session help

[soddengecko]

Hi All

 

I am building a script to authenticate users against active directory. I have this working fine on the main page. I enter my user details and click submit and I log in fine. My problems start when I try to navigate to another page on the site. I get the login box appear again.

 

My header is a separate file and is included in all pages, in the header is the login script below.

 

I know the session variables still exist from page to page as I can output them with print_r on every page but the page still fails to authenticate and already logged in user.

 

can anyone please shed some light on this?

<?php 
session_start(); 

function authenticate() { 
?>
<form action="" method="POST"> 
<div style="height:10%"></div>

<table cellspacing="0" cellpadding="0" border="0" align="center" class="loginBox"> 
	<tr> 
		<td colspan="2" class="topbar">New User Info</td> 
	</tr> 
	<tr> 
		<td colspan="2"><img src="images/header_top.jpg" alt="New User Info" width="270" height="46" class="loginImage" /></td> 
	</tr> 
	<tr><td colspan="2" height="36" class="error"><?php print $login_error; ?></td></tr> 
	<tr>	
		<td class="loginLabel">Username:</td> 
		<td class="loginField"><input type="text" name="loginname" value="" /></td> 
	</tr> 
	<tr> 
		<td class="loginLabel">Password:</td> 
		<td class="loginField"><input type="password" name="loginpass" valign="bottom" /></td> 
	</tr> 
	<tr><td colspan="2" height="12"></td></tr> 
	<tr class="footerImage"> 
		<td colspan="2" class="loginBottom"><input type="submit" class="loginButton" value="Login"></td> 
	</tr> 
</table>  
</form> 
   <?php
   exit;
} 


$loginname = $_POST['loginname'];
$loginpass = $_POST['loginpass'];


if(!isset($loginname) && isset($_SESSION['user']) && isset($_SESSION['password']) && isset($_SESSION['domain'])){ //if the session does not exist, call the authentication script again
   authenticate(); 
} 
else{ //grab the username and password enetered and process it against the AD site
   $_SESSION["domain"] = $domain = 'MYDOMAIN'; // <- your domain 
   $_SESSION["user"] = strtoupper($loginname); 
   $_SESSION["password"] = $loginpass; 
   
   // this is the active directory details we need to verify authentication.
   $LDAPServerAddress1="XXX.XXX.XXX.XXX"; // <- IP address for your 1st DC  
   $LDAPServerPort="389"; 
   $LDAPServerTimeOut ="60"; 
   $LDAPContainer="dc=MYDOMAIN,dc=LOCAL"; // <- your domain info 
   $BIND_username = "MYDOAMIN\\administrator"; // <- an account in AD to test using 
   $BIND_password = "PASSWORD"; 
   $filter = "sAMAccountName=".$_SESSION["user"]; 
   $login_error_code = 0; 
   
if(($ds=ldap_connect($LDAPServerAddress1)) ) { 
      ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); 
      ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); 
       
      if($r=ldap_bind($ds,$BIND_username,$BIND_password)) { 
         if($sr=ldap_search($ds, $LDAPContainer, $filter, array('distinguishedName'))) { 
            if($info = ldap_get_entries($ds, $sr)) { 
               $BIND_username = $info[0]['distinguishedname'][0]; 
               $BIND_password = $_SESSION["password"]; 
               if ($r2=ldap_bind($ds,$BIND_username,$BIND_password)) { 
                  if($sr2=@ldap_search($ds, $LDAPContainer, $filter, array("givenName","sn","mail","displayName","samaccountname","telephonenumber","mobile","l","department","company","manager","physicaldeliveryofficename","distinguishedname"))) { 
                     if($info2 = @ldap_get_entries($ds, $sr2)) { 

                        //retrieve all required data from AD and store them as session variables.
                        $_SESSION["name"] = $info2[0]["givenname"][0]." ".$info2[0]["sn"][0];
                        $_SESSION["firstName"] = $info2[0]["givenname"][0]; 
                        $_SESSION["lastName"] = $info2[0]["sn"][0]; 
                        $_SESSION["email"] = $info2[0]["mail"][0]; 
                        $_SESSION["displayname"] = $info2[0]["displayname"][0];
                        $_SESSION["ntlogon"] = $info2[0]["samaccountname"][0]; //session name = AD field
                        $_SESSION["telephone"] = $info2[0]["telephonenumber"][0];
                        $_SESSION["mobile"] = $info2[0]["mobile"][0];
                        $_SESSION["location"] = $info2[0]["l"][0];
                        $_SESSION["department"] = $info2[0]["department"][0];
                        $_SESSION["company"] = $info2[0]["company"][0];
                        $_SESSION["manager"] = $info2[0]["manager"][0];
                        $_SESSION["office"] = $info2[0]["physicaldeliveryofficename"][0];
                        $_SESSION["dn"] = $info2[0]["distinguishedname"][0];
                        
                     } else { 
                        $login_error = "Could not read entries"; $login_error_code=1; 
                     } 
                  } else { 
                     $login_error = "Could not search"; $login_error_code=2; 
                  } 
               } else { 
                  $login_error = "User password incorrect"; $login_error_code=3; 
               } 
            } else { 
               $login_error = "User name not found"; $login_error_code=4; 
            } 
         } else { 
            $login_error = "Could not search"; $login_error_code=5; 
         } 
      } else { 
         $login_error = "Could not bind"; $login_error_code=6; 
      } 
   } 
   else { 
      $login_error = "Could not connect"; $login_error_code=7; 
   } 
    
   if($login_error_code > 0) { 
    //authenticate(); // if the error code is greater than 0 then fail and ask for authentication again. 
    //print $login_error; //print the login error for debugging
   }
   else {
   
   }

} 
?>

 

 

If anyone needs a further explanation then let me know

 

TIA

Mark