aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/auth/auth_ldap.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/auth/auth_ldap.php')
-rw-r--r--phpBB/includes/auth/auth_ldap.php35
1 files changed, 19 insertions, 16 deletions
diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php
index 79af7a23e6..7df48722de 100644
--- a/phpBB/includes/auth/auth_ldap.php
+++ b/phpBB/includes/auth/auth_ldap.php
@@ -1,38 +1,46 @@
<?php
+// Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
//
-// Authentication plug-ins is largely down to
-// Sergey Kanareykin, our thanks to him.
+// This is for initial authentication via an LDAP server, user information is then
+// obtained from the integrated user table
//
+// You can do any kind of checking you like here ... the return data format is
+// either the resulting row of user information, an integer zero (indicating an
+// inactive user) or some error string
function login_ldap(&$username, &$password)
{
- global $board_config;
+ global $db, $config;
- if ( !extension_loaded('ldap') )
+ if (!extension_loaded('ldap'))
{
return 'LDAP extension not available';
}
- if ( !($ldap = @ldap_connect($board_config['ldap_server'])) )
+ if (!($ldap = @ldap_connect($config['ldap_server'])))
{
return 'Could not connect to LDAP server';
}
- $search = @ldap_search($ldap, $board_config['ldap_base_dn'], $board_config['ldap_uid'] . '=' . $username, array($board_config['ldap_uid']));
+ $search = @ldap_search($ldap, $config['ldap_base_dn'], $config['ldap_uid'] . '=' . $username, array($config['ldap_uid']));
$result = @ldap_get_entries($ldap, $search);
- if ( is_array($result) && count($result) > 1 )
+ if (is_array($result) && count($result) > 1)
{
- if ( @ldap_bind($ldap, $result[0]['dn'], $password) )
+ if (@ldap_bind($ldap, $result[0]['dn'], $password))
{
@ldap_close($ldap);
$sql = "SELECT user_id, username, user_password, user_email, user_active
FROM " . USERS_TABLE . "
- WHERE username = '" . str_replace("\'", "''", $username) . "'";
+ WHERE username = '" . $db->sql_escape($username) . "'";
$result = $db->sql_query($sql);
- return ( $row = $db->sql_fetchrow($result) ) ? $row : false;
+ if ($row = $db->sql_fetchrow($result))
+ {
+ $db->sql_freeresult($result);
+ return (empty($row['user_active'])) ? 0 : $row;
+ }
}
}
@@ -41,10 +49,8 @@ function login_ldap(&$username, &$password)
return false;
}
-//
// This function is used to output any required fields in the authentication
// admin panel. It also defines any required configuration table fields.
-//
function admin_ldap(&$new)
{
global $user;
@@ -64,22 +70,19 @@ function admin_ldap(&$new)
</tr>
<?php
- //
// These are fields required in the config table
- //
return array('ldap_server', 'ldap_base_dn', 'ldap_uid');
}
-//
// Would be nice to allow syncing of 'appropriate' data when user updates
// their username, password, etc. ... should be up to the plugin what data
// is updated.
//
// $mode perhaps being one of NEW, UPDATE, DELETE
-//
function usercp_ldap($mode)
{
+ global $db, $config;
}