会话和LDAP

时间:2012-05-11 10:01:27

标签: php session ldap

我有一个网页。对网页的身份验证由我设置的ldap服务器处理。现在我不想实现会话,因此当用户处于非活动状态一段时间(在下面的情况下,10秒)时,会话将结束,用户将从ldap服务器取消绑定。我找到了这段代码:

<?php
    session_cache_expire(20);

    session_start(); 
    $inactive = 10;
    if(isset($_SESSION['start'])) {
        $session_life = time() - $_SESSION['start'];
        if($session_life > $inactive){
            header("Location: endSession.php"); 

        }
    }
    $_SESSION['start'] = time();
?>

它不起作用。如果我刷新页面,它会将我重定向到我的'endSession.php'页面,即使我活跃了。

3 个答案:

答案 0 :(得分:7)

function check_auth_ldap () {

  $sessionTimeoutSecs = 10;
  $ldapServer = '11.22.33.44';
  $ldapPort = 389;

  if (!isset($_SESSION)) session_start();

  if (!empty($_SESSION['lastactivity']) && $_SESSION['lastactivity'] > time() - $sessionTimeoutSecs && !isset($_GET['logout'])) {

    // Session is already authenticated
    $ds = ldap_connect($ldapServer, $ldapPort);
    if (ldap_bind($ds, $_SESSION['username'], $_SESSION['password'])) {
      $_SESSION['lastactivity'] = time();
      return $ds;
    } else {
      unset($_SESSION['lastactivity'], $_SESSION['username'], $_SESSION['password']);
      header("Location: endSession.php");
      exit;
    }

  } else if (isset($_POST['username'], $_POST['password'])) {

    // Handle login requests
    $ds = ldap_connect($ldapServer, $ldapPort);
    if (ldap_bind($ds, $_POST['username'], $_POST['password'])) {
      // Successful auth
      $_SESSION['lastactivity'] = time();
      $_SESSION['username'] = $_POST['username'];
      $_SESSION['password'] = $_POST['password'];
      return $ds;
    } else {
      // Auth failed
      header("Location: endSession.php");
      exit;
    }

  } else {

    // Session has expired or a logout was requested
    unset($_SESSION['lastactivity'], $_SESSION['username'], $_SESSION['password']);
    header("Location: endSession.php");
    exit;

  }

}

只需在每个受保护页面的顶部调用上述功能即可。这将处理所有身份验证过程。如果用户通过身份验证,它将返回LDAP连接资源,如果不是,则将其重定向到endSession.php

只需将此行放在每页的顶部:

$ds = check_auth_ldap();

...而且该功能将为您完成所有的工作。

答案 1 :(得分:2)

通常需要基于uid的绑定。我已经修改了一点功能来实现这个目的。 cn for bind来自基于uid for username的搜索操作。希望这可以帮助别人。

function check_auth_ldap () {

  if (!($_POST['username'] && $_POST['password'])) {

    header("Location: login.php?failure=6");

  }

  $sessionTimeoutSecs = 10;
  $ldapServer = localhost;
  $ldapBaseDN = ou=users,ou=subtree,dc=domain,dc=tld;
  $ldapPort = 389;
  $ldapFilter = "(&(objectClass=*)(uid=".$_POST['username']."))";
  $ldapAttributes = array("cn");

  if (!isset($_SESSION)) session_start();

  if (!empty($_SESSION['lastactivity']) && $_SESSION['lastactivity'] > time() - $sessionTimeoutSecs && !isset($_GET['logout'])) {

    // Session is already authenticated
    $ds = ldap_connect($ldapServer, $ldapPort);
    $sr = ldap_search($ds,$ldapBaseDN,$ldapFilter,$ldapAttributes);
    $result = ldap_get_entries($ds, $sr);

    if ($result) {
        $binddn = $result[0]['dn'];
    } else {
        header("Location: login.php?failure=1");
    }

    ldap_close ($ds);

    $ds = ldap_connect($ldapServer, $ldapPort);
    ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);

    if (ldap_bind($ds, $binddn, $_SESSION['password'])) {
      $_SESSION['lastactivity'] = time();
      return $ds;
    } else {
      unset($_SESSION['lastactivity'], $_SESSION['username'], $_SESSION['password']);
      header("Location: login.php?failure=2");
      exit;
    }

  } else if (isset($_POST['username'], $_POST['password'])) {

    // Handle login requests
    $ds = ldap_connect($ldapServer, $ldapPort);
    $sr = ldap_search($ds,$ldapBaseDN,$ldapFilter,$ldapAttributes);
    $result = ldap_get_entries($ds, $sr);

    if ($result) {
        $binddn = $result[0]['dn'];
    } else {
        header("Location: login.php?failure=3");
    }
    ldap_close ($ds);

    $ds = ldap_connect($ldapServer, $ldapPort);
    ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);

    if (ldap_bind($ds, $binddn, $_POST['password'])) {
      // Successful auth
      $_SESSION['lastactivity'] = time();
      $_SESSION['username'] = $_POST['username'];
      $_SESSION['password'] = $_POST['password'];
      return $ds;
    } else {
      // Auth failed
      header("Location: login.php?failure=4");
      exit;
    }

  } else {

    // Session has expired or a logout was requested
    unset($_SESSION['lastactivity'], $_SESSION['username'], $_SESSION['password']);
    header("Location: login.php?failure=5");
    exit;

  }

}

答案 2 :(得分:1)

我刚刚写了(并测试过):

<强> test.php的 

<?php
session_start();

if(isset($_GET['start']))
    $_SESSION['start'] = time();

if(time() - $_SESSION['start'] > 10)
    echo 'Logged out';
else 
    echo 'Logged in';

?>

如果您在浏览器中转到test.php?start,则会显示“已登录”,然后转到浏览器中的test.php,10秒后任何时间,它都会回显“已注销”,任何时间都不到10秒,它会说“登录”

相关问题
最新问题