mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00
Code Issues Releases Wiki Activity

- auto sync attachment topic flag [Bug #2949]

Browse Source 
- corrected paths for templates stored in the db and filenames displayed in the template editor [Bug #3662]
- removed some useless language strings [Bug #3648]
- corrected escaping of usernames and passwords in auth modules [Bug #3696], added ldap_escape


git-svn-id: file:///svn/phpbb/trunk@6266 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Nils Adermann
2006-08-12 01:58:58 +00:00
parent b5a6291fa5
commit b1ef984526
6 changed files with 32 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
phpBB/includes/auth/auth_ldap.php
View File

@@ -38,7 +38,7 @@ function init_ldap()
$search = @ldap_search(
$ldap,
$config['ldap_base_dn'],
'(' . $config['ldap_uid'] . '=' . $user->data['username'] . ')',
'(' . $config['ldap_uid'] . '=' . ldap_escape(html_entity_decode($user->data['username'])) . ')',
(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
0,
1
@@ -53,17 +53,18 @@ function init_ldap()
@ldap_close($ldap);
if (!is_array($result) || sizeof($result) < 2)
{
return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']);
}
if (!empty($config['ldap_email']) && !isset($result[0][$config['ldap_email']]))
{
return $user->lang['LDAP_NO_EMAIL'];
}
if (is_array($result) && sizeof($result) > 1)
{
return false;
}
return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']);
return false;
}
/**
@@ -97,7 +98,7 @@ function login_ldap(&$username, &$password)
$search = @ldap_search(
$ldap,
$config['ldap_base_dn'],
'(' . $config['ldap_uid'] . '=' . $username . ')',
'(' . $config['ldap_uid'] . '=' . ldap_escape(html_entity_decode($username)) . ')',
(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
0,
1
@@ -107,7 +108,7 @@ function login_ldap(&$username, &$password)
if (is_array($ldap_result) && sizeof($ldap_result) > 1)
{
if (@ldap_bind($ldap, $ldap_result[0]['dn'], $password))
if (@ldap_bind($ldap, $ldap_result[0]['dn'], html_entity_decode($password)))
{
@ldap_close($ldap);
@@ -198,6 +199,14 @@ function login_ldap(&$username, &$password)
);
}
/**
* Escapes an LDAP AttributeValue
*/
function ldap_escape($string)
{
return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string);
}
/**
* This function is used to output any required fields in the authentication
* admin panel. It also defines any required configuration table fields.