source: branches/2.2.0.1/security/vercert.php @ 3991

Revision 3991, 3.0 KB checked in by rafaelraymundo, 10 years ago (diff)

Ticket #1739 - Login com certificado em atributo customizável

Line 
1<?php
2$GLOBALS['phpgw_info']['flags'] = array(
3                'disable_Template_class' => True,
4                'login'                  => True,
5                'currentapp'             => 'login',
6                'noheader'               => True
7        );
8if(file_exists('../header.inc.php'))
9    {
10        include('../header.inc.php');
11    }
12else
13    {
14        echo '1'.chr(0x0D).chr(0x0A).lang('Error. header.inc.php not found');
15        exit();
16    }
17if(!$_POST['certificado'])
18    {
19        echo '2'.chr(0x0D).chr(0x0A).lang('Fail to get certificate');
20        exit();
21    }
22require_once('classes/CertificadoB.php');
23require_once('classes/Verifica_Certificado.php');
24include('classes/Verifica_Certificado_conf.php');
25$cert =str_replace(chr(0x0A).chr(0x0A),chr(0x0A),$_POST['certificado']);
26$cert = troca_espaco_por_mais($cert);
27$c = new certificadoB();
28$c->certificado($cert);
29if (!$c->apresentado)
30    {
31       echo '3'.chr(0x0D).chr(0x0A).lang('Fail to get certificate');
32       exit();
33    }
34$b = new Verifica_Certificado($c->dados,$cert);
35if(!$b->status)
36    {
37       $msg = '4'.chr(0x0D).chr(0x0A).$b->msgerro;
38       foreach($b->erros_ssl  as $linha)
39           {
40                $msg .= "\n" . $linha;
41           }
42       echo $msg;
43       exit();
44    }
45if ( (!empty($GLOBALS['phpgw_info']['server']['ldap_master_host'])) &&
46        (!empty($GLOBALS['phpgw_info']['server']['ldap_master_root_dn'])) &&
47        (!empty($GLOBALS['phpgw_info']['server']['ldap_master_root_pw'])) )
48    {
49        $ds = $GLOBALS['phpgw']->common->ldapConnect($GLOBALS['phpgw_info']['server']['ldap_master_host'],
50        $GLOBALS['phpgw_info']['server']['ldap_master_root_dn'],
51        $GLOBALS['phpgw_info']['server']['ldap_master_root_pw']);
52    }
53else
54    {
55        $ds = $GLOBALS['phpgw']->common->ldapConnect();
56    }
57if (!$ds)
58     {
59        echo '5'.chr(0x0D).chr(0x0A).lang('Failure when get user data to login');
60        exit();
61     }
62$cert_atrib_cpf = isset($GLOBALS['phpgw_info']['server']['certificado_atributo_cpf'])&&$GLOBALS['phpgw_info']['server']['certificado_atributo_cpf']!=''?$GLOBALS['phpgw_info']['server']['certificado_atributo_cpf']:"uid";
63$filtro = $cert_atrib_cpf .'='. $c->dados['2.16.76.1.3.1']['CPF'];
64$atributos = array();
65$atributos[] = "usercertificate";
66$atributos[] = "phpgwaccountstatus";
67$atributos[] = "cryptpassword";
68$atributos[] = "uid";
69$sr=ldap_search($ds, $GLOBALS['phpgw_info']['server']['ldap_context'],$filtro,$atributos);
70$info = ldap_get_entries($ds, $sr);
71if($info["count"]!=1)
72{
73    echo '6'.chr(0x0D).chr(0x0A).lang('Invalid data from users directory');
74    ldap_close($ds);
75    exit();
76}
77if($info[0]['phpgwaccountstatus'][0]!='A')
78    {
79        echo '7'.chr(0x0D).chr(0x0A).lang('User account is inactive in Expresso');
80        ldap_close($ds);
81        exit();
82    }
83if($info[0]["cryptpassword"][0] && $info[0]["usercertificate"][0] && $cert == $info[0]["usercertificate"][0] )
84    {
85        echo '0'.chr(0x0D).chr(0x0A).$info[0]["uid"][0].chr(0x0D).chr(0x0A).$info[0]["cryptpassword"][0];
86    }
87else
88    {
89        echo '8'.chr(0x0D).chr(0x0A).lang('The current certificate not registered to login');
90    }
91ldap_close($ds);
92?>
Note: See TracBrowser for help on using the repository browser.