how to verify Ad group membership in php - php

I have a form for a user to enter username and password. then I pass those creds to a script where I want to verify the user is in a specific AD group. I have tried several gitHub adLDAP projects but none have worked. the examples in the documentation on the php manual don't even work for me (something I'm doing wrong I'm sure). below is my code and at the moment it prints out Array([count] => 0) so I'm assuming that the search isn't working and I can't figure out why. I've tried so many different "solutions" from other posts on stack but none have been successful.
$username = $_POST['username'];
$password = $_POST['password'];
$admin = 'xxxx';
$adminpass = "xxxxxx";
$domain = "mydomain.com";
$baseDN = "OU=ManagedUsers,DC=mydomain,DC=com";
$attr = array("displayName","sAMAccountName");
$filter ="(&(objectClass=user)(objectCategory=person)(memberof=cn=WIFI-
Users,OU=ManagedUsers,DC=hennignt,DC=com))";
$conn = ldap_connect("hennigdc01.hennignt.com");
$bind = ldap_bind($conn,$admin.'#' .$domain,$adminpass);
if ($bind){//also tried ldap_search($conn,$baseDN,"memberof=CN=WIFI-Users,{$baseDN}",$attr);
$search = ldap_search($conn,$baseDN,$filter,$attr);
$results = ldap_get_entries($conn, $search);
var_dump ($results);
} else
echo "Error in Binding";

I solved this by the following and then a for loop to go through the results in $result:
$baseDN = "OU=ManagedUsers,DC=hennignt,DC=com";
$filter = "(memberOf=CN=WIFI-Users,OU=ManagedGroups,DC=hennignt,DC=com)";
$attr = array("sAMAccountName");
$bind = #ldap_bind($conn,$username.'#' .$domain,$password);
if ($bind){
$wifiUser = ldap_search($conn,$baseDN,$filter,$attr);
$result = #ldap_get_entries($conn,$wifiUser);
}

Related

How can I pass 18 variables into one function to validate my PHP/MySQL Interaction

I have a profile page on my website where can you login and update your account details, such as: First Name, Last Name, Username, Company, Address Line 1 etc.
See code:
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
$AccountID = $row["AccountID"];
$FName = $row["FName"];
$LName = $row["LName"];
$Username = $row["Username"];
$Company = $row["Company"];
$AddressL1 = $row["AddressL1"];
$AddressL2 = $row["AddressL2"];
$Town = $row["Town"];
$County = $row["County"];
$PostCode = $row["PostCode"];
$Password = $row["Password"];
$DFName = $row["DFName"];
$DLName = $row["DLName"];
$DAddressL1 = $row["DAddressL1"];
$DAddressL2 = $row["DAddressL2"];
$DTown = $row["DTown"];
$DCounty = $row["DCounty"];
$DPostCode = $row["DPostCode"];
}
if ($_SESSION['login_user']) {
If they are logged in then it'll echo out each value to the input fields and you can change and update them as you will...
Rather than write out
$login_session = stripslashes($login_session);
$login_session = mysql_real_escape_string($login_session);
$login_session = trim($login_session);
For every single variable, what is the best option?
You could do something such as:
function makeSafe($var)
{
$return = stripslashes($var);
$return = mysql_real_escape_string($return);
$return = trim($return);
return $return;
}
$login_session = makeSafe($login_session);
This will avoid the many lines of code on one page and avoid duplicate code
And as I said in my comment, try to avoid mysql_* functionality and replace it with either mysqli or PDO

Variable between php files

Before anyone points out my code is flawed in security or etc know that I am quite a PHP noob and wouldn't mind you forwarding some help to fix that rather than just yelling it is terrible.
Also I did try this below and it won't work for me because it stores it into the session (Unless session is more secure than I thought. I assume users can extract data from one, correct?):
http://tinyurl.com/myqx3xo
As for my question, how would I be able to access the variable $connectdb in my users function? When I do that it gives me 'Undefined variable' error, and isn't detecting that it exists whatsoever. Both are requires in main\folder\start.php that is loaded every page, and on those pages I attempted to call the function and it gave me a failure. The code works fine when I attempt to hardcode the $connectdb's varible into the functions but again there are good reasons not to. Will add additional details if required.
Undefined variable: connectdb in main\folder\folder1\users.php on the line that starts with $data
main\folder\folder1\users.php function:
function user_data($id) {
$data = array();
$user_id = (int)$id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1) {
unset($func_get_args[0]);
$fields = '' . implode(', ', $func_get_args) . '';
$data = mysqli_fetch_assoc(mysqli_query($connectdb,"SELECT $fields FROM users WHERE id = $id"));
return $data;
}
}
main\folder\folder2\connect.php:
<?php
$connect_fail = 'Example connection failure.';
$dbhost = 'host';
$dbuser = 'user';
$dbpass = 'pass';
$db = 'database';
$connectdb = mysqli_connect($dbhost, $dbuser, $dbpass, $db) or die($connect_fail);
?>
include your connect.php into your user.php
include('../fodler2/connect.php');
function user_data($id) {
$data = array();
$user_id = (int)$id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1) {
unset($func_get_args[0]);
$fields = '' . implode(', ', $func_get_args) . '';
$data = mysqli_fetch_assoc(mysqli_query($connectdb,"SELECT $fields FROM users WHERE id = $id"));
return $data;
}
}
in your users.php file you need to add
include "../folder2/connect.php";

PHP retrieving usernames from my database and then putting them into an array

So I've been working on a little automatic payment system, and I'm almost done! My customers will get their account upgraded automatically after payment, but I have a slight problem.
I'm currently manually adding their username to an array which changes their username style to distinguish their rank.
I would like to know how to make it retrieve and successful go into an array which will then be called and show their new username.
Here is my code for retrieving usernames and then putting into an array:
$db = new mysqli("localhost", "changed", "changed", "changed")or die(mysqli_error());
$listmembers = $db->query("SELECT * FROM members")or die(mysqli_error());
$names = array();
while($listnames = $listmembers->fetch_assoc()) {
$names[] = "'" . $listnames['username'];
}
$newname = explode("\", ", $names);
Okay and this is what my array code looks like
$members = array($newname);
And this is the code changing their rank:
if(in_array(strtolower($rows['received']), $members)) {
$user = "" . ucfirst($rows['received']) . "";
}
If anyone cold help me, i'd appreciate it.
Turn warnings on to see a few of your mistakes..
$db = new mysqli("localhost", "changed", "changed", "changed")or die(mysqli_error());
$listmembers = $db->query("SELECT * FROM members")or die(mysqli_error());
$names = array();
while($listnames = $listmembers->fetch_assoc()) {
$names[] = $listnames['username'];
}
and later something like this..
if(in_array(strtolower($rows['received']), $names)) {
$user = "<font color=\"lime\"><b>" . ucfirst($rows['received']) . "</b></font>";
}
why you don't fetch array directly from database?
$db = new mysqli("localhost", "changed", "changed", "changed")or die(mysqli_error());
$listmembers = $db->query("SELECT username FROM members")or die(mysqli_error());
$names = $listmembers->fetch_all();
and then:
foreach ( $names as $username ) {
if ( strtolower($rows['received']) == $username[0] ) {
$user = ucfirst($rows['received']);
break;
}
}

Get all favorites for current user

I've got a table in the database called "favorites" with 3 columns (user_id, bookmarked_song_id, bookmark_tag) and I want to get all the Bookmarked_song_id for the current user.
$username = $this->session->userdata('username');
$uidq = mysql_query('SELECT user_id FROM users WHERE username="' . $username . '"');
$rq = mysql_fetch_assoc($uidq);
$user_id = $rq['user_id'];
$getfavq = mysql_query("SELECT * FROM favorites WHERE user_id=$user_id");
$favsr = mysql_fetch_array($getfavq); //contains all the information from the favorites database where user_id is the user_of the currently logged-in user
And I don't know what to use next... I want to have something like:
foreach($favsr['bookmarked_song_id'] as $song_id) {
$getsongq = mysql_query("SELECT * FROM songs WHERE song_id=$song_id");
$getsongr = mysql_fetch_assoc($getsongq);
$singer = $getsongr['singer'];
$song_name = $getsongr['song_name'];}
Obviously the method is wrong because I get: "Invalid argument supplied for foreach()". Can anyone help me with getting the songs? Thanks in advance.
It should be this:
$favsr = mysql_fetch_array($getfavq, MYSQL_ASSOC);
foreach($favsr as $row) {
$songid = $row['bookmarked_song_id'];
...
}
mysql_fetch_array only loads one row,
it should be like that
$getfavq = mysql_query("SELECT * FROM favorites WHERE user_id=$user_id");
while $favsr = mysql_fetch_array($getfavq);
{$songid=$favsr['bookmarked_song_id'];
$getsongq = mysql_query("SELECT * FROM songs WHERE song_id=$song_id");
$getsongr = mysql_fetch_array($getsongq);
$singer = $getsongr['singer'];
$song_name = $getsongr['song_name'];}
You have this tagged with codeigniter. If you've building a CodeIgniter application, you should probably use CI's database library:
$username = $this->session->userdata('username');
//Select your user
$this->db->select('user_id');
$this->db->where('username', $username);
$this->db->limit(1);
$user_query = $this->db->get('users');
if($user_query->num_rows() > 0)
{
// We found a user
$user = $user_query->row(); // select a single row
// Grab this user's favorites
$this->db->where('user_id', $user->id);
$favorites_query = $this->db->get('favorites');
$songs = $favorites_query->result();
if($songs)
{
foreach($songs as $song)
{
$song_id = $song->bookmarked_song_id;
$tag = $song->bookmark_tag;
// Do stuff with data.
}
}
else
{
// No songs/favorites found, catch error
}
}
else
{
// No such user found, catch error
}
Of course, the best practice is to have your user data and your favorites data in separate models, but this should work for now.

Need Help With Implementing Simple Stuff with PHP and MYSQL

Here is my code -
<?php
$u = $_SESSION['username'];
while($fetchy = mysqli_fetch_array($allusers))
{
mysqli_select_db($connect,"button");
$select = "select * from button where sessionusername='$u' AND response = 'approve'";
$query = mysqli_query($connect,$select) or die('Oops, Could not connect');
$result= mysqli_fetch_array($query);
$email = mysqli_real_escape_string($connect,trim($result['onuser']));
echo $email;
if($email){
mysqli_select_db($connect,"users");
$select_name = "select name, icon from profile where email = '$email'";
$query_2 = mysqli_query($connect,$select_name) or die('Oops, Could not connect. Sorry.');
$results= mysqli_fetch_array($query_2);
$name = mysqli_real_escape_string($connect,trim($results['name']));
$icon = mysqli_real_escape_string($connect,trim($results['icon']));
echo $name;
}
}
NOw, there are two reponses in db. So, two names are getting echoed, but they both are SAME. Why so? Eg
DB - NAMEs - Apple and Orange.
Displayed - Apple Apple.
Database example -
SESSIONUSERNAME OnUSer
s#s.com apple
s#s.com orange
EDITED
Using #endophage's method -
AppleOrange and AppleOrange.
As your loop stands now, $u will always be the same, so $select will always have the same value, and so will $email, and so will $select_name, so it is no surprise that the same record keeps coming back.
Edit
If the $select_name query returns multiple results, then you need to loop through the results with a while loop like the other queries.
Try this, you had your while loop in the wrong place:
<?php
$u = $_SESSION['username'];
mysqli_select_db($connect,"button");
$select = "select * from button where sessionusername='$u' AND response = 'approve'";
$query = mysqli_query($connect,$select) or die('Oops, Could not connect');
while($result = mysqli_fetch_array($query))
{
$email = mysqli_real_escape_string($connect,trim($result['onuser']));
echo $email;
if($email){
mysqli_select_db($connect,"users");
$select_name = "select name, icon from profile where email = '$email'";
$query_2 = mysqli_query($connect,$select_name) or die('Oops, Could not connect. Sorry.');
$results= mysqli_fetch_array($query_2);
$name = mysqli_real_escape_string($connect,trim($results['name']));
$icon = mysqli_real_escape_string($connect,trim($results['icon']));
echo $name;
}
}

Categories