3

我有一个网页。网页的身份验证由我设置的 ldap 服务器处理。现在我不想实现会话,这样当用户在一段时间内不活动时(在下面的例子中,10 秒),会话将结束并且用户将与 ldap 服务器解除绑定。我找到了这段代码摘录:

<?php
    session_cache_expire(20);

    session_start(); 
    $inactive = 10;
    if(isset($_SESSION['start'])) {
        $session_life = time() - $_SESSION['start'];
        if($session_life > $inactive){
            header("Location: endSession.php"); 

        }
    }
    $_SESSION['start'] = time();
?>

它不工作。如果我刷新页面,它会将我重定向到我的“endSession.php”页面,即使我处于活动状态。

4

3 回答 3

7 
function check_auth_ldap () {

  $sessionTimeoutSecs = 10;
  $ldapServer = '11.22.33.44';
  $ldapPort = 389;

  if (!isset($_SESSION)) session_start();

  if (!empty($_SESSION['lastactivity']) && $_SESSION['lastactivity'] > time() - $sessionTimeoutSecs && !isset($_GET['logout'])) {

    // Session is already authenticated
    $ds = ldap_connect($ldapServer, $ldapPort);
    if (ldap_bind($ds, $_SESSION['username'], $_SESSION['password'])) {
      $_SESSION['lastactivity'] = time();
      return $ds;
    } else {
      unset($_SESSION['lastactivity'], $_SESSION['username'], $_SESSION['password']);
      header("Location: endSession.php");
      exit;
    }

  } else if (isset($_POST['username'], $_POST['password'])) {

    // Handle login requests
    $ds = ldap_connect($ldapServer, $ldapPort);
    if (ldap_bind($ds, $_POST['username'], $_POST['password'])) {
      // Successful auth
      $_SESSION['lastactivity'] = time();
      $_SESSION['username'] = $_POST['username'];
      $_SESSION['password'] = $_POST['password'];
      return $ds;
    } else {
      // Auth failed
      header("Location: endSession.php");
      exit;
    }

  } else {

    // Session has expired or a logout was requested
    unset($_SESSION['lastactivity'], $_SESSION['username'], $_SESSION['password']);
    header("Location: endSession.php");
    exit;

  }

}

只需在每个受保护页面的顶部调用上述函数即可。这将处理所有身份验证过程。如果用户通过身份验证,它将返回 LDAP 连接资源,如果endSession.php没有,则将其重定向到。

只需将这一行放在每一页的顶部:

$ds = check_auth_ldap();

...并且该功能将为您完成所有工作。

于 2012-05-11T10:36:49.313 回答
2

通常需要基于 uid 的绑定。我已经稍微修改了函数来实现这一点。cn for bind 来自基于用户名的 uid 的搜索操作。希望这可以帮助某人。

function check_auth_ldap () {

  if (!($_POST['username'] && $_POST['password'])) {

    header("Location: login.php?failure=6");

  }

  $sessionTimeoutSecs = 10;
  $ldapServer = localhost;
  $ldapBaseDN = ou=users,ou=subtree,dc=domain,dc=tld;
  $ldapPort = 389;
  $ldapFilter = "(&(objectClass=*)(uid=".$_POST['username']."))";
  $ldapAttributes = array("cn");

  if (!isset($_SESSION)) session_start();

  if (!empty($_SESSION['lastactivity']) && $_SESSION['lastactivity'] > time() - $sessionTimeoutSecs && !isset($_GET['logout'])) {

    // Session is already authenticated
    $ds = ldap_connect($ldapServer, $ldapPort);
    $sr = ldap_search($ds,$ldapBaseDN,$ldapFilter,$ldapAttributes);
    $result = ldap_get_entries($ds, $sr);

    if ($result) {
        $binddn = $result[0]['dn'];
    } else {
        header("Location: login.php?failure=1");
    }

    ldap_close ($ds);

    $ds = ldap_connect($ldapServer, $ldapPort);
    ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);

    if (ldap_bind($ds, $binddn, $_SESSION['password'])) {
      $_SESSION['lastactivity'] = time();
      return $ds;
    } else {
      unset($_SESSION['lastactivity'], $_SESSION['username'], $_SESSION['password']);
      header("Location: login.php?failure=2");
      exit;
    }

  } else if (isset($_POST['username'], $_POST['password'])) {

    // Handle login requests
    $ds = ldap_connect($ldapServer, $ldapPort);
    $sr = ldap_search($ds,$ldapBaseDN,$ldapFilter,$ldapAttributes);
    $result = ldap_get_entries($ds, $sr);

    if ($result) {
        $binddn = $result[0]['dn'];
    } else {
        header("Location: login.php?failure=3");
    }
    ldap_close ($ds);

    $ds = ldap_connect($ldapServer, $ldapPort);
    ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);

    if (ldap_bind($ds, $binddn, $_POST['password'])) {
      // Successful auth
      $_SESSION['lastactivity'] = time();
      $_SESSION['username'] = $_POST['username'];
      $_SESSION['password'] = $_POST['password'];
      return $ds;
    } else {
      // Auth failed
      header("Location: login.php?failure=4");
      exit;
    }

  } else {

    // Session has expired or a logout was requested
    unset($_SESSION['lastactivity'], $_SESSION['username'], $_SESSION['password']);
    header("Location: login.php?failure=5");
    exit;

  }

}
于 2015-06-24T06:57:38.880 回答
1

我刚刚写过(并测试过)这个:

测试.php

<?php
session_start();

if(isset($_GET['start']))
    $_SESSION['start'] = time();

if(time() - $_SESSION['start'] > 10)
    echo 'Logged out';
else 
    echo 'Logged in';

?>

如果你进入test.php?start浏览器,它会说“登录”,然后进入test.php浏览器,10 秒后的任何时间,它都会回显“退出”,10 秒以下的任何时间都会显示“登录”

于 2012-05-11T10:11:12.067 回答