fix merge conflicts with master

ifm.php

@@ -46,14 +46,22 @@ class IFMConfig {
 	   configured. The credential information can be either set inline or read from a file. The
 	   password has to be a hash generated by PHPs password_hash function. The default credentials are
        admin:admin.
-
+	   
 	   If you specify a file it should only contain one line, with the credentials in the following
        format:
 		<username>:<passwordhash>
+
+	   LDAP auth syntax
+	 
+	   const auth_source = 'ldap;<ldap_sever_host>:<rootdn>';
+	 
+	   The script will add "uid=<username>," to the rootdn for binding. If your ldap server
+	   does not use uid for usernames you can change it in the function checkCredentials.
        
        examples:
 	   	const auth_source = 'inline;admin:$2y$10$0Bnm5L4wKFHRxJgNq.oZv.v7yXhkJZQvinJYR2p6X1zPvzyDRUVRC';
 	   	const auth_source = 'file;/path/to/file';
+	    const auth_source = 'ldap;<ldap_sever_host>:<rootdn>';
 	*/
 	const auth = 0;
 	const auth_source = 'inline;admin:$2y$10$0Bnm5L4wKFHRxJgNq.oZv.v7yXhkJZQvinJYR2p6X1zPvzyDRUVRC';
@@ -1830,21 +1838,42 @@ ifm.init();
 		}
 	}
 
-	private function checkCredentials($user, $pass) {
-		list($src, $srcopt) = explode(";", IFMConfig::auth_source, 2);
-		switch($src) {
+	private function checkCredentials( $user, $pass ) {
+		list( $src, $srcopt ) = explode( ";", IFMConfig::auth_source, 2 );
+		switch( $src ) {
 			case "inline":
-				list($uname, $hash) = explode(":", $srcopt);
+				list( $uname, $hash ) = explode( ":", $srcopt );
+				return password_verify( $pass, trim( $hash ) ) ? ( $uname == $user ) : false;
 				break;
 			case "file":
-				if(@file_exists($srcopt) && @is_readable($srcopt)) {
-					list($uname, $hash) = explode(":", fgets(fopen($srcopt, 'r')));
+				if( @file_exists( $srcopt ) && @is_readable( $srcopt ) ) {
+					list( $uname, $hash ) = explode( ":", fgets( fopen( $srcopt, 'r' ) ) );
+					return password_verify( $pass, trim( $hash ) ) ? ( $uname == $user ) : false;
 				} else {
 					return false;
 				}
 				break;
+			case "ldap":
+				$authenticated = false;
+				list( $ldap_server, $rootdn ) = explode( ":", $srcopt );
+				$u = "uid=" . $user . "," . $rootdn;
+				$ds = ldap_connect( $ldap_server ) or ( trigger_error( "Could not reach the ldap server.", E_USER_ERROR ); return false; );
+				ldap_set_option( $ds, LDAP_OPT_PROTOCOL_VERSION, 3 );
+				if( $ds ) {
+					$ldbind = @ldap_bind( $ds, $u, $pass );
+					if( $ldbind ) {
+						$authenticated = true;
+					} else {
+						$authenticated = false;
+					}
+					ldap_unbind( $ds );
+				} else {
+					$authenticated = false;
+				}
+				return $authenticated;
+				break;
 		}
-		return password_verify($pass, trim($hash))?($uname == $user):false;
+		return false;
 	}
 
 	private function loginForm($loginFailed=false) {

src/config.php

@@ -46,14 +46,22 @@ class IFMConfig {
 	   configured. The credential information can be either set inline or read from a file. The
 	   password has to be a hash generated by PHPs password_hash function. The default credentials are
        admin:admin.
-
+	   
 	   If you specify a file it should only contain one line, with the credentials in the following
        format:
 		<username>:<passwordhash>
+
+	   LDAP auth syntax
+	 
+	   const auth_source = 'ldap;<ldap_sever_host>:<rootdn>';
+	 
+	   The script will add "uid=<username>," to the rootdn for binding. If your ldap server
+	   does not use uid for usernames you can change it in the function checkCredentials.
        
        examples:
 	   	const auth_source = 'inline;admin:$2y$10$0Bnm5L4wKFHRxJgNq.oZv.v7yXhkJZQvinJYR2p6X1zPvzyDRUVRC';
 	   	const auth_source = 'file;/path/to/file';
+	    const auth_source = 'ldap;<ldap_sever_host>:<rootdn>';
 	*/
 	const auth = 0;
 	const auth_source = 'inline;admin:$2y$10$0Bnm5L4wKFHRxJgNq.oZv.v7yXhkJZQvinJYR2p6X1zPvzyDRUVRC';

src/main.php

@@ -616,21 +616,42 @@ class IFM {
 		}
 	}
 
-	private function checkCredentials($user, $pass) {
-		list($src, $srcopt) = explode(";", IFMConfig::auth_source, 2);
-		switch($src) {
+	private function checkCredentials( $user, $pass ) {
+		list( $src, $srcopt ) = explode( ";", IFMConfig::auth_source, 2 );
+		switch( $src ) {
 			case "inline":
-				list($uname, $hash) = explode(":", $srcopt);
+				list( $uname, $hash ) = explode( ":", $srcopt );
+				return password_verify( $pass, trim( $hash ) ) ? ( $uname == $user ) : false;
 				break;
 			case "file":
-				if(@file_exists($srcopt) && @is_readable($srcopt)) {
-					list($uname, $hash) = explode(":", fgets(fopen($srcopt, 'r')));
+				if( @file_exists( $srcopt ) && @is_readable( $srcopt ) ) {
+					list( $uname, $hash ) = explode( ":", fgets( fopen( $srcopt, 'r' ) ) );
+					return password_verify( $pass, trim( $hash ) ) ? ( $uname == $user ) : false;
 				} else {
 					return false;
 				}
 				break;
+			case "ldap":
+				$authenticated = false;
+				list( $ldap_server, $rootdn ) = explode( ":", $srcopt );
+				$u = "uid=" . $user . "," . $rootdn;
+				$ds = ldap_connect( $ldap_server ) or ( trigger_error( "Could not reach the ldap server.", E_USER_ERROR ); return false; );
+				ldap_set_option( $ds, LDAP_OPT_PROTOCOL_VERSION, 3 );
+				if( $ds ) {
+					$ldbind = @ldap_bind( $ds, $u, $pass );
+					if( $ldbind ) {
+						$authenticated = true;
+					} else {
+						$authenticated = false;
+					}
+					ldap_unbind( $ds );
+				} else {
+					$authenticated = false;
+				}
+				return $authenticated;
+				break;
 		}
-		return password_verify($pass, trim($hash))?($uname == $user):false;
+		return false;
 	}
 
 	private function loginForm($loginFailed=false) {