• Модуль: ldap
  • Путь к файлу: ~/bitrix/modules/ldap/classes/general/ldap.php
  • Класс: CLDAP
  • Вызов: CLDAP::OnUserLogin
static function OnUserLogin(&$arArgs)
{
	global $APPLICATION;

	if(!function_exists("ldap_connect"))
	{
		return 0;
	}

	$login = (string)$arArgs["LOGIN"];
	$password = (string)$arArgs["PASSWORD"];

	if($login === '' || $password === '')
	{
		return 0;
	}

	$isPasswordOriginal = isset($arArgs["PASSWORD_ORIGINAL"]) && $arArgs["PASSWORD_ORIGINAL"] === "Y";

	if(static::isApplicationPassword($login, $password, $isPasswordOriginal))
	{
		return 0;
	}

	$filter = ["ACTIVE" => "Y"];
	$prefix = mb_strpos($login, "\");

	if($prefix===false && COption::GetOptionString("ldap", "ntlm_auth_without_prefix", "Y") !== "Y")
	{
		return 0;
	}

	if($prefix > 0)
	{
		$filter["CODE"] = mb_substr($login, 0, $prefix);
		$login = mb_substr($login, $prefix + 1);
	}

	$params = [
		"LOGIN" => &$login,
		"PASSWORD" => &$password,
		"LDAP_FILTER" => &$filter,
	];

	$APPLICATION->ResetException();
	foreach(GetModuleEvents("ldap", "OnBeforeUserLogin", true) as $arEvent)
	{
		if(ExecuteModuleEventEx($arEvent, [&$params]) === false)
		{
			if($err = $APPLICATION->GetException())
			{
				$arArgs['RESULT_MESSAGE'] = ["MESSAGE"=>$err->GetString()."
", "TYPE"=>"ERROR"];
			}
			else
			{
				$APPLICATION->ThrowException("Unknown error");
				$arArgs['RESULT_MESSAGE'] = ["MESSAGE"=>"Unknown error"."
", "TYPE"=>"ERROR"];
			}

			return 0;
		}
	}

	/**
	 * variants:
	 * password = 12345678 otp = '' <- no otp
	 * password = 12345678 otp = 345678 <- with otp
	 * password = 12345678 otp = 876543 <- with otp
	 * password = 12345678 otp = 345678 <- no otp
	 */
	$otp = (string)($arArgs["OTP"] ?? '');

	if ($otp !== '' && mb_substr($password, -6) === $otp)
	{
		$password = mb_substr($password, 0, -6);
	}

	$userId = 0;
	$dbRes = CLdapServer::GetList([], $filter);

	while($xLDAP = $dbRes->GetNextServer())
	{
		if($xLDAP->Connect())
		{
			$arLdapUser = false;

			if($otp !== '')
			{
				$arLdapUser = $xLDAP->FindUser($login, $password.$otp);
			}

			if(!$arLdapUser && $password !== '')
			{
				$arLdapUser = $xLDAP->FindUser($login, $password);
			}

			// user AD parameters are queried here, inside FindUser function
			if($arLdapUser)
			{
				$userId = (int)$xLDAP->SetUser(
					$arLdapUser,
					(COption::GetOptionString("ldap", "add_user_when_auth", "Y") === "Y")
				);

				$xLDAP->Disconnect();

				if ($userId > 0)
				{
					$arArgs["STORE_PASSWORD"] = "N";
					break;
				}

				if(BitrixLdapLimit::isUserLimitExceeded())
				{
					$arArgs['RESULT_MESSAGE'] = BitrixLdapLimit::getUserLimitNotifyMessage();
					break;
				}
			}
			else
			{
				$xLDAP->Disconnect();
			}
		}
	}

	return $userId;
}