public function authenticate($username, $password, &$userId)
{
// Check if username should be authenticated locally
if (in_array($username, $this->LDAP_LOCAL_ACCOUNTS)) {
return $this->kimaiAuth->authenticate($username, $password, $userId);
}
// Check environment sanity
if (!function_exists('ldap_bind')) {
echo 'ldap is not installed!';
$userId = false;
return false;
}
// Check if username is legal
$check_username = trim($username);
if (!$check_username || !trim($password) || $this->LDAP_FORCE_USERNAME_LOWERCASE && strtolower($check_username) !== $check_username) {
$userId = false;
return false;
}
// Connect to LDAP
$connect_result = ldap_connect($this->LADP_SERVER);
if (!$connect_result) {
echo "Cannot connect to ", $this->LADP_SERVER;
$userId = false;
return false;
}
ldap_set_option($connect_result, LDAP_OPT_PROTOCOL_VERSION, 3);
// Try to bind. Binding means user and pwd are valid.
$bind_result = ldap_bind($connect_result, $this->LDAP_USERNAME_PREFIX . $check_username . $this->LDAP_USERNAME_POSTFIX, $password);
if (!$bind_result) {
// Nope!
$userId = false;
return false;
}
ldap_unbind($connect_result);
// User is authenticated. Does it exist in Kimai yet?
$check_username = $this->LDAP_FORCE_USERNAME_LOWERCASE ? strtolower($check_username) : $check_username;
$userId = $this->database->user_name2id($check_username);
if ($userId === false) {
// User does not exist (yet)
if ($this->LDAP_USER_AUTOCREATE) {
// Create it!
$userId = $this->database->user_create(array('name' => $check_username, 'globalRoleID' => $this->getDefaultGlobalRole(), 'active' => 1));
$this->database->setGroupMemberships($userId, array($this->getDefaultGroups()));
// Set a password, to calm kimai down
$usr_data = array('password' => md5($this->kga['password_salt'] . md5(uniqid(rand(), true)) . $this->kga['password_salt']));
$this->database->user_edit($userId, $usr_data);
} else {
$userId = false;
return false;
}
}
return true;
}