php - AD authentication

Can anyone help?

I'm trying (failing miserably!) to create a simple login page for our web-based school reports. It's a php/mysql setup.
Basically, i'm trying to get the user to authenticate with AD, and on success go to page X else stay on login page, but my retard brain can't see how the code is meant to go together.

I've tried a number of examples i found on the www but i always get problems with them. They either authenticate 'successfully' without even showing me the login box and redirect me straight to page 1 (suggesting the auth bit of code is running before i 'submit' ) or i get errors for undefined variables etc.

it occurs to me as i write this that maybe it doesn't have to be php, just that's what i'm using.

(BooHoo!)

Im, not really sure what your are asking for help with. However this is how I would do it:

I would download this: adLDAP - LDAP Authentication with PHP for Active Directory

I would have my login form POST the users data over to Login_process.php which would then authenticate the user and then redirect. I've knocked up a quick example.

Login form -

HTML Code:

---

<!DOCTYPE html>
<html lang="en">
        <head>
                <meta charset="utf-8">
                <title></title>
        </head>
        <body>

                <form action="login_process.php" method="POST">
                        <label for="username">Username:</label>
                        <input type="text" name="username" />
                        <label for="password ">Password:</label>
                        <input type="password" name="password" />
                </form>

        </body>
</html>

---

login_process.php

PHP Code:

---

<?php

require_once('adldap.php');

$username = $_POST('username');
$password = $_POST('password');

$adldap = new adLDAP();

$authUser = $adldap->user()->authenticate($username, $password);
if($authUser == true)
{
    header('Location: newpage.php');
}
else
{
    header('Location: login.html');
}

---

You'll obviously want to sanitise the POST variables or detect if there empty and provide feedback to the user. I havent tested this code and I know that LDAP / AD can be a right pain to get right.

Good Luck

Jamie

Thanks, Jamie. I'll give that a go :)

Well I got it going in the end :)

I tried your example but got an error about expecting a string, then i had a thought that i would also want to include a 'deny' on direct URLs if the user was not logged in - which i already had with the current (now old) log-in.

When i started this project (over a year ago - it's now becoming version 2) the log-in was created by Dreamweaver as i knew zero about php, and it basically used a MySQL table to check user credentials. Dreamweaver also included the deny code on direct URLs too.
So, the answer was to use adLDAP (thanks for that) and swap the old Dreamweaver bit of code that checked the MySQL table, for the adLDAP bit that verified the user against AD - and with a couple of session variable tweaks, would also allow me to keep the deny stuff too.

And that's it. All up and running with AD authentication :)