<?php
// http://sudobash.net/?p=736
session_start();
session_destroy();
if(!isset($_POST['user'])){?>
<?}?>
<?if(isset($_POST['user']))
{
?>
<?php
include 'conf.php';
// Don't display the warnings - we are already setup to annoy the user
ini_set( "display_errors", 0);
// No funny stuff!
$user = htmlspecialchars($_POST['user']);
$user = explode(" ", $user);
$user = $user[0];
$user = preg_replace("/[^a-zA-Z0-9_]/", "", $user);
$filter = "admin=" . $user;
// Connect to the LDAP server.
$ldapconn = ldap_connect($server, $port) or
die("Could not connect to " . $server . ":" . $port . ".");
// Bind with rootreader to the LDAP server to search and retrieve DN.
$ldapbind = ldap_bind($ldapconn) or die("Could not bind - contact admin@adamskalicky.com");
$result = ldap_search($ldapconn,$basedn,$filter) or die ("Search error.");
$entries = ldap_get_entries($ldapconn, $result);
$binddn = $entries[0]["dn"];
// Bind again using the DN retrieved. If this bind is successful,
// then the user has managed to authenticate.
$ldapbind = ldap_bind($ldapconn, $binddn, $_POST['password']);
if ($ldapbind)
{
echo "<center><h2>Successful authentication for <span style='color: #000;'>" . $user . "</span></center>";
?> <table align="center" height="200px" id="content">
<tr>
<td valign="middle">
<form action="restricted.php" method="post">
<input type="hidden" name='user' value="<?=$user;?>" >
<input type="submit" value="Great, Let's go!" >
</form>
</td>
</tr>
</table>
<?
} else
{
echo "<center><h2>Failed authentication for <span style='color: #000;'>" . $user . "</span><br /><br />
<a href='login.php'>Try again</a></center>";
}
ldap_close($ldapconn);
?>
<?
}?>
preferences:
39.37 ms | 402 KiB | 5 Q