Ticket #551: LDAP.php

<?php defined('SYSPATH') or die('No direct script access.');
/**
 * LDAP Auth driver.
 *
 * $Id$
 *
 * @package    Auth
 * @author     Kohana Team
 * @copyright  (c) 2007-2008 Kohana Team
 * @license    http://kohanaphp.com/license.html
 */
class Auth_LDAP_Driver implements Auth_Driver {

    protected $config;

    // Session library
    protected $session;

    /**
     * Constructor. Loads the Session instance.
     *
     * @return  void
     */
    public function __construct(array $config)
    {
        // Load config
        $this->config = $config;

        // Load libraries
        $this->session = Session::instance();
    }

    public function logged_in($role)
    {
        $status = FALSE;

        // Checks if a user is logged in and valid
        if ( ! empty($_SESSION['auth_user']) AND is_object($_SESSION['auth_user'])
            AND ($_SESSION['auth_user'] instanceof User_Model) AND $_SESSION['auth_user']->loaded())
        {
            $staus = TRUE;
        }

        return $status;
    }

    public function login($user, $password, $remember)
    {
        // Load the user
        $user = 'cn='.$user.','.$this->config['base'];

        // Connect to directory server
                $ds = ldap_connect($this->config['server']);

        if (!$ds) {
            show_error('Connection error', "Can't connect to server $this->config['server']");
        }

        // Set LDAP options
                ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $this->config['version']);


        echo "user = $user / password = $password\n";

        // Bind as the user
                $r  = @ldap_bind($ds, $user, $password);

        // Overwrite the password for security reasons
                //$password = 'So Long, and Thanks for All the Fish!';

        // If the passwords match, perform a login
        if ($r) {
            if ($remember === TRUE) {
                // Create a new autologin token
                $token = ORM::factory('user_token');

                // Set token data
                $token->user_id = $user->id;
                $token->expires = time() + $this->config['lifetime'];
                $token->save();

                // Set the autologin cookie
                cookie::set('authautologin', $token->token, $this->config['lifetime']);
            }

            // Run the standard completion
            $this->complete_login($user);

            return TRUE;
        }

        // Login failed
        return FALSE;
    }

    public function force_login($user)
    {
        // Mark the session as forced, to prevent users from changing account information
        $_SESSION['auth_forced'] = TRUE;

        // Run the standard completion
        $this->complete_login($user);
    }

    public function auto_login()
    {
        return FALSE;
    }

    public function logout($destroy)
    {
        // Delete the autologin cookie if it exists
        cookie::get('authautologin') and cookie::delete('authautologin');

        if ($destroy === TRUE)
        {
            // Destroy the session completely
            Session::instance()->destroy();
        }
        else
        {
            // Remove the user object from the session
            unset($_SESSION['auth_user']);

            // Regenerate session_id
            $this->session->regenerate();
        }

        // Double check
        return ! isset($_SESSION['auth_user']);
    }

    public function password($user)
    {
        return NULL;
    }

    /**
     * Complete the login for a user by setting the
     * session data: user_id, username
     *
     * @param   object   user model object
     * @return  void
     */
    protected function complete_login(User_Model $user)
    {
        // Regenerate session_id
        $this->session->regenerate();

        // Store session data
        $_SESSION['auth_user'] = $user;
    }

} // End Auth_LDAP_Driver Class