is my understanding about the session right, in that i think i need to put the attribute names from the ldap directory in there

Hi,

just put any attributes you need later into the session (but not the password, it's not recommended to store passwords in the session, at least not as plaintext).

There are tons of ways to store the data in the session. Create a class that holds the data and store an instance of that class in the session, store the attributes in different variables or build an array out of the attributes and store that array in the session and so on, what you like more.

Does the print_r line print the expected LDAP data ?

Thomas

ok so i will come back to the session stuff, you have givne me a lot to think about there.

thisis what the page displays when i first go to it

Array ( [count] => 0 )
Username:

Password:

then when i type in the correct user id and password i get this

Array ( [count] => 1 [0] => Array ( [objectclass] => Array ( [count] => 4 [0] => top [1] => simpleSecurityObject [2] => uidObject [3] => organizationalRole ) [0] => objectclass [userpassword] => Array ( [count] => 1 [0] => password1 ) [1] => userpassword [uid] => Array ( [count] => 1 [0] => testuser ) [2] => uid [cn] => Array ( [count] => 1 [0] => Some Testuser ) [3] => cn [count] => 4 [dn] => uid=testuser,ou=users,dc=mydomain,dc=com ) )

so its working

so now i think as you say we need to get the data out of the info array and i think use it as part of a session so that users can log in to my php application and use it. Or am i missing something

Hi,

I rearranged the array data a little bit:

Array ( 
[count] => 1 
    [0] => Array ( [count] => 4  

                       [0] => objectclass 
                       [1] => userpassword 
                       [2] => uid
                       [3] => cn 
                   [objectclass] => Array ( [count] => 4 
                                                [0] => top 
                                                [1] => simpleSecurityObject 
                                                [2] => uidObject 
                                                [3] => organizationalRole 
                                          )
                  [userpassword] => Array ( [count] => 1 
                                                [0] => password1 
                                          ) 
                           [uid] => Array ( [count] => 1 
                                                [0] => testuser 
                                          ) 
                            [cn] => Array ( [count] => 1 
                                                [0] => Some Testuser 
                                          ) 
                            [dn] => uid=testuser,ou=users,dc=mydomain,dc=com 
                 )
      ) 

In order to get the data of the user you can do something like:

$fullname = $ldap['info'][0]['cn'][0];
// the full dn of the user
$udn = $ldap['info'][0]['dn'];
$pass = $ldap['info'][0]['userpassword'][0];
$login = $lda['info'][0]['uid'][0];
$_SESSION['sess_fullname']=$fullname;
$_SESSION['sess_udn']=$udn;
$_SESSION['sess_login']=$login;
$_SESSION['sess_authenticated']=true;
// then redirect to another page with e.g. header

Just an example ... without any validation ... might need some tweaking.
Make sure that you have session_start() on top of every script if session.auto_start is not set to On in php.ini.

Did you already set an email address in the ldap server for that user ?

Thomas

wow, your really good at this, i have noticed u seem to answer a lot of problems, people like me are very gratefull,

ok the array you have arranged

shall i put it just after the
print_r($ldap["info"]);// i will comment this out though

i have no email for my user yet in my database. That's why i mentioned taking it out earlier from here

$_SESSION["usermail"] = $ldap["info"][0]["mail"][0];

This is the info i have set for my user in ldap server

uid testuser
userPassword [B@1dd9891
objectClass top
objectClass simpleSecurityObject
objectClass uidObject
objectClass organizationalRole
cn Some Testuser

Hi,

put it inside this if statement:

    if(count($ldap["info"])>0) 
    { 
      // Add the user’s department name and email address 
      // to the session 
      $pass = $ldap['info'][0]['userpassword'][0]; 
      $_SESSION['sess_fullname']=$ldap['info'][0]['cn'][0];  

      $_SESSION['sess_udn']=$ldap['info'][0]['dn']; 
      $_SESSION['sess_login']=$ldap['info'][0]['uid'][0];
      $_SESSION['sess_authenticated']=true; 
      // need some password validation here
      session_write_close();
      header("Location: [url]http://www.myserver.com/scriptforauthenticatedusers.php[/url]");
      exit;
    } 

The password validation is missing here but that is not too hard to do.

What are your session settings in php.ini (session.auto_start, ....) ?

Try to change your code so it rather sets an error variable and prints that variable along with the form instead of using exit (exception: header call) and die. But this is the last step after the script basically works.

After setting the session variables try to redirect to another script by using the header function like seen above. But make sure that there is no output prior to the header redirect (like echo, any empty lines in front of <?PHP, php error messages and so on). In that script try to echo the session variables.

Thomas

hi Thomas

I looked in php.ini, this is my setting

session.auto_start = 0

i get a Parse error: parse error, unexpected T_STRING in C:\Program Files\Apache Group\Apache2\htdocs\ldapstuff\connect1.php on line 71

line71, i have put in the details of the page that once the user has been autheticated can go to

header("Location: <a href="http:\81.106.219.191\index.php\" target="_blank"> http:\81.106.219.191\index.php</a>");

i will do the error checking for the password

so on the page that the users go esot once they are authenticated will have
<?php
session _start();
?>

Hi,

put the session_start() on top of both scripts (ldapstuff.php also).

header("Location: http://81.106.219.191/index.php");

Don't use backslashes.

Edit: I forgot the Location:

Thomas

Just a suggestion ...

forgot to put a ; after session_start() ?

Thomas

back to line 72

Parse error: parse error, unexpected T_STRING in C:\Program Files\Apache Group\Apache2\htdocs\ldapstuff\connect1.php on line 72

header("Location: <a href=" http://81.106.219.191/index.php/" target="_blank"> http://81.106.219.191/index.php/</a>");

Post the script or repost lines 70 to 75 but uncheck the "Automatically parse URLs" checkbox just below the textfield where you can type your post.

i have added the file

Hi,

find attached the file ... copy'n'paste weakness.

Thomas

at the momment i can log in with anything and it takes me to the index.php page, The only way i should be able to get to that page is if i put in a name and password that is in the ldap server

Hi,

first of all insert code that checks if both the username and the password have been submitted at all (use trim on that post variables so whitespaces will be removed).
If that isn't the case you can omit the complete ldap code and just redisplay the form with an appropriate error message.
Second, if someone submits a username and a password do the ldap search and only redirect to the next page if both the username and the password you get from the search match the data posted.

Thomas

re : first of all insert code that checks if both the username and the password have been submitted at all (use trim on that post variables so whitespaces will be removed).

You mean like this

$data[$uname] = addslashes($POST["uname"]);
$data[$password] = addslashes($POST["password"]);

Re: Second, if someone submits a username and a password do the ldap search and only redirect to the next page if both the username and the password you get from the search match the data posted.

this is where it searches for the user, but i only see uid perhaps i need to add password on so insteads of this

$ldap["result"] = ldap_search( $ldap["conn"], $ldap["base"], "(uid=".$data["uname"].")");

i do

$ldap["result"] = ldap_search( $ldap["conn"], $ldap["base"], "(uid=".$data["uname"].")"(userPassword=".$data["pass"].")");

Hi,

$data['uname'] = trim($_POST["uname"]); 
$data['password'] = trim($_POST["password"]); 

and

$ldap["result"] = ldap_search( $ldap["conn"], $ldap["base"], "(&(uid=".$data["uname"].")(userPassword=".$data["password"]."))");

you might need

$ldap["result"] = ldap_search( $ldap["conn"], $ldap["base"], "(&(uid=".$data["uname"].")(userPassword=".md5($data["password"])."))");

Thomas