1. 首頁
  2. 問答
  3. 會話和LDAP

會話和LDAP

2012-05-11 42 views
3

我有一個網頁。對網頁的身份驗證由我設置的ldap服務器處理。現在我不想執行會話,因此當用戶在一段時間內處於非活動狀態(在下面的情況下,10秒鐘)時,會話將結束,用戶將從ldap服務器解除綁定。我發現這段代碼:會話和LDAP

<?php 
    session_cache_expire(20); 

    session_start(); 
    $inactive = 10; 
    if(isset($_SESSION['start'])) { 
     $session_life = time() - $_SESSION['start']; 
     if($session_life > $inactive){ 
      header("Location: endSession.php"); 

     } 
    } 
    $_SESSION['start'] = time(); 
?>

這是行不通的。如果我刷新頁面,它會將我重定向到我的'endSession.php'頁面,即使我是活躍的。

來源

2012-05-11 TheAptKid

+0

你的意思是10分鐘嗎? – gunnx

+0

第10秒。它僅用於測試目的。 – TheAptKid

回答

7 
function check_auth_ldap() { 

    $sessionTimeoutSecs = 10; 
    $ldapServer = '11.22.33.44'; 
    $ldapPort = 389; 

    if (!isset($_SESSION)) session_start(); 

    if (!empty($_SESSION['lastactivity']) && $_SESSION['lastactivity'] > time() - $sessionTimeoutSecs && !isset($_GET['logout'])) { 

    // Session is already authenticated 
    $ds = ldap_connect($ldapServer, $ldapPort); 
    if (ldap_bind($ds, $_SESSION['username'], $_SESSION['password'])) { 
     $_SESSION['lastactivity'] = time(); 
     return $ds; 
    } else { 
     unset($_SESSION['lastactivity'], $_SESSION['username'], $_SESSION['password']); 
     header("Location: endSession.php"); 
     exit; 
    } 

    } else if (isset($_POST['username'], $_POST['password'])) { 

    // Handle login requests 
    $ds = ldap_connect($ldapServer, $ldapPort); 
    if (ldap_bind($ds, $_POST['username'], $_POST['password'])) { 
     // Successful auth 
     $_SESSION['lastactivity'] = time(); 
     $_SESSION['username'] = $_POST['username']; 
     $_SESSION['password'] = $_POST['password']; 
     return $ds; 
    } else { 
     // Auth failed 
     header("Location: endSession.php"); 
     exit; 
    } 

    } else { 

    // Session has expired or a logout was requested 
    unset($_SESSION['lastactivity'], $_SESSION['username'], $_SESSION['password']); 
    header("Location: endSession.php"); 
    exit; 

    } 

}
「登錄」

只需在每個受保護頁面的頂部調用上述函數即可。這將處理所有的認證過程。如果用戶通過身份驗證,它將返回LDAP連接資源,如果不是,則將它們重定向到endSession.php

只需把此行的每一頁的頂部:

$ds = check_auth_ldap();

...和功能將盡一切跑腿爲您服務。

來源

2012-05-11 10:36:49 DaveRandom

+0

所以POST變量來自LDAP表單,對吧? – TheAptKid

+0

對不起,在這個問題中忘了解釋:POST變量來自登錄表單 - 所以你的登錄表單看起來像這樣:

'。您可以通過傳遞'logout'的GET參數來註銷 - 不管它的值是什麼,只要設置了密鑰 – DaveRandom

0

我剛寫了(和測試)這樣的:

test.php的

<?php 
session_start(); 

if(isset($_GET['start'])) 
    $_SESSION['start'] = time(); 

if(time() - $_SESSION['start'] > 10) 
    echo 'Logged out'; 
else 
    echo 'Logged in'; 

?>

如果你去test.php?start在您的瀏覽器,它會說 「登錄」,然後去在瀏覽器中test.php 10秒之後的任何時間,它會響應「註銷」,在10秒中的任何時候,它會說

來源

2012-05-11 10:11:12 vimist

1

通常需要基於uid的綁定。爲了達到這個目的,我修改了一些功能。 cn for bind來自基於用戶名uid的搜索操作。希望這可以幫助某人。

function check_auth_ldap() { 

    if (!($_POST['username'] && $_POST['password'])) { 

    header("Location: login.php?failure=6"); 

    } 

    $sessionTimeoutSecs = 10; 
    $ldapServer = localhost; 
    $ldapBaseDN = ou=users,ou=subtree,dc=domain,dc=tld; 
    $ldapPort = 389; 
    $ldapFilter = "(&(objectClass=*)(uid=".$_POST['username']."))"; 
    $ldapAttributes = array("cn"); 

    if (!isset($_SESSION)) session_start(); 

    if (!empty($_SESSION['lastactivity']) && $_SESSION['lastactivity'] > time() - $sessionTimeoutSecs && !isset($_GET['logout'])) { 

    // Session is already authenticated 
    $ds = ldap_connect($ldapServer, $ldapPort); 
    $sr = ldap_search($ds,$ldapBaseDN,$ldapFilter,$ldapAttributes); 
    $result = ldap_get_entries($ds, $sr); 

    if ($result) { 
     $binddn = $result[0]['dn']; 
    } else { 
     header("Location: login.php?failure=1"); 
    } 

    ldap_close ($ds); 

    $ds = ldap_connect($ldapServer, $ldapPort); 
    ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); 

    if (ldap_bind($ds, $binddn, $_SESSION['password'])) { 
     $_SESSION['lastactivity'] = time(); 
     return $ds; 
    } else { 
     unset($_SESSION['lastactivity'], $_SESSION['username'], $_SESSION['password']); 
     header("Location: login.php?failure=2"); 
     exit; 
    } 

    } else if (isset($_POST['username'], $_POST['password'])) { 

    // Handle login requests 
    $ds = ldap_connect($ldapServer, $ldapPort); 
    $sr = ldap_search($ds,$ldapBaseDN,$ldapFilter,$ldapAttributes); 
    $result = ldap_get_entries($ds, $sr); 

    if ($result) { 
     $binddn = $result[0]['dn']; 
    } else { 
     header("Location: login.php?failure=3"); 
    } 
    ldap_close ($ds); 

    $ds = ldap_connect($ldapServer, $ldapPort); 
    ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); 

    if (ldap_bind($ds, $binddn, $_POST['password'])) { 
     // Successful auth 
     $_SESSION['lastactivity'] = time(); 
     $_SESSION['username'] = $_POST['username']; 
     $_SESSION['password'] = $_POST['password']; 
     return $ds; 
    } else { 
     // Auth failed 
     header("Location: login.php?failure=4"); 
     exit; 
    } 

    } else { 

    // Session has expired or a logout was requested 
    unset($_SESSION['lastactivity'], $_SESSION['username'], $_SESSION['password']); 
    header("Location: login.php?failure=5"); 
    exit; 

    } 

}

來源

2015-06-24 06:57:38

相關問題

 相關問題