diff options
Diffstat (limited to 'phpBB/includes/auth/auth_ldap.php')
-rw-r--r-- | phpBB/includes/auth/auth_ldap.php | 35 |
1 files changed, 19 insertions, 16 deletions
diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index 79af7a23e6..7df48722de 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -1,38 +1,46 @@ <?php +// Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him. // -// Authentication plug-ins is largely down to -// Sergey Kanareykin, our thanks to him. +// This is for initial authentication via an LDAP server, user information is then +// obtained from the integrated user table // +// You can do any kind of checking you like here ... the return data format is +// either the resulting row of user information, an integer zero (indicating an +// inactive user) or some error string function login_ldap(&$username, &$password) { - global $board_config; + global $db, $config; - if ( !extension_loaded('ldap') ) + if (!extension_loaded('ldap')) { return 'LDAP extension not available'; } - if ( !($ldap = @ldap_connect($board_config['ldap_server'])) ) + if (!($ldap = @ldap_connect($config['ldap_server']))) { return 'Could not connect to LDAP server'; } - $search = @ldap_search($ldap, $board_config['ldap_base_dn'], $board_config['ldap_uid'] . '=' . $username, array($board_config['ldap_uid'])); + $search = @ldap_search($ldap, $config['ldap_base_dn'], $config['ldap_uid'] . '=' . $username, array($config['ldap_uid'])); $result = @ldap_get_entries($ldap, $search); - if ( is_array($result) && count($result) > 1 ) + if (is_array($result) && count($result) > 1) { - if ( @ldap_bind($ldap, $result[0]['dn'], $password) ) + if (@ldap_bind($ldap, $result[0]['dn'], $password)) { @ldap_close($ldap); $sql = "SELECT user_id, username, user_password, user_email, user_active FROM " . USERS_TABLE . " - WHERE username = '" . str_replace("\'", "''", $username) . "'"; + WHERE username = '" . $db->sql_escape($username) . "'"; $result = $db->sql_query($sql); - return ( $row = $db->sql_fetchrow($result) ) ? $row : false; + if ($row = $db->sql_fetchrow($result)) + { + $db->sql_freeresult($result); + return (empty($row['user_active'])) ? 0 : $row; + } } } @@ -41,10 +49,8 @@ function login_ldap(&$username, &$password) return false; } -// // This function is used to output any required fields in the authentication // admin panel. It also defines any required configuration table fields. -// function admin_ldap(&$new) { global $user; @@ -64,22 +70,19 @@ function admin_ldap(&$new) </tr> <?php - // // These are fields required in the config table - // return array('ldap_server', 'ldap_base_dn', 'ldap_uid'); } -// // Would be nice to allow syncing of 'appropriate' data when user updates // their username, password, etc. ... should be up to the plugin what data // is updated. // // $mode perhaps being one of NEW, UPDATE, DELETE -// function usercp_ldap($mode) { + global $db, $config; } |