在/module/user/ext/model里新建identify.php,代码如下:
- public function identify($account, $password)
- {
- if(!$account or !$password) return false;
- /**
- *ldap验证程序块,其中目录树的uid可以取同一个值,只要返回的数组(count>=1)其中有一项密码值通过验证,则表示通过ldap验证;
- *系统则不在重复验证密码,但还要验证用户名,因为要检查数据的完整性.
- *----------------------------------------Start---------------------------------------------*/
- $ldaphost="192.168.0.2";
- $ldapport=389;
- $ldapUid="cn=admin,dc=21com,dc=com";
- $ldapPwd="318296";
- $base_dn="dc=21com,dc=com";
- $filter="uid=".$account;
- $attributes=array("userPassword");
- $ds=ldap_connect($ldaphost,$ldapport) or die(js::error($this->lang->user->loginFailed));
- if($ds){
- ldap_set_option ( $ds, LDAP_OPT_PROTOCOL_VERSION, 3 );
- ldap_set_option ( $ds, LDAP_OPT_REFERRALS, 0 ); // Binding to ldap server
- $bd = ldap_bind($ds, $ldapUid, $ldapPwd) or die(js::error($this->lang->user->loginFailed));
- $sr=ldap_search($ds, $base_dn, $filter,$attributes);
- $count=ldap_count_entries($ds, $sr);
- if($count>0){
- $info=ldap_get_entries($ds, $sr);
- $ispass=FALSE;
- for($i=0;$i<$info['count'];$i++){
- $arrpwd=$info[$i]['userpassword'];
- if(in_array($password, $arrpwd)||in_array(md5($password), $arrpwd)){
- $ispass=TRUE;
- break;
- }
- }
- if($ispass){//通过则进入系统用户名验证
- $this->dao->update(TABLE_USER)->set('password')->eq(md5($password))->where('account')->eq($account)->exec();
- }else{
- die(js::error($this->lang->user->loginFailed));die(1);
- }
- }else{
- die(js::error($this->lang->user->loginFailed));die(2);
- }
- ldap_unbind($ds);
- }
- ldap_close($ds);
- /*-------------------------------------End------------------------------------------------*/
- /* Get the user first. If $password length is 32, don't add the password condition. */
- $user = $this->dao->select('*')->from(TABLE_USER)
- ->where('account')->eq($account)
- //->beginIF(strlen($password) < 32)->andWhere('password')->eq(md5($password))->fi()//不验证密码
- //->andWhere('deleted')->eq(0)//不验证用户是否禁用
- ->fetch();
- /* If the length of $password is 32 or 40, checking by the auth hash. */
- if($user and strlen($password) == 32)
- {
- $hash = $this->session->rand ? md5($user->password . $this->session->rand) : $user->password;
- $user = $password == $hash ? $user : '';
- }
- elseif($user and strlen($password) == 40)
- {
- $hash = sha1($user->account . $user->password . $user->last);
- $user = $password == $hash ? $user : '';
- }
- if($user)
- {
- $ip = $this->server->remove_addr;
- $last = $this->server->request_time;
- $this->dao->update(TABLE_USER)->set('visitsvisits = visits + 1')->set('ip')->eq($ip)->set('last')->eq($last)->where('account')->eq($account)->exec();
- $user->last = date(DT_DATETIME1, $user->last);
- }
- return $user;
- }
有关禅道方法重写的问题请参照禅道插件说明,下面有pdf。
转载于:https://blog.51cto.com/jkers/579787