source: trunk/security/vercert.php @ 4127

Revision 4127, 3.0 KB checked in by rafaelraymundo, 13 years ago (diff)

Ticket #1739 - Login com certificado em atributo customizável

Line 
1<?php
2$GLOBALS['phpgw_info']['flags'] = array(
3                'disable_Template_class' => True,
4                'login'                  => True,
5                'currentapp'             => 'login',
6                'noheader'               => True
7        );
8if(file_exists('../header.inc.php'))
9    {
10        include('../header.inc.php');
11    }
12else
13    {
14        echo '1'.chr(0x0D).chr(0x0A).lang('Error. header.inc.php not found');
15        exit();
16    }
17if(!$_POST['certificado'])
18    {
19        echo '2'.chr(0x0D).chr(0x0A).lang('Fail to get certificate');
20        exit();
21    }
22require_once('classes/CertificadoB.php');
23require_once('classes/Verifica_Certificado.php');
24include('classes/Verifica_Certificado_conf.php');
25$cert = troca_espaco_por_mais(str_replace(chr(0x0D).chr(0x0A),chr(0x0A),str_replace(chr(0x0A).chr(0x0A),chr(0x0A),$_POST['certificado'])));
26$c = new certificadoB();
27$c->certificado($cert);
28if (!$c->apresentado)
29    {
30       echo '3'.chr(0x0D).chr(0x0A).lang('Fail to get certificate');
31       exit();
32    }
33$b = new Verifica_Certificado($c->dados,$cert);
34if(!$b->status)
35    {
36       $msg = '4'.chr(0x0D).chr(0x0A).$b->msgerro;
37       foreach($b->erros_ssl  as $linha)
38           {
39                $msg .= "\n" . $linha;
40           }
41       echo $msg;
42       exit();
43    }
44if ( (!empty($GLOBALS['phpgw_info']['server']['ldap_master_host'])) &&
45        (!empty($GLOBALS['phpgw_info']['server']['ldap_master_root_dn'])) &&
46        (!empty($GLOBALS['phpgw_info']['server']['ldap_master_root_pw'])) )
47    {
48        $ds = $GLOBALS['phpgw']->common->ldapConnect($GLOBALS['phpgw_info']['server']['ldap_master_host'],
49        $GLOBALS['phpgw_info']['server']['ldap_master_root_dn'],
50        $GLOBALS['phpgw_info']['server']['ldap_master_root_pw']);
51    }
52else
53    {
54        $ds = $GLOBALS['phpgw']->common->ldapConnect();
55    }
56if (!$ds)
57     {
58        echo '5'.chr(0x0D).chr(0x0A).lang('Failure when get user data to login');
59        exit();
60     }
61$cert_atrib_cpf = isset($GLOBALS['phpgw_info']['server']['certificado_atributo_cpf'])&&$GLOBALS['phpgw_info']['server']['certificado_atributo_cpf']!=''?$GLOBALS['phpgw_info']['server']['certificado_atributo_cpf']:"uid";
62$filtro = $cert_atrib_cpf .'='. $c->dados['2.16.76.1.3.1']['CPF'];
63$atributos = array();
64$atributos[] = "usercertificate";
65$atributos[] = "phpgwaccountstatus";
66$atributos[] = "cryptpassword";
67$atributos[] = "uid";
68$sr=ldap_search($ds, $GLOBALS['phpgw_info']['server']['ldap_context'],$filtro,$atributos);
69$info = ldap_get_entries($ds, $sr);
70if($info["count"]!=1)
71{
72    echo '6'.chr(0x0D).chr(0x0A).lang('Invalid data from users directory');
73    ldap_close($ds);
74    exit();
75}
76if($info[0]['phpgwaccountstatus'][0]!='A')
77    {
78        echo '7'.chr(0x0D).chr(0x0A).lang('User account is inactive in Expresso');
79        ldap_close($ds);
80        exit();
81    }
82if($info[0]["cryptpassword"][0] && $info[0]["usercertificate"][0] && $cert == $info[0]["usercertificate"][0] )
83    {
84        echo '0'.chr(0x0D).chr(0x0A).$info[0]["uid"][0].chr(0x0D).chr(0x0A).$info[0]["cryptpassword"][0];
85    }
86else
87    {
88        echo '8'.chr(0x0D).chr(0x0A).lang('The current certificate not registered to login');
89    }
90ldap_close($ds);
91?>
Note: See TracBrowser for help on using the repository browser.