Edit History

Laetitia Bordon · October 23, 2020

In file /app/config/parameters.php, add the parameters for your ldap connection.

For BackOffice part

In /controllers/admin/AdminLogController.php, add "use Symfony\Component\Ldap\Ldap;" before the class.

In function __construct, I've

if (!headers_sent()) {
$this->testLdap();
//header('Login: true');
}

And the 2 function I created:

public function testLdap()
{
  //l'HTTP_USER_AGENT est de la forme "FedPol-Portal/2.0 44123456F"
  $sso = $_SERVER['HTTP_USER_AGENT'];
  $ssoPart = array_pop(explode(' ', $sso));
  $langue=substr($ssoPart,9,1);
  $uid = substr($ssoPart, 0, 9);
  $container = $this->buildContainer();
  $host = $container->getParameter('ldap_host');
  $port = intval($container->getParameter('ldap_port'));
  $base = $container->getParameter('ldap_base');
  $classeObject = $container->getParameter('ldap_classe');
  $ldap = Ldap::create('ext_ldap', [
  'host' => $host,
  'port' => $port
  ]);
  $ldap->bind();
  $query = $ldap->query($base, '(&(uid='.$uid.')(objectclass='.$classeObject.'))');
  $results = $query->execute()->toArray();
  $mail = $results[0]->getAttribute("mail")[0];
  $password = $results[0]->getAttribute("userPassword")[0];
  $admin = $results[0]->getAttribute("bePolbruAuthEditShopFin")[0];
  $this->processLoginTest($mail,$password);
}

//it's a copy of processLogin function
public function processLoginTest($email,$passwd)
    {
        /* Check fields validity */
        /*$passwd = trim(Tools::getValue('passwd'));
        $email = trim(Tools::getValue('email'));*/
		
        if (empty($email)) {
            $this->errors[] = $this->trans('Email is empty.', array(), 'Admin.Notifications.Error');
        } elseif (!Validate::isEmail($email)) {
            $this->errors[] = $this->trans('Invalid email address.', array(), 'Admin.Notifications.Error');
        }
		
        if (empty($passwd)) {
            $this->errors[] = $this->trans('The password field is blank.', array(), 'Admin.Notifications.Error');
        } elseif (!Validate::isPasswd($passwd)) {
            $this->errors[] = $this->trans('Invalid password.', array(), 'Admin.Notifications.Error');
        }
        if (!count($this->errors)) {
            // Find employee
            $this->context->employee = new Employee();
            $is_employee_loaded = $this->context->employee->getByEmail($email);
            $employee_associated_shop = $this->context->employee->getAssociatedShops();
            if (!$is_employee_loaded) {
                $this->errors[] = $this->trans('The employee does not exist, or the password provided is incorrect.', array(), 'Admin.Login.Notification');
                $this->context->employee->logout();
            } elseif (empty($employee_associated_shop) && !$this->context->employee->isSuperAdmin()) {
                $this->errors[] = $this->trans('This employee does not manage the shop anymore (either the shop has been deleted or permissions have been revoked).', array(), 'Admin.Login.Notification');
                $this->context->employee->logout();
            } else {
                PrestaShopLogger::addLog($this->trans('Back office connection from %ip%', array('%ip%' => Tools::getRemoteAddr()), 'Admin.Advparameters.Feature'), 1, null, '', 0, true, (int) $this->context->employee->id);

                $this->context->employee->remote_addr = (int) ip2long(Tools::getRemoteAddr());
                // Update cookie
                $cookie = Context::getContext()->cookie;
                $cookie->id_employee = $this->context->employee->id;
                $cookie->email = $this->context->employee->email;
                $cookie->profile = $this->context->employee->id_profile;
                $cookie->passwd = $this->context->employee->passwd;
                $cookie->remote_addr = $this->context->employee->remote_addr;

                if (!Tools::getValue('stay_logged_in')) {
                    $cookie->last_activity = time();
                }

                $cookie->write();

                // If there is a valid controller name submitted, redirect to it
                if (isset($_POST['redirect']) && Validate::isControllerName($_POST['redirect'])) {
                    $url = $this->context->link->getAdminLink($_POST['redirect']);
                } else {
                    $tab = new Tab((int) $this->context->employee->default_tab);
                    $url = $this->context->link->getAdminLink($tab->class_name);
                }

                if (Tools::isSubmit('ajax')) {
                    die(json_encode(array('hasErrors' => false, 'redirect' => $url)));
                } else {
                    $this->redirect_after = $url;
                }
            }
        }
        if (Tools::isSubmit('ajax')) {
            die(json_encode(array('hasErrors' => true, 'errors' => $this->errors)));
        }
    }

In /classes/Employee.php, set the required option for passwd at false.

For front part

Solution in this topic (with removed link to Sign out)

Laetitia Bordon · October 23, 2020

For BackOffice part

In controllers/admin/AdminLogController.php, add "use Symfony\Component\Ldap\Ldap;" before the class.

In function __construct, I've

if (!headers_sent()) {
$this->testLdap();
//header('Login: true');
}

And the 2 function I created:

public function testLdap()
{
  //l'HTTP_USER_AGENT est de la forme "FedPol-Portal/2.0 44123456F"
  $sso = $_SERVER['HTTP_USER_AGENT'];
  $ssoPart = array_pop(explode(' ', $sso));
  $langue=substr($ssoPart,9,1);
  $uid = substr($ssoPart, 0, 9);
  $container = $this->buildContainer();
  $host = $container->getParameter('ldap_host');
  $port = intval($container->getParameter('ldap_port'));
  $base = $container->getParameter('ldap_base');
  $classeObject = $container->getParameter('ldap_classe');
  $ldap = Ldap::create('ext_ldap', [
  'host' => $host,
  'port' => $port
  ]);
  $ldap->bind();
  $query = $ldap->query($base, '(&(uid='.$uid.')(objectclass='.$classeObject.'))');
  $results = $query->execute()->toArray();
  $mail = $results[0]->getAttribute("mail")[0];
  $password = $results[0]->getAttribute("userPassword")[0];
  $admin = $results[0]->getAttribute("bePolbruAuthEditShopFin")[0];
  $this->processLoginTest($mail,$password);
}

//it's a copy of processLogin function
public function processLoginTest($email,$passwd)
    {
        /* Check fields validity */
        /*$passwd = trim(Tools::getValue('passwd'));
        $email = trim(Tools::getValue('email'));*/
		
        if (empty($email)) {
            $this->errors[] = $this->trans('Email is empty.', array(), 'Admin.Notifications.Error');
        } elseif (!Validate::isEmail($email)) {
            $this->errors[] = $this->trans('Invalid email address.', array(), 'Admin.Notifications.Error');
        }
		
        if (empty($passwd)) {
            $this->errors[] = $this->trans('The password field is blank.', array(), 'Admin.Notifications.Error');
        } elseif (!Validate::isPasswd($passwd)) {
            $this->errors[] = $this->trans('Invalid password.', array(), 'Admin.Notifications.Error');
        }
        if (!count($this->errors)) {
            // Find employee
            $this->context->employee = new Employee();
            $is_employee_loaded = $this->context->employee->getByEmail($email);
            $employee_associated_shop = $this->context->employee->getAssociatedShops();
            if (!$is_employee_loaded) {
                $this->errors[] = $this->trans('The employee does not exist, or the password provided is incorrect.', array(), 'Admin.Login.Notification');
                $this->context->employee->logout();
            } elseif (empty($employee_associated_shop) && !$this->context->employee->isSuperAdmin()) {
                $this->errors[] = $this->trans('This employee does not manage the shop anymore (either the shop has been deleted or permissions have been revoked).', array(), 'Admin.Login.Notification');
                $this->context->employee->logout();
            } else {
                PrestaShopLogger::addLog($this->trans('Back office connection from %ip%', array('%ip%' => Tools::getRemoteAddr()), 'Admin.Advparameters.Feature'), 1, null, '', 0, true, (int) $this->context->employee->id);

                $this->context->employee->remote_addr = (int) ip2long(Tools::getRemoteAddr());
                // Update cookie
                $cookie = Context::getContext()->cookie;
                $cookie->id_employee = $this->context->employee->id;
                $cookie->email = $this->context->employee->email;
                $cookie->profile = $this->context->employee->id_profile;
                $cookie->passwd = $this->context->employee->passwd;
                $cookie->remote_addr = $this->context->employee->remote_addr;

                if (!Tools::getValue('stay_logged_in')) {
                    $cookie->last_activity = time();
                }

                $cookie->write();

                // If there is a valid controller name submitted, redirect to it
                if (isset($_POST['redirect']) && Validate::isControllerName($_POST['redirect'])) {
                    $url = $this->context->link->getAdminLink($_POST['redirect']);
                } else {
                    $tab = new Tab((int) $this->context->employee->default_tab);
                    $url = $this->context->link->getAdminLink($tab->class_name);
                }

                if (Tools::isSubmit('ajax')) {
                    die(json_encode(array('hasErrors' => false, 'redirect' => $url)));
                } else {
                    $this->redirect_after = $url;
                }
            }
        }
        if (Tools::isSubmit('ajax')) {
            die(json_encode(array('hasErrors' => true, 'errors' => $this->errors)));
        }
    }

In classes/Employee.php, set the required option for passwd at false.

For front part

Solution in this topic (with removed link to Sign out)

Sign In

Edit History

Laetitia Bordon

Laetitia Bordon

Browse

Activity

Go back to prestashop.com