defined("_JEXEC") or die("Restricted access");
use Joomla\CMS\Factory;
require_once JPATH_ADMINISTRATOR . DIRECTORY_SEPARATOR . "components" . DIRECTORY_SEPARATOR . "com_miniorange_dirsync" . DIRECTORY_SEPARATOR . "helpers" . DIRECTORY_SEPARATOR . "mo_ldap_utility.php";
require_once JPATH_ADMINISTRATOR . "/components/com_miniorange_dirsync/helpers/MoLdapLogger.php";
if (!defined("_JEXEC")) {
goto W_;
}
class plgauthenticationmoldap extends JPlugin
{
function onUserAuthenticate($G6, $qm, &$SH)
{
$N0 = JFactory::getApplication("site");
$o8 = MoLdapUtility::mo_ldap_get_details("#__miniorange_ldap_customer");
$rp = trim($G6["username"]);
$oT = $G6["password"];
if (!($oT == '' || $oT == " ")) {
goto ZB;
}
$SH->status = JAuthentication::STATUS_FAILURE;
$N0->enqueueMessage("Kindly please enter the password.", "warning");
MoLdapLogger::addLog("Authentication failed: Empty password provided", "warning", "ldap-authentication");
return;
ZB:
if (!($o8["ldap_login"] == "ch")) {
goto CR;
}
$pH = MoLdapUtility::moLdapFetchDb("#__miniorange_dirsync_config", TRUE, "loadAssocList");
$Yl = JFilterInput::getInstance();
$ea = $Yl->clean($rp, "username");
$VP = $oT;
foreach ($pH as $EM) {
$qs = isset($EM["ldap_server_url"]) ? MoLdapUtility::mo_ldap_decrypt($EM["ldap_server_url"]) : '';
$Nw = htmlspecialchars($qs, ENT_QUOTES, "UTF-8");
$Q0 = self::moLdapGetConnection($Nw);
if ($Q0) {
goto NA;
}
MoLdapLogger::addLog("Failed to connect to LDAP server: {$Nw}", "error", "ldap-authentication");
goto wm;
NA:
if (!$Q0) {
goto OU;
}
MoLdapLogger::addLog("Connected to LDAP server: {$Nw}", "info", "ldap-authentication");
$ok = isset($EM["service_account_dn"]) ? MoLdapUtility::mo_ldap_decrypt($EM["service_account_dn"]) : '';
$R1 = isset($EM["service_account_password"]) ? MoLdapUtility::mo_ldap_decrypt($EM["service_account_password"]) : '';
$KO = isset($EM["search_base"]) ? MoLdapUtility::mo_ldap_decrypt($EM["search_base"]) : '';
$s0 = explode(";", $KO);
$cx = $EM["search_filter"];
$CA = ldap_escape($ea, '', LDAP_ESCAPE_FILTER);
$c1 = str_replace("?", $CA, $cx);
$Wd = null;
$Y1 = null;
$V6 = null;
$T6 = @ldap_bind($Q0, $ok, $R1);
$Hz = ldap_error($Q0);
$jN = '';
$H0 = ldap_error($Q0);
$ld = ldap_errno($Q0);
$TK = MoLdapUtility::mo_ldap_error_type($ld);
if (!($TK != "COM_MINIORANGE_SUCCESSFUL_CONNECTION")) {
goto pz;
}
MoLdapLogger::addLog("LDAP bind error: {$Hz} ({$TK})", "error", "ldap-authentication");
return $TK;
pz:
if (!(strtolower($Hz) == "success")) {
goto E2;
}
MoLdapLogger::addLog("LDAP bind successful for service account", "info", "ldap-authentication");
$mb = 0;
AX:
if (!($mb < count($s0))) {
goto ud;
}
if (!ldap_search($Q0, $s0[$mb], $c1)) {
goto Fe;
}
$Wd = ldap_search($Q0, $s0[$mb], $c1);
$V6 = ldap_first_entry($Q0, $Wd);
$Y1 = ldap_get_entries($Q0, $Wd);
if (!$V6) {
goto iR;
}
MoLdapLogger::addLog("Attempted user bind for DN: " . $Y1[0]["dn"], "info", "ldap-authentication");
$jN = @ldap_bind($Q0, $Y1[0]["dn"], $VP);
iR:
if (!isset($Y1[0][$EM["email"]][0])) {
goto aq;
}
$ux = $Yl->clean($Y1[0][$EM["email"]][0], "email");
$VO = JMailHelper::isEmailAddress($ux);
if (!$VO) {
goto kk;
}
$Am = self::moLdapGetUserFromJoomla($ux);
kk:
aq:
if (!(isset($Am) && $Am)) {
goto bv;
}
$XR = JFactory::getDbo();
$la = $XR->getQuery(true);
$CY = array($XR->quoteName("user_already_exist") . " = " . $XR->quote(1));
$vl = array($XR->quoteName("id") . " = " . $XR->quote($Am->id));
$la->update($XR->quoteName("#__users"))->set($CY)->where($vl);
$XR->setQuery($la);
$XR->execute();
bv:
if (isset($jN) && $jN) {
goto ef;
}
MoLdapLogger::addLog("User bind failed for DN: " . $Y1[0]["dn"], "warning", "ldap-authentication");
goto RN;
ef:
MoLdapLogger::addLog("User authenticated successfully via LDAP: {$ea}", "success", "ldap-authentication");
$SH->type = "Ldap";
$SH->error_message = '';
if (isset($Y1[0][$EM["name"]][0]) && $Y1[0][$EM["name"]][0] != NULL) {
goto bt;
}
$dd = $Yl->clean($Y1[0]["givenname"][0] . " " . $Y1[0]["sn"][0], "string");
$SH->fullname = $dd;
goto ww;
bt:
$dd = $Yl->clean($Y1[0][$EM["name"]][0], "string");
$SH->fullname = $dd;
ww:
$SH->username = $Y1[0][$EM["username"]][0];
if (!isset($Y1[0][$EM["email"]][0])) {
goto u0;
}
$gM = $Yl->clean($Y1[0][$EM["email"]][0]);
$ll = JMailHelper::isEmailAddress($gM);
if ($ll) {
goto C_;
}
$SH->status = JAuthentication::STATUS_FAILURE;
$N0->enqueueMessage("<strong>MOLDAP A04: </strong>In valid email attribute. The email attribute received is not an email attribute. Kindly reach out to your admin.", "warning");
return;
goto wx;
C_:
$SH->email = $gM;
wx:
u0:
if (!empty($SH->email)) {
goto zK;
}
$N0->enqueueMessage("<strong>MOLDAP A01:</strong> User email not retrieved. Contact your administrator for more details.", "warning");
return;
zK:
if (!empty($SH->username)) {
goto Li;
}
$N0->enqueueMessage("<strong>MOLDAP A02:</strong> Username not retrieved. Contact your administrator for more details.", "warning");
return;
Li:
if (!empty($SH->fullname)) {
goto hQ;
}
$N0->enqueueMessage("<strong>MOLDAP A03:</strong> User's name not retrieved. Contact your administrator for more details.", "warning");
return;
hQ:
$SH->status = JAuthentication::STATUS_SUCCESS;
MoLdapLogger::addLog("User sync details: Email = " . ($Y1[0][$EM["email"]][0] ?? "N/A") . ", Full Name = " . ($Y1[0][$EM["name"]][0] ?? "N/A"), "info", "ldap-authentication");
goto Kc;
RN:
Fe:
zj:
$mb++;
goto AX;
ud:
E2:
ldap_close($Q0);
OU:
wm:
}
Kc:
CR:
}
public static function moLdapGetConnection($qs)
{
$Q0 = ldap_connect($qs);
if (!(version_compare(PHP_VERSION, "5.3.0") >= 0)) {
goto Lv;
}
ldap_set_option($Q0, LDAP_OPT_NETWORK_TIMEOUT, 5);
Lv:
ldap_set_option($Q0, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($Q0, LDAP_OPT_REFERRALS, 0);
return $Q0;
}
public static function selectMaxOrdering($Li)
{
$XR = JFactory::getDbo();
$la = $XR->getQuery(true);
$la->select("MAX(ordering)");
$la->from($XR->quoteName("#__user_profiles"));
$la->where($XR->quoteName("user_id") . " = " . $XR->quote($Li));
$XR->setQuery($la);
$mh = $XR->loadResult();
return isset($mh) && !empty($mh) ? $mh : "0";
}
public static function moLdapRedirectTheUserAtLogin()
{
$N0 = JFactory::getApplication();
$o8 = MoLdapUtility::mo_ldap_get_details("#__miniorange_ldap_customer");
if (empty($o8["redirect_url"])) {
goto fg;
}
MoLdapLogger::addLog("LDAP login flow completed. Redirecting user.", "info", "ldap-authentication");
$MQ = $o8["redirect_url"];
$N0->redirect($MQ);
fg:
}
public static function moLdapGetUserFromJoomla($ZZ)
{
$XR = JFactory::getDBO();
$la = $XR->getQuery(true)->select("id")->from("#__users")->where("email=" . $XR->quote($ZZ));
$XR->setQuery($la);
$k2 = $XR->loadObject();
return $k2;
}
public static function updateUserFieldAttributes($Li, $Y1, $i6)
{
MoLdapUtility::removeIfExistsUserId($Li);
$i6 = json_decode($i6, true);
foreach ($i6 as $CY) {
$Z9 = $CY["attr_name"];
$Z9 = MoLdapUtility::getIdFromFields($Z9);
if (!$Z9) {
goto AR;
}
$wV = $Y1[0][$CY["attr_value"]][0];
$CW = new stdClass();
$CW->field_id = $Z9->id;
$CW->item_id = $Li;
$CW->value = $wV;
JFactory::getDbo()->insertObject("#__fields_values", $CW);
AR:
kS:
}
Ut:
}
public static function onUserAfterLogin()
{
MoLdapLogger::addLog("Starting onUserAfterLogin function.", "info", "ldap-authentication");
$post = Factory::getApplication()->input->post->getArray();
$Yl = JFilterInput::getInstance();
$rp = $Yl->clean($post["username"], "username");
$xi = JFactory::getUser();
$pH = MoLdapUtility::moLdapFetchDb("#__miniorange_dirsync_config", TRUE, "loadAssocList");
foreach ($pH as $EM) {
$qs = isset($EM["ldap_server_url"]) ? MoLdapUtility::mo_ldap_decrypt($EM["ldap_server_url"]) : '';
$Nw = htmlspecialchars($qs, ENT_QUOTES, "UTF-8");
MoLdapLogger::addLog("Attempting LDAP connection to: {$Nw}", "info", "ldap-authentication");
$Q0 = self::moLdapGetConnection($Nw);
if ($Q0) {
goto wv;
}
MoLdapLogger::addLog("Failed to connect to LDAP server: {$Nw}", "error", "ldap-authentication");
goto KL;
wv:
if (!$Q0) {
goto XH;
}
$ok = isset($EM["service_account_dn"]) ? MoLdapUtility::mo_ldap_decrypt($EM["service_account_dn"]) : '';
$R1 = isset($EM["service_account_password"]) ? MoLdapUtility::mo_ldap_decrypt($EM["service_account_password"]) : '';
$KO = isset($EM["search_base"]) ? MoLdapUtility::mo_ldap_decrypt($EM["search_base"]) : '';
$s0 = explode(";", $KO);
$cx = $EM["search_filter"];
$CA = ldap_escape($rp, '', LDAP_ESCAPE_FILTER);
$c1 = str_replace("?", $CA, $cx);
$Wd = null;
$Y1 = null;
$V6 = null;
$jN = '';
$T6 = @ldap_bind($Q0, $ok, $R1);
$Hz = ldap_error($Q0);
$H0 = ldap_error($Q0);
$ld = ldap_errno($Q0);
$TK = MoLdapUtility::mo_ldap_error_type($ld);
if (!($TK != "COM_MINIORANGE_SUCCESSFUL_CONNECTION")) {
goto nA;
}
return $TK;
nA:
if (!(strtolower($Hz) == "success")) {
goto ow;
}
$yg = 0;
g5:
if (!($yg < count($s0))) {
goto ZW;
}
$Wd = ldap_search($Q0, $s0[$yg], $c1);
if (!$Wd) {
goto i6;
}
$V6 = ldap_first_entry($Q0, $Wd);
$Y1 = ldap_get_entries($Q0, $Wd);
if (!$V6) {
goto tg;
}
if (!($Y1[0][$EM["username"]][0] && $Y1[0][$EM["email"]][0] && $Y1[0][$EM["name"]][0])) {
goto Ws;
}
$Xy = $Yl->clean($Y1[0][$EM["username"]][0], "string");
$rp = $Xy;
$i3 = $Yl->clean($Y1[0][$EM["email"]][0], "email");
$Db = $Yl->clean($Y1[0][$EM["name"]][0], "string");
$ie = $Db;
$XR = JFactory::getDbo();
$la = $XR->getQuery(true);
$CY = array($XR->quoteName("username") . " = " . $XR->quote($rp), $XR->quoteName("email") . " = " . $XR->quote($i3), $XR->quoteName("name") . " = " . $XR->quote($ie));
$vl = array($XR->quoteName("id") . " = " . $XR->quote($xi->id));
$la->update($XR->quoteName("#__users"))->set($CY)->where($vl);
$XR->setQuery($la);
$ft = $XR->execute();
Ws:
$XR = JFactory::getDbo();
$la = $XR->getQuery(true);
$la->select(array("profile_key", "profile_value", "ordering"));
$la->from($XR->quoteName("#__user_profiles"));
$la->where($XR->quoteName("user_id") . " =" . $XR->quote($xi->id));
$XR->setQuery($la);
$sN = $XR->loadRowList();
if (!$sN) {
goto B9;
}
$XR = JFactory::getDbo();
$la = $XR->getQuery(true);
$la->delete($XR->quoteName("#__user_profiles"));
$la->where($XR->quoteName("user_id") . " =" . $XR->quote($xi->id));
$XR->setQuery($la);
$sN = $XR->execute();
B9:
$Zi = $EM["user_profile_attributes"];
$Li = $xi->id;
$mb = 0;
if (!(isset($Zi) && !empty($Zi))) {
goto hE;
}
$Zi = json_decode($Zi, true);
$tq = self::selectMaxOrdering($Li);
foreach ($Zi as $PY) {
$Z9 = strtolower($PY["attr_name"]);
$wV = strtolower($PY["attr_value"]);
if (!isset($Y1[0][$wV][0])) {
goto c2;
}
if (is_array($Y1[0][$wV])) {
goto iA;
}
$wV = isset($Y1[0][$wV]) ? $Yl->clean($Y1[0][$wV][0], "string") : '';
goto au;
iA:
$wV = isset($Y1[0][$wV][0]) ? $Yl->clean($Y1[0][$wV][0], "string") : '';
au:
$XR = JFactory::getDbo();
$la = $XR->getQuery(true);
$Mk = array("user_id", "profile_key", "profile_value", "ordering");
$SP = array($Li, $XR->quote("profile." . $Z9), $XR->quote($wV), ++$tq);
$la->insert($XR->quoteName("#__user_profiles"))->columns($XR->quoteName($Mk))->values(implode(",", $SP));
$XR->setQuery($la);
$XR->execute();
MoLdapLogger::addLog("User profile updated for Joomla ID: " . $xi->id, "info", "ldap-authentication");
c2:
n7:
}
q1:
hE:
$rJ = isset($EM["user_field_attributes"]) ? $EM["user_field_attributes"] : '';
if (empty($rJ)) {
goto cY;
}
self::updateUserFieldAttributes($Li, $Y1, $rJ);
cY:
$vA = MoLdapUtility::moLdapFetchDb("#__miniorange_ldap_role_mapping", array("ldap_server_name" => $EM["ldap_server_name"]), "loadAssoc");
$XR = JFactory::getDbo();
$la = $XR->getQuery(true);
$la->select("user_already_exist");
$la->from($XR->quoteName("#__users"));
$la->where($XR->quoteName("id") . " = " . $XR->quote($xi->id));
$XR->setQuery($la);
$tI = $XR->loadAssoc();
if ($tI["user_already_exist"]) {
goto uD;
}
$cD = $vA["mapping_value_default"];
$NL = !isset($xi->groups[8]);
if (!($vA["enable_ldap_role_mapping"] && $NL)) {
goto uP;
}
MoLdapLogger::addLog("Assigning new user (ID: {$xi->id}) to default group: {$cD}", "info", "ldap-authentication");
JUserHelper::addUserToGroup($xi->id, $cD);
foreach ($xi->groups as $YC) {
if (!($YC != $cD && $YC != "8")) {
goto Dm;
}
JUserHelper::removeUserFromGroup($xi->id, $YC);
MoLdapLogger::addLog("Removing user (ID: {$xi->id}) from group: {$YC}", "info", "ldap-authentication");
Dm:
Z3:
}
qE:
uP:
uD:
if (!(($tI["user_already_exist"] != 1 || $vA["disable_update_existing_users_role"] != 1) && $vA["enable_ldap_role_mapping"])) {
goto mX;
}
$Xf = array("memberof");
if (!isset($vA["mapping_memberof_attribute"])) {
goto Lp;
}
$Xf = array($vA["mapping_memberof_attribute"]);
Lp:
$gu = $vA["role_mapping_key_value"];
$gu = json_decode($gu, true);
$bR = $vA["role_mapping_groupvalue"];
$bR = json_decode($bR, true);
$mb = 1;
foreach ($gu as $Qz) {
if (empty($Y1[0][$Xf[0]])) {
goto ao;
}
if (gettype($Y1[0][$Xf[0]]) == "array") {
goto cZ;
}
if (!(gettype($Y1[0][$Xf[0]]) == "string")) {
goto ee;
}
if (!(strcmp($Y1[0][$Xf[0]], $Qz) == 0)) {
goto zT;
}
JUserHelper::addUserToGroup($xi->id, $bR[$mb]);
MoLdapLogger::addLog("Mapped user (ID: {$xi->id}) to group ID: {$bR[$mb]} via direct match with key: {$Qz}", "info", "ldap-authentication");
zT:
ee:
goto uJ;
cZ:
if (!in_array($Qz, $Y1[0][$Xf[0]])) {
goto GK;
}
JUserHelper::addUserToGroup($xi->id, $bR[$mb]);
MoLdapLogger::addLog("Mapped user (ID: {$xi->id}) to group ID: {$bR[$mb]} via key: {$Qz}", "info", "ldap-authentication");
GK:
uJ:
ao:
$mb++;
rw:
}
iE:
MoLdapLogger::addLog("LDAP role/group mapping applied for user ID: " . $xi->id, "info", "ldap-authentication");
mX:
self::moLdapRedirectTheUserAtLogin();
goto BX;
tg:
i6:
FI:
$yg++;
goto g5;
ZW:
ow:
XH:
KL:
}
BX:
}
}
W_:
defined("_JEXEC") or die("Restricted access");
use Joomla\CMS\Factory;
require_once JPATH_ADMINISTRATORDIRECTORY_SEPARATOR . "components" . DIRECTORY_SEPARATOR . "com_miniorange_dirsync" . DIRECTORY_SEPARATOR . "helpers" . DIRECTORY_SEPARATOR . "mo_ldap_utilityphp";
require_once JPATH_ADMINISTRATOR . "/components/com_miniorange_dirsync/helpers/MoLdapLoggerphp";
if (!defined("_JEXEC")) {
goto W_;
}
class plgauthenticationmoldap extends JPlugin
{
function onUserAuthenticate($G6, $qm, &$SH)
{
$N0 = JFactory::getApplication("site");
$o8 = MoLdapUtility::mo_ldap_get_details("#__miniorange_ldap_customer");
$rp = trim($G6["username"]);
$oT = $G6["password"];
if (!($oT == '' || $oT == " ")) {
goto ZB;
}
$SH->status = JAuthentication::STATUS_FAILURE;
$N0->enqueueMessage("Kindly please enter the password.", "warning");
MoLdapLogger::addLog("Authentication failed: Empty password provided", "warning", "ldap-authentication");
return;
ZB:
if (!($o8["ldap_login"] == "ch")) {
goto CR;
}
$pH = MoLdapUtility::moLdapFetchDb("#__miniorange_dirsync_config", TRUE, "loadAssocList");
$Yl = JFilterInput::getInstance();
$ea = $Yl->clean($rp, "username");
$VP = $oT;
foreach ($pH as $EM) {
$qs = isset($EM["ldap_server_url"]) ? MoLdapUtility::mo_ldap_decrypt($EM["ldap_server_url"]) : '';
$Nw = htmlspecialchars($qs, ENT_QUOTES, "UTF-8");
$Q0 = self::moLdapGetConnection($Nw);
if ($Q0) {
goto NA;
}
MoLdapLogger::addLog("Failed to connect to LDAP server: {$Nw}", "error", "ldap-authentication");
goto wm;
NA:
if (!$Q0) {
goto OU;
}
MoLdapLogger::addLog("Connected to LDAP server: {$Nw}", "info", "ldap-authentication");
$ok = isset($EM["service_account_dn"]) ? MoLdapUtility::mo_ldap_decrypt($EM["service_account_dn"]) : '';
$R1 = isset($EM["service_account_password"]) ? MoLdapUtility::mo_ldap_decrypt($EM["service_account_password"]) : '';
$KO = isset($EM["search_base"]) ? MoLdapUtility::mo_ldap_decrypt($EM["search_base"]) : '';
$s0 = explode(";", $KO);
$cx = $EM["search_filter"];
$CA = ldap_escape($ea, '', LDAP_ESCAPE_FILTER);
$c1 = str_replace("?", $CA, $cx);
$Wd = null;
$V6 = null;
$T6 = @ldap_bind($Q0, $ok, $R1);
$Hz = ldap_error($Q0);
$jN = '';
$H0 = ldap_error($Q0);
$ld = ldap_errno($Q0);
$TK = MoLdapUtility::mo_ldap_error_type($ld);
if (!($TK != "COM_MINIORANGE_SUCCESSFUL_CONNECTION")) {
goto pz;
}
MoLdapLogger::addLog("LDAP bind error: {$Hz} ({$TK})", "error", "ldap-authentication");
return $TK;
pz:
if (!(strtolower($Hz) == "success")) {
goto E2;
}
MoLdapLogger::addLog("LDAP bind successful for service account", "info", "ldap-authentication");
$mb = 0;
AX:
if (!($mb < count($s0))) {
goto ud;
}
if (!ldap_search($Q0, $s0[$mb], $c1)) {
goto Fe;
}
$Wd = ldap_search($Q0, $s0[$mb], $c1);
$V6 = ldap_first_entry($Q0, $Wd);
if (!$V6) {
goto iR;
}
MoLdapLogger::addLog("Attempted user bind for DN: n"["dn"], "info", "ldap-authentication");
$jN = @ldap_bind($Q0, "n"["dn"], $VP);
iR:
if (!isset("n"[$EM["email"]][0])) {
goto aq;
}
$ux = $Yl->clean("n"[$EM["email"]][0], "email");
$VO = JMailHelper::isEmailAddress($ux);
if (!$VO) {
goto kk;
}
$Am = self::moLdapGetUserFromJoomla($ux);
kk:
aq:
if (!(isset($Am) && $Am)) {
goto bv;
}
$XR = JFactory::getDbo();
$la = $XR->getQuery(true);
$CY = array($XR->quoteName("user_already_exist") . " = " . $XR->quote(1));
$vl = array($XR->quoteName("id") . " = " . $XR->quote($Am->id));
$la->update($XR->quoteName("#__users"))->set($CY)->where($vl);
$XR->setQuery($la);
$XR->execute();
bv:
if (isset($jN) && $jN) {
goto ef;
}
MoLdapLogger::addLog("User bind failed for DN: n"["dn"], "warning", "ldap-authentication");
goto RN;
ef:
MoLdapLogger::addLog("User authenticated successfully via LDAP: {$ea}", "success", "ldap-authentication");
$SH->type = "Ldap";
$SH->error_message = '';
if (isset("n"[$EM["name"]][0]) && "n"[$EM["name"]][0] != NULL) {
goto bt;
}
$dd = $Yl->clean("n"["givenname"][0] . " n"["sn"][0], "string");
$SH->fullname = $dd;
goto ww;
bt:
$dd = $Yl->clean("n"[$EM["name"]][0], "string");
$SH->fullname = $dd;
ww:
$SH->username = "n"[$EM["username"]][0];
if (!isset("n"[$EM["email"]][0])) {
goto u0;
}
$gM = $Yl->clean("n"[$EM["email"]][0]);
$ll = JMailHelper::isEmailAddress($gM);
if ($ll) {
goto C_;
}
$SH->status = JAuthentication::STATUS_FAILURE;
$N0->enqueueMessage("<strong>MOLDAP A04: </strong>In valid email attributeThe email attribute received is not an email attributeKindly reach out to your admin.", "warning");
return;
goto wx;
C_:
$SH->email = $gM;
wx:
u0:
if (!empty($SH->email)) {
goto zK;
}
$N0->enqueueMessage("<strong>MOLDAP A01:</strong> User email not retrievedContact your administrator for more details.", "warning");
return;
zK:
if (!empty($SH->username)) {
goto Li;
}
$N0->enqueueMessage("<strong>MOLDAP A02:</strong> Username not retrievedContact your administrator for more details.", "warning");
return;
Li:
if (!empty($SH->fullname)) {
goto hQ;
}
$N0->enqueueMessage("<strong>MOLDAP A03:</strong> User's name not retrievedContact your administrator for more details.", "warning");
return;
hQ:
$SH->status = JAuthentication::STATUS_SUCCESS;
MoLdapLogger::addLog("User sync details: Email = " . ("n"[$EM["email"]][0] ?? "N/A") . ", Full Name = " . ("n"[$EM["name"]][0] ?? "N/A"), "info", "ldap-authentication");
goto Kc;
RN:
Fe:
zj:
$mb++;
goto AX;
ud:
E2:
ldap_close($Q0);
OU:
wm:
}
Kc:
CR:
}
public static function moLdapGetConnection($qs)
{
$Q0 = ldap_connect($qs);
if (!(version_compare(PHP_VERSION, "530") >= 0)) {
goto Lv;
}
ldap_set_option($Q0, LDAP_OPT_NETWORK_TIMEOUT, 5);
Lv:
ldap_set_option($Q0, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($Q0, LDAP_OPT_REFERRALS, 0);
return $Q0;
}
public static function selectMaxOrdering($Li)
{
$XR = JFactory::getDbo();
$la = $XR->getQuery(true);
$la->select("MAX(ordering)");
$la->from($XR->quoteName("#__user_profiles"));
$la->where($XR->quoteName("user_id") . " = " . $XR->quote($Li));
$XR->setQuery($la);
$mh = $XR->loadResult();
return isset($mh) && !empty($mh) ? $mh : "0";
}
public static function moLdapRedirectTheUserAtLogin()
{
$N0 = JFactory::getApplication();
$o8 = MoLdapUtility::mo_ldap_get_details("#__miniorange_ldap_customer");
if (empty($o8["redirect_url"])) {
goto fg;
}
MoLdapLogger::addLog("LDAP login flow completedRedirecting user.", "info", "ldap-authentication");
$MQ = $o8["redirect_url"];
$N0->redirect($MQ);
fg:
}
public static function moLdapGetUserFromJoomla($ZZ)
{
$XR = JFactory::getDBO();
$la = $XR->getQuery(true)->select("id")->from("#__users")->where("email=" . $XR->quote($ZZ));
$XR->setQuery($la);
$k2 = $XR->loadObject();
return $k2;
}
public static function updateUserFieldAttributes($Li, $Y1, $i6)
{
MoLdapUtility::removeIfExistsUserId($Li);
$i6 = json_decode($i6, true);
foreach ($i6 as $CY) {
$Z9 = $CY["attr_name"];
$Z9 = MoLdapUtility::getIdFromFields($Z9);
if (!$Z9) {
goto AR;
}
$wV = "n"[$CY["attr_value"]][0];
$CW = new stdClass();
$CW->field_id = $Z9->id;
$CW->item_id = $Li;
$CW->value = $wV;
JFactory::getDbo()->insertObject("#__fields_values", $CW);
AR:
kS:
}
Ut:
}
public static function onUserAfterLogin()
{
MoLdapLogger::addLog("Starting onUserAfterLogin function.", "info", "ldap-authentication");
$post = Factory::getApplication()->input->post->getArray();
$Yl = JFilterInput::getInstance();
$rp = $Yl->clean($post["username"], "username");
$xi = JFactory::getUser();
$pH = MoLdapUtility::moLdapFetchDb("#__miniorange_dirsync_config", TRUE, "loadAssocList");
foreach ($pH as $EM) {
$qs = isset($EM["ldap_server_url"]) ? MoLdapUtility::mo_ldap_decrypt($EM["ldap_server_url"]) : '';
$Nw = htmlspecialchars($qs, ENT_QUOTES, "UTF-8");
MoLdapLogger::addLog("Attempting LDAP connection to: {$Nw}", "info", "ldap-authentication");
$Q0 = self::moLdapGetConnection($Nw);
if ($Q0) {
goto wv;
}
MoLdapLogger::addLog("Failed to connect to LDAP server: {$Nw}", "error", "ldap-authentication");
goto KL;
wv:
if (!$Q0) {
goto XH;
}
$ok = isset($EM["service_account_dn"]) ? MoLdapUtility::mo_ldap_decrypt($EM["service_account_dn"]) : '';
$R1 = isset($EM["service_account_password"]) ? MoLdapUtility::mo_ldap_decrypt($EM["service_account_password"]) : '';
$KO = isset($EM["search_base"]) ? MoLdapUtility::mo_ldap_decrypt($EM["search_base"]) : '';
$s0 = explode(";", $KO);
$cx = $EM["search_filter"];
$CA = ldap_escape($rp, '', LDAP_ESCAPE_FILTER);
$c1 = str_replace("?", $CA, $cx);
$Wd = null;
$V6 = null;
$jN = '';
$T6 = @ldap_bind($Q0, $ok, $R1);
$Hz = ldap_error($Q0);
$H0 = ldap_error($Q0);
$ld = ldap_errno($Q0);
$TK = MoLdapUtility::mo_ldap_error_type($ld);
if (!($TK != "COM_MINIORANGE_SUCCESSFUL_CONNECTION")) {
goto nA;
}
return $TK;
nA:
if (!(strtolower($Hz) == "success")) {
goto ow;
}
$yg = 0;
g5:
if (!($yg < count($s0))) {
goto ZW;
}
$Wd = ldap_search($Q0, $s0[$yg], $c1);
if (!$Wd) {
goto i6;
}
$V6 = ldap_first_entry($Q0, $Wd);
if (!$V6) {
goto tg;
}
if (!("n"[$EM["username"]][0] && "n"[$EM["email"]][0] && "n"[$EM["name"]][0])) {
goto Ws;
}
$Xy = $Yl->clean("n"[$EM["username"]][0], "string");
$rp = $Xy;
$i3 = $Yl->clean("n"[$EM["email"]][0], "email");
$Db = $Yl->clean("n"[$EM["name"]][0], "string");
$ie = $Db;
$XR = JFactory::getDbo();
$la = $XR->getQuery(true);
$CY = array($XR->quoteName("username") . " = " . $XR->quote($rp), $XR->quoteName("email") . " = " . $XR->quote($i3), $XR->quoteName("name") . " = " . $XR->quote($ie));
$vl = array($XR->quoteName("id") . " = " . $XR->quote($xi->id));
$la->update($XR->quoteName("#__users"))->set($CY)->where($vl);
$XR->setQuery($la);
$ft = $XR->execute();
Ws:
$XR = JFactory::getDbo();
$la = $XR->getQuery(true);
$la->select(array("profile_key", "profile_value", "ordering"));
$la->from($XR->quoteName("#__user_profiles"));
$la->where($XR->quoteName("user_id") . " =" . $XR->quote($xi->id));
$XR->setQuery($la);
$sN = $XR->loadRowList();
if (!$sN) {
goto B9;
}
$XR = JFactory::getDbo();
$la = $XR->getQuery(true);
$la->delete($XR->quoteName("#__user_profiles"));
$la->where($XR->quoteName("user_id") . " =" . $XR->quote($xi->id));
$XR->setQuery($la);
$sN = $XR->execute();
B9:
$Zi = $EM["user_profile_attributes"];
$Li = $xi->id;
$mb = 0;
if (!(isset($Zi) && !empty($Zi))) {
goto hE;
}
$Zi = json_decode($Zi, true);
$tq = self::selectMaxOrdering($Li);
foreach ($Zi as $PY) {
$Z9 = strtolower($PY["attr_name"]);
$wV = strtolower($PY["attr_value"]);
if (!isset("n"[$wV][0])) {
goto c2;
}
if (is_array("n"[$wV])) {
goto iA;
}
$wV = isset("n"[$wV]) ? $Yl->clean("n"[$wV][0], "string") : '';
goto au;
iA:
$wV = isset("n"[$wV][0]) ? $Yl->clean("n"[$wV][0], "string") : '';
au:
$XR = JFactory::getDbo();
$la = $XR->getQuery(true);
$Mk = array("user_id", "profile_key", "profile_value", "ordering");
$SP = array($Li, $XR->quote("profile." . $Z9), $XR->quote($wV), ++$tq);
$la->insert($XR->quoteName("#__user_profiles"))->columns($XR->quoteName($Mk))->values(implode(",", $SP));
$XR->setQuery($la);
$XR->execute();
MoLdapLogger::addLog("User profile updated for Joomla ID: " . $xi->id, "info", "ldap-authentication");
c2:
n7:
}
q1:
hE:
$rJ = isset($EM["user_field_attributes"]) ? $EM["user_field_attributes"] : '';
if (empty($rJ)) {
goto cY;
}
self::updateUserFieldAttributes($Li, $Y1, $rJ);
cY:
$vA = MoLdapUtility::moLdapFetchDb("#__miniorange_ldap_role_mapping", array("ldap_server_name" => $EM["ldap_server_name"]), "loadAssoc");
$XR = JFactory::getDbo();
$la = $XR->getQuery(true);
$la->select("user_already_exist");
$la->from($XR->quoteName("#__users"));
$la->where($XR->quoteName("id") . " = " . $XR->quote($xi->id));
$XR->setQuery($la);
$tI = $XR->loadAssoc();
if ($tI["user_already_exist"]) {
goto uD;
}
$cD = $vA["mapping_value_default"];
$NL = !isset($xi->groups[8]);
if (!($vA["enable_ldap_role_mapping"] && $NL)) {
goto uP;
}
MoLdapLogger::addLog("Assigning new user (ID: {$xi->id}) to default group: {$cD}", "info", "ldap-authentication");
JUserHelper::addUserToGroup($xi->id, $cD);
foreach ($xi->groups as $YC) {
if (!($YC != $cD && $YC != "8")) {
goto Dm;
}
JUserHelper::removeUserFromGroup($xi->id, $YC);
MoLdapLogger::addLog("Removing user (ID: {$xi->id}) from group: {$YC}", "info", "ldap-authentication");
Dm:
Z3:
}
qE:
uP:
uD:
if (!(($tI["user_already_exist"] != 1 || $vA["disable_update_existing_users_role"] != 1) && $vA["enable_ldap_role_mapping"])) {
goto mX;
}
$Xf = array("memberof");
if (!isset($vA["mapping_memberof_attribute"])) {
goto Lp;
}
$Xf = array($vA["mapping_memberof_attribute"]);
Lp:
$gu = $vA["role_mapping_key_value"];
$gu = json_decode($gu, true);
$bR = $vA["role_mapping_groupvalue"];
$bR = json_decode($bR, true);
$mb = 1;
foreach ($gu as $Qz) {
if (empty("n"["n"])) {
goto ao;
}
if (gettype("n"["n"]) == "array") {
goto cZ;
}
if (!(gettype("n"["n"]) == "string")) {
goto ee;
}
if (!(strcmp("n"["n"], $Qz) == 0)) {
goto zT;
}
JUserHelper::addUserToGroup($xi->id, $bR[$mb]);
MoLdapLogger::addLog("Mapped user (ID: {$xi->id}) to group ID: {$bR[$mb]} via direct match with key: {$Qz}", "info", "ldap-authentication");
zT:
ee:
goto uJ;
cZ:
if (!in_array($Qz, "n"["n"])) {
goto GK;
}
JUserHelper::addUserToGroup($xi->id, $bR[$mb]);
MoLdapLogger::addLog("Mapped user (ID: {$xi->id}) to group ID: {$bR[$mb]} via key: {$Qz}", "info", "ldap-authentication");
GK:
uJ:
ao:
$mb++;
rw:
}
iE:
MoLdapLogger::addLog("LDAP role/group mapping applied for user ID: " . $xi->id, "info", "ldap-authentication");
mX:
self::moLdapRedirectTheUserAtLogin();
goto BX;
tg:
i6:
FI:
$yg++;
goto g5;
ZW:
ow:
XH:
KL:
}
BX:
}
}
W_:
© 2023 Quttera Ltd. All rights reserved.