LDAP['Server'], $settings->LDAP['Port']); // Strict namingconvention: only allow alphabetic characters $sanitizedUsername = preg_replace('([^a-zA-Z]*)', '', $_POST['username']); $qualifiedUsername = $settings->LDAP['Domain'] . '\\' . $sanitizedUsername; if (@ldap_bind($ds, $qualifiedUsername, utf8_encode($_POST['password']))) { // Successful authentication; get additional userdetails from authenticationsource $ldapSearchResults = ldap_search($ds, $settings->LDAP['BaseDN'], "sAMAccountName=$sanitizedUsername"); $commonName = ldap_get_entries($ds, $ldapSearchResults)[0]['cn'][0]; // Create JWT-payload $jwtPayload = [ 'iat' => time(), // Issued at: time when the token was generated 'iss' => $_SERVER['SERVER_NAME'], // Issuer 'sub' => $qualifiedUsername, // Subject (ie. username) 'name' => $commonName // Common name (as retrieved from AD) ]; $secureToken = JWT::encode($jwtPayload, base64_decode($settings->JWT['PrivateKey_base64'])); return ['status' => 'Success', 'token' => $secureToken]; } else { // LDAP authentication failed! return ['status' => 'Fail', 'reason' => '1']; } } else { // Empty username or passwords not allowed! return ['status' => 'Fail', 'reason' => '1']; } } function storeToken (string $username, string $password, object $cookie) { global $settings; } function retrieveToken (string $username, string $foo) { global $settings; } function validateCookie (int $expiration, string $username, string $securetoken) { # $_COOKIE['Exp'], $_COOKIE['Sub'], $_COOKIE['JWT'] global $settings; If ($expiration > time()) { #moo } } ?>