Using VT Authentication with PHP
General Information
You can provide Virginia Tech authentication (PID/password
integration) within your dynamic Web site/Web application.
However, in order to adhere to Virginia Tech policies,
you must guarantee that the PID and password never pass
the network in clear text. This means that Virginia Tech
authentication can only be used with a server that supports
Secure Sockets Layer (SSL) (You recognize this by looking
at the protocol -- https:// rather than http://). Therefore,
if you want to use authentication with the VT Web hosting
service, you need to make sure your Web application is
only accessible at: https://secure.hosting.vt.edu/...
(For example: https://secure.hosting.vt.edu/www.mysite.vt.edu/).
Creating a Form
(download form sample)
Begin the authentication process by first creating a form that will take in the users pid and password and pass it to the authentication script.
<html>
<head>
<title>sample</title>
</head>
<body>
<?php
// check to make sure that the site is secure
if ($_SERVER["HTTP_HOST"]!="secure.hosting.vt.edu") {
Header("Location: https://secure.hosting.vt.edu/".$_SERVER["HTTP_HOST"].$_SERVER["PHP_SELF"]);
}
?>
<p>Sample Login Form</p>
<!-- create the “main” form with an input text box named pid and a password text box named password -->
<form name="main" method="post" action="authcheck.php">
<table>
<tr>
<td align="right">PID: </td>
<td> <input name="pid" type="text" id="pid"> </td>
</tr>
<tr>
<td align="right">password: </td>
<!-- make sure this is type “password”! -->
<td> <input name="password" type="password" id="password"> </td>
</tr>
<tr>
<td align="center" colspan="2"><input name="btnsubmit" type="submit" value="Submit"></td>
</tr>
</table>
</form>
</body>
</html>
|
Authenticating the User
(download PHP authentication sample)
The form variables are passed into authcheck.php and obtained locally from the $_POST superglobal. If the user's Distinguished Name (DN) is found, the code will try to “bind” as the user. If the bind is successful, the user is authenticated.
<?php
// check to make sure that the site is secure
if ($_SERVER["HTTP_HOST"]!="secure.hosting.vt.edu") {
Header("Location: https://secure.hosting.vt.edu/".$_SERVER["HTTP_HOST"].$_SERVER["PHP_SELF"]);
}
$host = 'ldap://authn.directory.vt.edu';
$baseDn = 'ou=accounts,dc=vt,dc=edu';
$pid = $_POST['pid']; // get these values explicitly from the POST
$credential = $_POST['password'];
/*ldap will bind anonymously, make sure we have some credentials*/
if (isset($pid) && $pid != '' && isset($credential)) {
$ldap = ldap_connect($host);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_start_tls($ldap);
if (isset($ldap) && $ldap != '') {
/* search for pid dn */
$result = @ldap_search($ldap, $baseDn, 'uupid='.$pid, array('dn'));
if ($result != 0) {
$entries = ldap_get_entries($ldap, $result);
$principal = $entries[0]['dn'];
if (isset($principal)) {
/* bind as this user */
if (@ldap_bind($ldap, $principal, $credential)) {
print('Authenticate success');
} else {
print('Authenticate failure');
}
} else {
print('User not found in LDAP');
}
ldap_free_result($result);
} else {
print('Error occured searching the LDAP');
}
ldap_close($ldap);
} else {
print('Could not connect to LDAP at '.$host);
}
}
?>
|
|
