This post was last edited by phpnewnew on 2012-06-26 16:53:45
The case is a Web authentication system for the wireless network developed by the customer's partner unit.
This system implements Web-based Windows Active directory user authentication (domain user authentication) and database user authentication, calling the Wiwiz Auth API to implement Web authentication.
Wireless network for the customer's existing environment, each layer of a wireless router to the switch, formerly with WPA, is now the Web page authentication method.
The network structure has been changed slightly, and the Web authentication gateway adopts Wiwiz virtual machine.
The authentication page program uses PHP + MySQL to invoke the Wiwiz Auth API interface.
The company has hundreds of employees, the use of the network more stringent regulations. Most employees only on the intranet, a small number of employees have access to the external network (Customer OA system in the registration of the record).
MySQL database is the client's OA system database.
Employees with extranet access can log in and authenticate using the company's Windows domain account or the OA system's account.
The receptionist can also apply for authorization code through the program backstage when the important customer visits.
Certification page effect please refer to (has hidden the customer logo and name):
Reply to discussion (solution)
The following source code is attached:
index.php
==========================================
//****************************************************
Gets Incoming parameters
//****************************************************
$pTokencode = $_request["Tokencode"]; Incoming parameter "Tokencode"
$pSrvurl = $_request["Srvurl"]; Incoming parameter "Srvurl"
Session_Start ();
if ($pTokencode! = null)
$_session[' tokencode '] = $pTokencode;
if ($pSrvurl! = null)
$_session[' srvurl '] = $pSrvurl;
?>
<title>Wifi Portal</title>
==========================================
auth.php
==========================================
Session_Start ();
$AD _host = "xxxxxx:389"; Active directory Servers
$userkey = "XXXXXX"; Wiwiz User Key
$loginSuccess = false;
if (Isset ($_post[' login1 ')) {
if ($_post[' authtype ') = = ' 0 ') {//Employee Channel-Login and certify using OA system account
$StaffId = $_post[' StaffID ');
$Pswd = $_post[' pswd ');
if ($StaffId = = ")
Die ("Please enter the work number! " );
if ($Pswd = = ")
Die ("Please enter the password!") " );
$db = mysql_connect ("localhost", "root") or Die ("OA system connection is abnormal! ");
$db = mysql_connect (":/tmp/mysql.sock", "root") or Die ("OA system connection is abnormal! ");
mysql_select_db ("oadb", $db);
$result = mysql_query ("SELECT count (StaffID) as CNT from Usermaster where staffid= '". Mysql_real_escape_string ($StaffId) . "' and pswd= '". Mysql_real_escape_string ($PSWD). "'", $db);
$cnt = mysql_result ($result, 0, "CNT");
Mysql_close ($DB);
if ($cnt <> ' 0 ')
$loginSuccess = true;
} else if ($_post[' authtype '] = = ' 1 ') {//Employee channel-log in and authenticate using a domain account
$DomainUser = $_post[' DomainUser ');
$DomainPswd = $_post[' domainpswd ');
$Domain = $_post[' Domain '];
if ($DomainUser = = ")
Die ("Please enter the domain account name!") " );
if ($DomainPswd = = ")
Die ("Please enter the domain account password! " );
if ($Domain = = ")
Die ("Please select your domain! " );
$conn = Ldap_connect ($AD _host) or Die ("Connection failed! " );
if ($conn) {
//
Ldap_set_option ($conn, Ldap_opt_protocol_version, 3);
Ldap_set_option ($conn, ldap_opt_referrals, 0); Binding to LDAP server
$BD = Ldap_bind ($conn, $DomainUser. ' @ '. $Domain, $DOMAINPSWD); Or Die ("domain account or password error. ");
if ($BD)
$loginSuccess = true;
} else{
echo "Connection failed! ";
}
}
}
if (Isset ($_post[' login2 ')) {//Guest channel (authentication with authorization code)
$AuthCode = $_post[' Authcode ');
if ($AuthCode = = ")
Die ("Please enter the authorization code! " );
$db = mysql_connect ("localhost", "root") or Die ("OA system connection is abnormal! ");
mysql_select_db ("oadb", $db);
$result = mysql_query ("SELECT count (ID) as CNT from Authcode where code= '". Mysql_real_escape_string ($AuthCode). "'", $db);
$cnt = mysql_result ($result, 0, "CNT");
Mysql_close ($DB);
if ($cnt <> ' 0 ')
$loginSuccess = true;
}
//
Do something need.
e.g. verify the user
// ......
//
if ($loginSuccess = = False) {
echo "Authentication failed!"; If user login failed, show an error message
} else {
//****************************************************
Step 2. Do the Pre-auth by calling Wiwiz Auth API
Important:do this on your server side (ASP, C #, Jsp/servlet, PHP ...),
But does not does this on your client side (Html/javascript)
//****************************************************
Parameter "Action": required!
Set it to ' 1 ' to authenticate the user
Set it to ' 0 ' to block the user
$action = "1";
Parameter "Tokencode": required!
Set identical to the incoming parameter
$tokencode = $_session[' Tokencode ');
Parameter "Srvurl": required!
Set identical to the incoming parameter
$srvurl = $_session[' Srvurl ');
Parameter "Endtime": OPTIONAL
Format:yyyy-mm-dd hh:MM:ss e.g. 2012-05-31 21:39:00
Set this parameter to set the time to close the user's Internet connection
Note:the value must be url-encoded.
$endtime = UrlEncode (' 2012-05-31 21:39:00 ');
$endtime = ";
Parameter "Postauth": OPTIONAL
e.g. http://www.YourDomain.com
Set this parameter to redirect to a specified URLs after authenticated.
Note:the value should be url-encoded.
$postauth = UrlEncode ("http://www.wiwiz.com");
$postauth = ";
$parameters = "? wiwiz_auth_api=1&ver=1.0". Parameter "Wiwiz_auth_api" and "ver". Fixed value
"&tokencode=". $tokencode. Parameter "Tokencode". See above
"&userkey=". $userkey. Parameter "UserKey". Set your own User Key
"&action=". $action. Parameter "action". See above
"&endtime=". $endtime. Parameter "Endtime". See above
"&postauth=". $postauth; Parameter "Postauth". See above
$verifycode = file_get_contents ($srvurl. $parameters);
if (Strpos ($verifycode, "ERR") = = = 0) {
If there is an error, show error code
echo "Error:". $verifycode;
} else {
OK, now. Do Step 3.
//****************************************************
Step 3. Complete the authentication by calling Wiwiz Auth API
//****************************************************
$REDIRECTURL = $srvurl. Use the value of incoming parameter "Srvurl" as the redirection address
"? Wiwiz_auth_api_login=1". Parameter "Wiwiz_auth_api_login"
"&tokencode=". $tokencode. Parameter "Tokencode", set identical to the incoming parameter
"&verifycode=". $verifycode; Parameter "Verifycode", set identical to the incoming parameter
Ob_start ();
Header ("Location:".) $REDIRECTURL); Finally, do the redirection
Ob_flush ();
echo "";
}
}
?>
==========================================
Copy and paste or original share
Copy and paste or original share
Original share of the OH
This post was last edited by phpnewnew on 2012-06-26 16:51:57
Yes, it's a good year. Don't knot this, I'm good.
Reference to the 3 floor of the reply:
Copy and paste or original share
Original share of the OH
Thank you landlord, ha haha
Let's just say it.
See the file again ~ ~
lznx~~
Access to LDAP after MySQL, what's the connection to WiFi?
WiFi Web Authentication system ...
Also can say with WiFi does not matter ... WiFi is an environment, mainly to solve the Web authentication system ... Ha ha haha
Access to LDAP after MySQL, what's the connection to WiFi?
Take it!!
Worship Landlord
Take it!!
Bu CuO
Good!.
It's a good code, but it feels like a IE9.
Code's good code.
Good stuff!
Not bad!
Not bad!
Lanzhou Sesame Cake.
Thanks for the original, we need to be original too.
How is the database designed?
In fact, this is the core
Oh, what?
Thank you landlord to share
Thank the landlord to share
Worship Landlord
Thank the landlord to share!
Thank you landlord to share, study theory
?? Share... Very exciting.
?? Php+ldap? What can be done?
Thanks for sharing.
Look at it! Thanks for sharing.
WiFi Web Authentication system ...
Also can say with WiFi does not matter ... WiFi is an environment, mainly to solve the Web authentication system ... Ha ha haha
Reference to the 10 floor of the reply:
Access to LDAP after MySQL, what's the connection to WiFi?
I saw Wi-Fi only recently.
This is
LDAP is what, even to the landlord's needs are not very understanding, ashamed!!!!!!!!!
Well
Small businesses can be filtered by MAC using no line.
What is the operating process of this system? What can I do when I have finished certification? What kind of authority can you get after the general staff and visitors have finished certification? The principle is based on the PHP+LDAP mechanism, or something else?
Sorry, this rookie of mine is really not understand what meaning! Those who wish to know the details of this can interpret these less well understood and abstract concepts better. Thank you!