modules/pubcookie/pubcookie.module

<?php
// $Id: pubcookie.module,v 1.9 2007/02/27 22:27:06 jvandyk Exp $

/**
 * @file
 * Integrates pubcookie login system with Drupal.
 */

// Do you want the post-pubcookie-server-visit $_SERVER vars dumped to the screen
// (useful for getting the pubcookie.module set up for the first time)?
define('PUBCOOKIE_DEBUG_MODE', 0);


// Enable for lots of watchdog messages showing what's going on.
define('PUBCOOKIE_VERBOSE_LOGGING', 1);

/**
 * Implementation of hook_menu().
 */
function pubcookie_menu() {
  $items[pubcookie_login_link()] = array(
    'title' => 'Pubcookie login',
    'page callback' => 'pubcookie_page',
    'access callback' => TRUE,
    'type' => MENU_CALLBACK
  );
  $items['admin/settings/pubcookie'] = array(
    'title' => 'Pubcookie',
    'description' => 'Configure settings for pubcookie authentication.',
    'page callback' => 'drupal_get_form',
    'page arguments' => array('pubcookie_settings'),
    'access' => user_access('administer site configuration')
  );

  return $items;
}

/**
 * Handle a client who has just been redirected to a pubcookie server,
 * authenticated, and returned.
 */
function pubcookie_page() {
   global $user;
   // Raw user from Apache's REMOTE USER || REDIRECT_REMOTE_USER
   global $pubcookie_user;
   // Domain of pubcookie server.
   global $pubcookie_domain;

  if ($user->uid) {
    print theme('page', t('You are already logged in.'));
    return;
  }

  if (PUBCOOKIE_DEBUG_MODE) {
    print '<pre>';
    print_r($_SERVER);
    print '</pre>';
  }

  if ($_SERVER['HTTPS'] != 'on') {
    watchdog('pubcookie', 'Pubcookie request received over non-secure protocol.', array(), WATCHDOG_WARNING);
    drupal_set_message(t('Pubcookie login failed.'), 'error');
    drupal_goto();
    }

  if (!isset($_SERVER['REMOTE_USER']) && !isset($_SERVER['REDIRECT_REMOTE_USER'])) {
    watchdog('pubcookie', 'Pubcookie request received but neither REMOTE_USER nor REDIRECT_REMOTE_USER were set.', array(), WATCHDOG_WARNING);
    drupal_set_message(t('Pubcookie login failed.'), 'error');
    drupal_goto();
  }

  if (isset($_SERVER['REMOTE_USER'])) {
    $pubcookie_user = check_plain($_SERVER['REMOTE_USER']);
  }
  else {
    $pubcookie_user = check_plain($_SERVER['REDIRECT_REMOTE_USER']);
  }
  watchdog('pubcookie', 'Received login request from %user', array('%user' => $pubcookie_user));
  if (PUBCOOKIE_VERBOSE_LOGGING) {
    watchdog('pubcookie', 'Session ID is %sessid', array('%sessid' => check_plain(session_id())));
  }

  $domain = variable_get('pubcookie_domain', '');

  if ($domain == '') {
    watchdog('pubcookie', 'Login failed. You must set the pubcookie domain under Administer - Site configuration - Pubcookie.', array(), WATCHDOG_ERROR);
    print theme('page', t('Login failed due to server misconfiguration.'));
  }
  $pubcookie_domain = check_plain($domain);

  // If LDAP was used, the pubcookie name may not match the username,
  // so we check the authmap table first.
  $account = user_external_load($pubcookie_user);
  if (!$account) {
    user_external_login_register($pubcookie_user, 'pubcookie');
  }
  else {
    user_external_login($account);
  }
  if ($user->uid) {
    // Login successful.
    if (PUBCOOKIE_VERBOSE_LOGGING) {
      watchdog('pubcookie', "uid of authenticated user is '%uid'", array('%uid' => $user->uid));
    }
    global $base_url;
    $url = variable_get('pubcookie_success_url', $base_url);

    header('Location: '. $url);
    exit();
  }

  drupal_set_message(t('Pubcookie login failed.'), 'error');
  drupal_goto();
}

/**
 * Implementation of hook_user().
 *
 * Fill in profile field(s) from LDAP for pubcookie-authenticated users.
 */
function pubcookie_user($type, $edit, &$user, $category = NULL) {
  global $pubcookie_user;
  global $pubcookie_domain;

  if ($type == 'insert') {
    // Ignore if a local (nonpubcookie) user is being inserted.
    if (!isset($pubcookie_user)) {
      if (PUBCOOKIE_VERBOSE_LOGGING) {
        watchdog('pubcookie', 'Ignoring non-pubcookie user login');
      }
      return;
    }

    if (PUBCOOKIE_VERBOSE_LOGGING) {
      watchdog('pubcookie', 'User callback received for user %uid', array('%uid' => $user->uid));
    }

    // Set the mail column of the user table (which is typically blank for users with external auth) only if
    // pubcookie_user@pubcookie_domain is also an email address.
    if (variable_get('pubcookie_id_is_email', 1)) {
      db_query("UPDATE {users} SET mail = '%s' WHERE uid = %d", "$pubcookie_user@$pubcookie_domain", $user->uid);
    }

    // Return if LDAP is not enabled.
    if (variable_get('pubcookie_ldap_server', '') != '') {
      $records = pubcookie_ldap_search($pubcookie_user);
      $pubcookie_record = $records[0];
    }
    if (!isset($pubcookie_record) || !$pubcookie_record) {
      return;
    }

    // Possibly use a field value from LDAP for the username.
    $ldap_usernamefield = variable_get('pubcookie_ldap_usernamefield', '');
    if ($ldap_usernamefield && isset($pubcookie_record[$ldap_usernamefield])) {
      $name = $pubcookie_record[$ldap_usernamefield];
      if ($name) {
        db_query("UPDATE {users} SET name = '%s' WHERE uid = %d", $name, $user->uid);
      }
    }

    if (!module_exists('profile')) {
      if (PUBCOOKIE_VERBOSE_LOGGING) {
        watchdog('pubcookie', 'Profile module is not enabled');
      }
      return;
    }
    // Insert the value(s) into profile field(s).
    // We can't modify $user before it gets to the profile's user hook because modules
    // run alphabetically; we're 'pubcookie' and 'profile' has already run; so we do this ourselves.

    // Get list of profile fields.
    $result = db_query('SELECT fid, name FROM {profile_fields} WHERE register = 1 ORDER BY category, weight');
    while ($data = db_fetch_object($result)) {
      list(, $key) = explode('_', $data->name);
      if (isset($pubcookie_record[$key])) {
        if (PUBCOOKIE_VERBOSE_LOGGING) {
          watchdog('pubcookie', 'Inserting value %val into profile field %field', array('%val' => check_plain($pubcookie_record[$key]), '%field' => check_plain($data->name)));
        }
        db_query("INSERT INTO {profile_values} (fid, uid, value) VALUES (%d, %d, '%s')", $data->fid, $user->uid, $pubcookie_record[$key]);
      }
    }
  }
}

/*
 * Implementation of hook_block().
 *
 * Display the pubcookie "Log in" link.
 */
function pubcookie_block($op = 'list', $delta = 0, $edit = array()) {
  switch ($op) {
    case 'list':
      $blocks = array();
      $blocks[0]['info'] = t('Pubcookie login');
      return $blocks;

    case 'view':
      global $user;

      $block = array();
      if (!$user->uid) {

        $block['subject'] = '';
        $block['content'] = theme('pubcookie_login');
      }
      return $block;
  }
}

/**
 * Implementation of hook_theme().
 */
function pubcookie_theme() {
  return array(
    'pubcookie_login' => array(
      'arguments' => array(),
    ),
  );
}

/**
 * Theme function for pubcookie login link.
 */
function theme_pubcookie_login() {
  return l('Log in', pubcookie_login_link());
}

/*
 *  The link must be to a nonexistent file in a directory containing an .htaccess
 *  file with proper pubcookie directives. The file must not exist so it can
 *  "fall through" Apache to Drupal's menu system and be directed to the
 *  pubcookie_page() function. By default we look for a nonexistent file named pc.
 */
function pubcookie_login_link() {
  return variable_get('pubcookie_login_dir', 'login') . '/pc';
}

/*
 * The pubcookie settings page.
 */
function pubcookie_settings() {
  global $base_url; // http://www.example.edu/drupal
  $array = explode('/', $base_url);
  $base_domain = $array[2]; // www.example.edu
  $parts = explode('.', $base_domain);

  if (count($parts) == 1) {
    drupal_set_message(t('Pubcookie only works on real domains, e.g., example.edu.'));
    $array = explode('/', $base_url);
    $domain = $array[count($array)];
  }
  else { // Parse out example.edu.
    //        'example'                   '.'   'edu'
    $domain = $parts[count($parts) - 2] . '.' . $parts[count($parts) -1];
  }

  $form['pubcookie_domain'] = array(
    '#type' => 'textfield',
    '#title' => t('Domain'),
    '#default_value' => variable_get('pubcookie_domain', $domain),
    '#description' => t('What is the domain for which your pubcookie server is serving out cookies?'),
    '#size' => '40',
    '#maxlength' => '255'
    );
  $form['pubcookie_login_dir'] = array(
    '#type' => 'textfield',
    '#title' => t('Login directory'),
    '#default_value' => variable_get('pubcookie_login_dir', 'login'),
    '#description' => t('What is the subdirectory in this Drupal installation that contains the .htaccess file with the PubCookieAppID directive? (Do not use a trailing slash.)'),
    '#size' => '40',
    '#maxlength' => '255'
    );
  $form['pubcookie_success_url'] = array(
    '#type' => 'textfield',
    '#title' => t('Successful login URL'),
    '#default_value' => variable_get('pubcookie_success_url', $base_url),
    '#description' => t('Where do you want the user directed after a successful pubcookie login?'),
    '#size' => '40',
    '#maxlength' => '255'
    );
  $form['pubcookie_id_is_email'] = array(
    '#type' => 'checkbox',
    '#title' => t('ID/E-mail equivalency'),
    '#default_value' => variable_get('pubcookie_id_is_email', 1),
    '#description' => t("Check this box if the login ID (joe@example.edu) is the same as the user's email address. If so, the mail column of the user table will be populated when a user registers.")
    );
  $form['pubcookie_ldap_server'] = array(
    '#type' => 'textfield',
    '#title' => t('LDAP server'),
    '#default_value' => variable_get('pubcookie_ldap_server', ''),
    '#description' => t('If you wish to populate profile data when new users register, enter the LDAP server to query here.'),
    '#size' => '40',
    '#maxlength' => '255'
    );
  $form['pubcookie_ldap_basedn'] = array(
    '#type' => 'textfield',
    '#title' => t('LDAP base DN'),
    '#default_value' => variable_get('pubcookie_ldap_basedn', ''),
    '#description' => t('Base DN for your particular LDAP directory (e.g. %dn). Check with your LDAP administrator.', array('%dn' => 'dc=example,dc=com')),
    '#size' => '40',
    '#maxlength' => '255'
    );
  $form['pubcookie_ldap_searchfield'] = array(
    '#type' => 'textfield',
    '#title' => t('LDAP search string'),
    '#default_value' => variable_get('pubcookie_ldap_searchfield', '(|(uid=%username))'),
    '#description' => t("The query that will be used to search on LDAP for the username of the user logging in to your Drupal site. (%username will be replaced by the username of the user logging in." ),
    '#size' => '40',
    '#maxlength' => '255'
    );
  $form['pubcookie_ldap_usernamefield'] = array(
    '#type' => 'textfield',
    '#title' => t('LDAP field to use as username'),
    '#default_value' => variable_get('pubcookie_ldap_usernamefield', ''),
    '#description' => t("The name of the LDAP field that will be used as a user's Drupal username. Leave blank to use the pubcookie ID (joe@example.edu) as username." ),
    '#size' => '40',
    '#maxlength' => '255'
    );

  return system_settings_form($form);
}

/*
 * Query an LDAP server for more information about $username.
 * You can pass in a custom filter by using $filter.
 */
function pubcookie_ldap_search($username, $filter = NULL) {
  $records = array();
  if (!function_exists('ldap_connect')) {
    return $records;
  }

  if (!isset($filter)) {
    $filter = str_replace('%username', $username, variable_get('pubcookie_ldap_searchfield', '(|(uid=%username))'));
  }

  $ldap_server = variable_get('pubcookie_ldap_server', '');
  $ldap_dn = variable_get('pubcookie_ldap_basedn', '');
  if ($ldap_server == '' || $ldap_dn == '') {
    watchdog('pubcookie', 'LDAP server not set; check pubcookie module settings', array(), WATCHDOG_WARNING);
    return $records;
  }

  $directory_service = ldap_connect($ldap_server);
  if (!$directory_service) {
    watchdog('pubcookie', 'Could not connect to LDAP server %server', array('%server' => $ldap_server), WATCHDOG_WARNING);
    return $records;
  }

  if (PUBCOOKIE_VERBOSE_LOGGING) {
    watchdog('pubcookie', 'LDAP server is %server', array('%server' => $ldap_server));
    watchdog('pubcookie', 'LDAP base dn is %base_dn', array('%base_dn' => $ldap_dn));
    watchdog('pubcookie', 'Attempting LDAP search on filter %filter', array('%filter' => $filter));
  }

  ldap_set_option($directory_service, LDAP_OPT_PROTOCOL_VERSION, 3);
  $r = ldap_bind($directory_service);
  $sr = ldap_search($directory_service, $ldap_dn, $filter);

  $info = ldap_get_entries($directory_service, $sr);
  for ($i = 0; $i < $info['count']; $i++) {
    $data = array();
    foreach ($info[$i] as $key => $value) {
      if (!is_numeric($key) && $key != 'objectclass') {
        if (is_array($info[$i][$key])) {
          $data[$key] = $info[$i][$key][0];
        }
        else {
          $data[$key] = $info[$i][$key];
        }
      }
    }
    $records[] = $data;
  }
  ldap_close($directory_service);
  if (PUBCOOKIE_VERBOSE_LOGGING) {
    watchdog('pubcookie', 'Records returned: %num; first record has %rows rows', array('%num' => count($records), '%rows' => count($records[0])));
  }

  return $records;
}
1	<?php
2	// $Id: pubcookie.module,v 1.9 2007/02/27 22:27:06 jvandyk Exp $
3
4	/**
5	* @file
6	* Integrates pubcookie login system with Drupal.
7	*/
8
9	// Do you want the post-pubcookie-server-visit $_SERVER vars dumped to the screen
10	// (useful for getting the pubcookie.module set up for the first time)?
11	define('PUBCOOKIE_DEBUG_MODE', 0);
12
13
14	// Enable for lots of watchdog messages showing what's going on.
15	define('PUBCOOKIE_VERBOSE_LOGGING', 1);
16
17	/**
18	* Implementation of hook_menu().
19	*/
20	function pubcookie_menu() {
21	$items[pubcookie_login_link()] = array(
22	'title' => 'Pubcookie login',
23	'page callback' => 'pubcookie_page',
24	'access callback' => TRUE,
25	'type' => MENU_CALLBACK
26	);
27	$items['admin/settings/pubcookie'] = array(
28	'title' => 'Pubcookie',
29	'description' => 'Configure settings for pubcookie authentication.',
30	'page callback' => 'drupal_get_form',
31	'page arguments' => array('pubcookie_settings'),
32	'access' => user_access('administer site configuration')
33	);
34
35	return $items;
36	}
37
38	/**
39	* Handle a client who has just been redirected to a pubcookie server,
40	* authenticated, and returned.
41	*/
42	function pubcookie_page() {
43	global $user;
44	// Raw user from Apache's REMOTE USER \|\| REDIRECT_REMOTE_USER
45	global $pubcookie_user;
46	// Domain of pubcookie server.
47	global $pubcookie_domain;
48
49	if ($user->uid) {
50	print theme('page', t('You are already logged in.'));
51	return;
52	}
53
54	if (PUBCOOKIE_DEBUG_MODE) {
55	print '<pre>';
56	print_r($_SERVER);
57	print '</pre>';
58	}
59
60	if ($_SERVER['HTTPS'] != 'on') {
61	watchdog('pubcookie', 'Pubcookie request received over non-secure protocol.', array(), WATCHDOG_WARNING);
62	drupal_set_message(t('Pubcookie login failed.'), 'error');
63	drupal_goto();
64	}
65
66	if (!isset($_SERVER['REMOTE_USER']) && !isset($_SERVER['REDIRECT_REMOTE_USER'])) {
67	watchdog('pubcookie', 'Pubcookie request received but neither REMOTE_USER nor REDIRECT_REMOTE_USER were set.', array(), WATCHDOG_WARNING);
68	drupal_set_message(t('Pubcookie login failed.'), 'error');
69	drupal_goto();
70	}
71
72	if (isset($_SERVER['REMOTE_USER'])) {
73	$pubcookie_user = check_plain($_SERVER['REMOTE_USER']);
74	}
75	else {
76	$pubcookie_user = check_plain($_SERVER['REDIRECT_REMOTE_USER']);
77	}
78	watchdog('pubcookie', 'Received login request from %user', array('%user' => $pubcookie_user));
79	if (PUBCOOKIE_VERBOSE_LOGGING) {
80	watchdog('pubcookie', 'Session ID is %sessid', array('%sessid' => check_plain(session_id())));
81	}
82
83	$domain = variable_get('pubcookie_domain', '');
84
85	if ($domain == '') {
86	watchdog('pubcookie', 'Login failed. You must set the pubcookie domain under Administer - Site configuration - Pubcookie.', array(), WATCHDOG_ERROR);
87	print theme('page', t('Login failed due to server misconfiguration.'));
88	}
89	$pubcookie_domain = check_plain($domain);
90
91	// If LDAP was used, the pubcookie name may not match the username,
92	// so we check the authmap table first.
93	$account = user_external_load($pubcookie_user);
94	if (!$account) {
95	user_external_login_register($pubcookie_user, 'pubcookie');
96	}
97	else {
98	user_external_login($account);
99	}
100	if ($user->uid) {
101	// Login successful.
102	if (PUBCOOKIE_VERBOSE_LOGGING) {
103	watchdog('pubcookie', "uid of authenticated user is '%uid'", array('%uid' => $user->uid));
104	}
105	global $base_url;
106	$url = variable_get('pubcookie_success_url', $base_url);
107
108	header('Location: '. $url);
109	exit();
110	}
111
112	drupal_set_message(t('Pubcookie login failed.'), 'error');
113	drupal_goto();
114	}
115
116	/**
117	* Implementation of hook_user().
118	*
119	* Fill in profile field(s) from LDAP for pubcookie-authenticated users.
120	*/
121	function pubcookie_user($type, $edit, &$user, $category = NULL) {
122	global $pubcookie_user;
123	global $pubcookie_domain;
124
125	if ($type == 'insert') {
126	// Ignore if a local (nonpubcookie) user is being inserted.
127	if (!isset($pubcookie_user)) {
128	if (PUBCOOKIE_VERBOSE_LOGGING) {
129	watchdog('pubcookie', 'Ignoring non-pubcookie user login');
130	}
131	return;
132	}
133
134	if (PUBCOOKIE_VERBOSE_LOGGING) {
135	watchdog('pubcookie', 'User callback received for user %uid', array('%uid' => $user->uid));
136	}
137
138	// Set the mail column of the user table (which is typically blank for users with external auth) only if
139	// pubcookie_user@pubcookie_domain is also an email address.
140	if (variable_get('pubcookie_id_is_email', 1)) {
141	db_query("UPDATE {users} SET mail = '%s' WHERE uid = %d", "$pubcookie_user@$pubcookie_domain", $user->uid);
142	}
143
144	// Return if LDAP is not enabled.
145	if (variable_get('pubcookie_ldap_server', '') != '') {
146	$records = pubcookie_ldap_search($pubcookie_user);
147	$pubcookie_record = $records[0];
148	}
149	if (!isset($pubcookie_record) \|\| !$pubcookie_record) {
150	return;
151	}
152
153	// Possibly use a field value from LDAP for the username.
154	$ldap_usernamefield = variable_get('pubcookie_ldap_usernamefield', '');
155	if ($ldap_usernamefield && isset($pubcookie_record[$ldap_usernamefield])) {
156	$name = $pubcookie_record[$ldap_usernamefield];
157	if ($name) {
158	db_query("UPDATE {users} SET name = '%s' WHERE uid = %d", $name, $user->uid);
159	}
160	}
161
162	if (!module_exists('profile')) {
163	if (PUBCOOKIE_VERBOSE_LOGGING) {
164	watchdog('pubcookie', 'Profile module is not enabled');
165	}
166	return;
167	}
168	// Insert the value(s) into profile field(s).
169	// We can't modify $user before it gets to the profile's user hook because modules
170	// run alphabetically; we're 'pubcookie' and 'profile' has already run; so we do this ourselves.
171
172	// Get list of profile fields.
173	$result = db_query('SELECT fid, name FROM {profile_fields} WHERE register = 1 ORDER BY category, weight');
174	while ($data = db_fetch_object($result)) {
175	list(, $key) = explode('_', $data->name);
176	if (isset($pubcookie_record[$key])) {
177	if (PUBCOOKIE_VERBOSE_LOGGING) {
178	watchdog('pubcookie', 'Inserting value %val into profile field %field', array('%val' => check_plain($pubcookie_record[$key]), '%field' => check_plain($data->name)));
179	}
180	db_query("INSERT INTO {profile_values} (fid, uid, value) VALUES (%d, %d, '%s')", $data->fid, $user->uid, $pubcookie_record[$key]);
181	}
182	}
183	}
184	}
185
186	/*
187	* Implementation of hook_block().
188	*
189	* Display the pubcookie "Log in" link.
190	*/
191	function pubcookie_block($op = 'list', $delta = 0, $edit = array()) {
192	switch ($op) {
193	case 'list':
194	$blocks = array();
195	$blocks[0]['info'] = t('Pubcookie login');
196	return $blocks;
197
198	case 'view':
199	global $user;
200
201	$block = array();
202	if (!$user->uid) {
203
204	$block['subject'] = '';
205	$block['content'] = theme('pubcookie_login');
206	}
207	return $block;
208	}
209	}
210
211	/**
212	* Implementation of hook_theme().
213	*/
214	function pubcookie_theme() {
215	return array(
216	'pubcookie_login' => array(
217	'arguments' => array(),
218	),
219	);
220	}
221
222	/**
223	* Theme function for pubcookie login link.
224	*/
225	function theme_pubcookie_login() {
226	return l('Log in', pubcookie_login_link());
227	}
228
229	/*
230	* The link must be to a nonexistent file in a directory containing an .htaccess
231	* file with proper pubcookie directives. The file must not exist so it can
232	* "fall through" Apache to Drupal's menu system and be directed to the
233	* pubcookie_page() function. By default we look for a nonexistent file named pc.
234	*/
235	function pubcookie_login_link() {
236	return variable_get('pubcookie_login_dir', 'login') . '/pc';
237	}
238
239	/*
240	* The pubcookie settings page.
241	*/
242	function pubcookie_settings() {
243	global $base_url; // http://www.example.edu/drupal
244	$array = explode('/', $base_url);
245	$base_domain = $array[2]; // www.example.edu
246	$parts = explode('.', $base_domain);
247
248	if (count($parts) == 1) {
249	drupal_set_message(t('Pubcookie only works on real domains, e.g., example.edu.'));
250	$array = explode('/', $base_url);
251	$domain = $array[count($array)];
252	}
253	else { // Parse out example.edu.
254	// 'example' '.' 'edu'
255	$domain = $parts[count($parts) - 2] . '.' . $parts[count($parts) -1];
256	}
257
258	$form['pubcookie_domain'] = array(
259	'#type' => 'textfield',
260	'#title' => t('Domain'),
261	'#default_value' => variable_get('pubcookie_domain', $domain),
262	'#description' => t('What is the domain for which your pubcookie server is serving out cookies?'),
263	'#size' => '40',
264	'#maxlength' => '255'
265	);
266	$form['pubcookie_login_dir'] = array(
267	'#type' => 'textfield',
268	'#title' => t('Login directory'),
269	'#default_value' => variable_get('pubcookie_login_dir', 'login'),
270	'#description' => t('What is the subdirectory in this Drupal installation that contains the .htaccess file with the PubCookieAppID directive? (Do not use a trailing slash.)'),
271	'#size' => '40',
272	'#maxlength' => '255'
273	);
274	$form['pubcookie_success_url'] = array(
275	'#type' => 'textfield',
276	'#title' => t('Successful login URL'),
277	'#default_value' => variable_get('pubcookie_success_url', $base_url),
278	'#description' => t('Where do you want the user directed after a successful pubcookie login?'),
279	'#size' => '40',
280	'#maxlength' => '255'
281	);
282	$form['pubcookie_id_is_email'] = array(
283	'#type' => 'checkbox',
284	'#title' => t('ID/E-mail equivalency'),
285	'#default_value' => variable_get('pubcookie_id_is_email', 1),
286	'#description' => t("Check this box if the login ID (joe@example.edu) is the same as the user's email address. If so, the mail column of the user table will be populated when a user registers.")
287	);
288	$form['pubcookie_ldap_server'] = array(
289	'#type' => 'textfield',
290	'#title' => t('LDAP server'),
291	'#default_value' => variable_get('pubcookie_ldap_server', ''),
292	'#description' => t('If you wish to populate profile data when new users register, enter the LDAP server to query here.'),
293	'#size' => '40',
294	'#maxlength' => '255'
295	);
296	$form['pubcookie_ldap_basedn'] = array(
297	'#type' => 'textfield',
298	'#title' => t('LDAP base DN'),
299	'#default_value' => variable_get('pubcookie_ldap_basedn', ''),
300	'#description' => t('Base DN for your particular LDAP directory (e.g. %dn). Check with your LDAP administrator.', array('%dn' => 'dc=example,dc=com')),
301	'#size' => '40',
302	'#maxlength' => '255'
303	);
304	$form['pubcookie_ldap_searchfield'] = array(
305	'#type' => 'textfield',
306	'#title' => t('LDAP search string'),
307	'#default_value' => variable_get('pubcookie_ldap_searchfield', '(\|(uid=%username))'),
308	'#description' => t("The query that will be used to search on LDAP for the username of the user logging in to your Drupal site. (%username will be replaced by the username of the user logging in." ),
309	'#size' => '40',
310	'#maxlength' => '255'
311	);
312	$form['pubcookie_ldap_usernamefield'] = array(
313	'#type' => 'textfield',
314	'#title' => t('LDAP field to use as username'),
315	'#default_value' => variable_get('pubcookie_ldap_usernamefield', ''),
316	'#description' => t("The name of the LDAP field that will be used as a user's Drupal username. Leave blank to use the pubcookie ID (joe@example.edu) as username." ),
317	'#size' => '40',
318	'#maxlength' => '255'
319	);
320
321	return system_settings_form($form);
322	}
323
324	/*
325	* Query an LDAP server for more information about $username.
326	* You can pass in a custom filter by using $filter.
327	*/
328	function pubcookie_ldap_search($username, $filter = NULL) {
329	$records = array();
330	if (!function_exists('ldap_connect')) {
331	return $records;
332	}
333
334	if (!isset($filter)) {
335	$filter = str_replace('%username', $username, variable_get('pubcookie_ldap_searchfield', '(\|(uid=%username))'));
336	}
337
338	$ldap_server = variable_get('pubcookie_ldap_server', '');
339	$ldap_dn = variable_get('pubcookie_ldap_basedn', '');
340	if ($ldap_server == '' \|\| $ldap_dn == '') {
341	watchdog('pubcookie', 'LDAP server not set; check pubcookie module settings', array(), WATCHDOG_WARNING);
342	return $records;
343	}
344
345	$directory_service = ldap_connect($ldap_server);
346	if (!$directory_service) {
347	watchdog('pubcookie', 'Could not connect to LDAP server %server', array('%server' => $ldap_server), WATCHDOG_WARNING);
348	return $records;
349	}
350
351	if (PUBCOOKIE_VERBOSE_LOGGING) {
352	watchdog('pubcookie', 'LDAP server is %server', array('%server' => $ldap_server));
353	watchdog('pubcookie', 'LDAP base dn is %base_dn', array('%base_dn' => $ldap_dn));
354	watchdog('pubcookie', 'Attempting LDAP search on filter %filter', array('%filter' => $filter));
355	}
356
357	ldap_set_option($directory_service, LDAP_OPT_PROTOCOL_VERSION, 3);
358	$r = ldap_bind($directory_service);
359	$sr = ldap_search($directory_service, $ldap_dn, $filter);
360
361	$info = ldap_get_entries($directory_service, $sr);
362	for ($i = 0; $i < $info['count']; $i++) {
363	$data = array();
364	foreach ($info[$i] as $key => $value) {
365	if (!is_numeric($key) && $key != 'objectclass') {
366	if (is_array($info[$i][$key])) {
367	$data[$key] = $info[$i][$key][0];
368	}
369	else {
370	$data[$key] = $info[$i][$key];
371	}
372	}
373	}
374	$records[] = $data;
375	}
376	ldap_close($directory_service);
377	if (PUBCOOKIE_VERBOSE_LOGGING) {
378	watchdog('pubcookie', 'Records returned: %num; first record has %rows rows', array('%num' => count($records), '%rows' => count($records[0])));
379	}
380
381	return $records;
382	}