I have a login screen with username and password credentials that are validated throught a php script. once a user enters their username and password and hits submit. authenticate.php does an LDAP bind and if the user’s credentials are legit they are redirected to say http://www.siteA.com, if the credentials are false an erorr is given saying “Invalid login, authentication failed. I would like to make this AJAX so when a user hits submit, right on that page it tells the user whether they entered valid or invalid login.
Below is my code:
For login form:
<form action=authenticate.php method=post name=Auth class="appnitro">
<div class="form_description">
<h2>Login</h2>
</div>
<ul>
<li id="li_1">
<label class="description" for="element_1">Username </label>
<div>
input id="element_1" name="login" class="element text medium" type="text" maxlength="255" value=""/>
</div>
</li>
<li id="li_2" >
<label class="description" for="element_2">Password </label>
<div>
<input id="element_2" name="password" class="element text medium" type="password" maxlength="255" value=""/>
</div>
</li>
<li class="buttons">
<input id="saveForm" class="button_text" type="submit" name="submit" value="Log In" />
</li>
</ul>
</form>
My LDAP Bind, Authenticate.php:
<?php
session_start();
if( isset($_POST['login']) && isset($_POST['password']) )
{
//LDAP stuff here.
$username = trim($_POST['login']);
$password = trim($_POST['password']);
echo("Authenticating...");
$ds = ldap_connect('ldap://ldap:port');
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
//Can't connect to LDAP.
if( !ds )
{
echo "Error in contacting the LDAP server -- contact ";
echo "technical services! (Debug 1)";
exit;
}
//Connection made -- bind anonymously and get dn for username.
$bind = @ldap_bind($ds);
//Check to make sure we're bound.
if( !bind )
{
echo "Anonymous bind to LDAP FAILED. Contact Tech Services! (Debug 2)";
exit;
}
$search = ldap_search($ds, "ou=People,DC=keler,DC=medioa,DC=com", "uid=$username");
//Make sure only ONE result was returned -- if not, they might've thrown a * into the username. Bad user!
if( ldap_count_entries($ds,$search) != 1 )
{
echo "Error processing username -- please try to login again. (Debug 3)";
redirect(_WEBROOT_ . "/try1b.php");
exit;
}
$info = ldap_get_entries($ds, $search);
//Now, try to rebind with their full dn and password.
$bind = @ldap_bind($ds, $info[0][dn], $password);
if( !$bind || !isset($bind))
{
echo "Login failed -- please try again. (Debug 4)";
redirect(_WEBROOT_ . "/try1b.php");
exit;
}
//Now verify the previous search using their credentials.
$search = ldap_search($ds, "ou=People,DC=keler,DC=medioa,DC=com", "uid=$username");
//if the user's login is legit then redirect to the siteA
$info = ldap_get_entries($ds, $search);
if( $username == $info[0][uid][0] )
{
$_SESSION['username'] = $username;
$_SESSION['fullname'] = $info[0][cn][0];
header( "Location: www.siteA.com" );
exit;
}
else
{
echo "Error. Access Denied";
redirect(_WEBROOT_ . "/try1b.php");
exit;
}
ldap_close($ds);
exit;
}
?>
no need to paste all that.
submit the form using Ajax, and have the server-side script return a status and error message.
if the status indicates the login was successful, do the redirect using JavaScript.
if the status indicates the login failed, alert the error message.