I need help between levels of access, I'll post part of the code. It is a connection in Active Directory (AD), authenticating the user and searching to which group it belongs to.
This is the login.php code
<?php
include("auth.php");
// check to see if user is logging out
if(isset($_GET['out'])) {
// destroy session
session_unset();
$_SESSION = array();
unset($_SESSION['username'],$_SESSION['access']);
session_destroy();
}
// check to see if login form has been submitted
if(isset($_POST['username'])){
// run information through authenticator
if(authenticate($_POST['username'],$_POST['userPassword']))
{
header("Location: assets/procge.php");
die();
} else {
$error = 1;
}
}
?>
<form action="#" class="form-signin" method="POST">
<h2 style="text-align:center; font-size: 18px;">Para acesso Telas BI, <br />realize o login.</h2>
<?php
if(isset($error)) echo "<div style='color:#ff0000; text-align:center;'>ERRO!<br /> Usuário e senha inválidos ou sem acesso.</div><br />";
if(isset($_GET['out'])) echo "Sucesso ao deslogar!!!";
?>
<label for="inputEmail" class="sr-only">Usuário</label>
<input id="username" type="text" name="username" autocorrect="off" autocapitalize="off" class="form-control" placeholder="Usuário" />
<label for="inputPassword" class="sr-only">Senha</label>
<input type="password" name="userPassword" id="password" autocomplete="off" class="form-control" placeholder="Senha">
<input class="btn btn-success" name="submit" value="Acessar" type="submit">
</form>
Here the Auth.php screen
<?php
function authenticate($username, $password) {
if(empty($username) || empty($password)) return false;
$adServer = "ldap://10.10.100.23";
$ldap = ldap_connect($adServer);
$ldaprdn = 'dominio' . "\" . $username;
$grupolda = 'DC=dominio,DC=com,DC=br';
$grupo1 = 'grupo1';
$grupo2 = 'grupo2';
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
$bind = @ldap_bind($ldap, $ldaprdn, $password);
if ($bind) {
$filter="(sAMAccountName=$username)";
$attr = array("memberof");
$result = ldap_search($ldap,"$grupolda",$filter);
ldap_sort($ldap,$result,"sn");
$info = ldap_get_entries($ldap, $result);
for ($i=0; $i<$info["count"]; $i++) {
if($info['count'] > 1)
break;
echo "<p>Acesso ao A.D. <strong> ". $info[$i]["givenname"][0]." ".$info[$i]["sn"][0] ."</strong><br /> </p>\n";
$userDn = $info[$i]["distinguishedname"][0];
}
// check os grupos
foreach($info[0]['memberof'] as $grps) {
$access = 0;
if(strpos($grps, $grupo1) !== false) {
//Se pertence a esse grupo da acesso 1, somente a esse grupo
$access += 1;
}
elseif(strpos($grps, $grupo2) !== false) {
//Se pertence a esse grupo da acesso 2, somente a esse grupo
$access += 2;
break;
}
}
if($access != 0) {
// Cria as sessões do usuário
$_SESSION['username'] = $username;
$_SESSION['access'] = $access;
return true;
} else {
$_SESSION['loginErro'] = $erro;
// Sem direitos
return false;
}
} else {
// Usuário e senha inválidos
return false;
}
}
?>
When the user is in only one of the groups, it works, if it belongs to group1 it takes the page from group1, If it belongs to group2 it takes the page of group2.
But when it belongs to the two groups group1 and 2 with access 3, it always returns to one of the hits, leading to an individual page and not the page that should give access.
If someone can give you an orientation on how to proceed
This is procge.php
<?php
// initialize session
session_start();
if($_SESSION['access'] == 1){
header("Location:../grupo1/index.php");
}
if($_SESSION['access'] == 2){
header("Location: ../grupo2/index.php");
}
if($_SESSION['access'] == 3){
header("Location: ../grupo1e2/index.php");
}
else{
$_SESSION['access'] !== "Erro! Sem permissão de acesso.";
break;
header("Location: ../index.php");
}
?>
This is the login: