PHP is a versatile language capable of many useful things. One of the more useful elements I’ve used in the past is Active Directory integration. It’s very useful to authenticate against an Active Directory Domain Controller (DC). This not only allows for easier user management, but it also enforces the security policies set in place by the account administrators. This includes policies such as number of password attempts before locking the account, or password complexity requirements.
Authenticating with Active Directory is a relatively easy process with PHP. The example code below shows the simplest of implementations, however there are a number of other functions which add flexibility to the integration. A full list of LDAP functions and explanations can be found on the PHP manual site at: http://php.net/manual/en/book.ldap.php
$ldap = ldap_connect("DomainController.ExampleCompany.com");
if ($bind = ldap_bind($ldap, $_POST['username'], $_POST['password'])) {
//CORRECT LOGIN CREDENTIALS
} else {
//BAD LOGIN CREDENTIALS
}//END IF BIND = LDAP_BIND()