diff options
| author | Nils Adermann <naderman@naderman.de> | 2006-03-18 16:19:18 +0000 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2006-03-18 16:19:18 +0000 |
| commit | 957502a28b1d2afec74cad30731dc2ee101cafe3 (patch) | |
| tree | 7707c27358fd83138566fca91fe8577bbffdd06f /phpBB | |
| parent | 9f7bc931259522fe7ae1ea9d6b5f4b17b60c97ad (diff) | |
| download | forums-957502a28b1d2afec74cad30731dc2ee101cafe3.tar forums-957502a28b1d2afec74cad30731dc2ee101cafe3.tar.gz forums-957502a28b1d2afec74cad30731dc2ee101cafe3.tar.bz2 forums-957502a28b1d2afec74cad30731dc2ee101cafe3.tar.xz forums-957502a28b1d2afec74cad30731dc2ee101cafe3.zip | |
- Added init_{$auth_plugin} function which can be used to test a connection to the authentication system before actually saving the new configuration. This will hopefully stop people from locking themselves out by using an authentication system that they cannot connect to.
git-svn-id: file:///svn/phpbb/trunk@5653 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/includes/acp/acp_board.php | 36 | ||||
| -rw-r--r-- | phpBB/includes/auth/auth_ldap.php | 42 | ||||
| -rw-r--r-- | phpBB/language/en/acp/board.php | 17 |
3 files changed, 88 insertions, 7 deletions
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index d39316226b..cc5b316a09 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -282,6 +282,11 @@ class acp_board continue; } + if ($config_name == 'auth_method') + { + continue; + } + $config_value = $cfg_array[$config_name]; $this->new_config[$config_name] = $config_value; @@ -313,6 +318,8 @@ class acp_board sort($auth_plugins); + $updated_auth_settings = false; + $old_auth_config = array(); foreach ($auth_plugins as $method) { if ($method && file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx)) @@ -337,11 +344,13 @@ class acp_board continue; } + $old_auth_config[$field] = $this->new_config[$field]; $config_value = $cfg_array[$field]; $this->new_config[$field] = $config_value; if ($submit) { + $updated_auth_settings = true; set_config($field, $config_value); } } @@ -350,6 +359,33 @@ class acp_board } } } + + if ($submit && (($cfg_array['auth_method'] != $this->new_config['auth_method']) || $updated_auth_settings)) + { + $method = $cfg_array['auth_method']; + if ($method && in_array($method, $auth_plugins)) + { + include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); + + $method = 'init_' . $method; + if (function_exists($method)) + { + if (($error = $method()) == true) + { + foreach ($old_auth_config as $config_name => $config_value) + { + set_config($config_name, $config_value); + } + trigger_error($error . adm_back_link($this->u_action)); + } + } + set_config('auth_method', $cfg_array['auth_method']); + } + else + { + trigger_error('NO_AUTH_PLUGIN'); + } + } } if ($submit) diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index 2eedd5a17b..17c29cc5e6 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -20,6 +20,48 @@ */ /** +* Only allow changing authentication to ldap if we can connect to the ldap server +*/ +function init_ldap() +{ + global $config, $user; + + if (!extension_loaded('ldap')) + { + return $user->lang['LDAP_NO_LDAP_EXTENSION']; + } + + if (!($ldap = @ldap_connect($config['ldap_server']))) + { + return $user->lang['LDAP_NO_SERVER_CONNECTION']; + } + + @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); + + // We'll get a notice here that we don't want, if we cannot connect to the server. + // ldap_connect only checks whether the specified server is valid, so the connection might still fail + ob_start(); + + $search = @ldap_search($ldap, $config['ldap_base_dn'], $config['ldap_uid'] . '=' . $user->data['username'], array($config['ldap_uid'])); + + if (ob_get_clean()) + { + return $user->lang['LDAP_NO_SERVER_CONNECTION']; + } + + $result = @ldap_get_entries($ldap, $search); + + @ldap_close($ldap); + + if (is_array($result) && sizeof($result) > 1) + { + return false; + } + + return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']); +} + +/** * Login function */ function login_ldap(&$username, &$password) diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php index fb7795a900..fa9736cae5 100644 --- a/phpBB/language/en/acp/board.php +++ b/phpBB/language/en/acp/board.php @@ -308,13 +308,16 @@ $lang = array_merge($lang, array( // Auth settings $lang = array_merge($lang, array( 'ACP_AUTH_SETTINGS_EXPLAIN' => 'phpBB2 supports authentication plug-ins, or modules. These allow you determine how users are authenticated when they log into the board. By default three plug-ins are provided; DB, LDAP and Apache. Not all methods require additional information so only fill out fields if they are relevant to the selected method.', - 'AUTH_METHOD' => 'Select an authentication method', - 'LDAP_SERVER' => 'LDAP server name', - 'LDAP_SERVER_EXPLAIN' => 'If using LDAP this is the name or IP address of the server.', - 'LDAP_DN' => 'LDAP base dn', - 'LDAP_DN_EXPLAIN' => 'This is the Distinguished Name, locating the user information, e.g. o=My Company,c=US', - 'LDAP_UID' => 'LDAP uid', - 'LDAP_UID_EXPLAIN' => 'This is the key under which to search for a given login identity, e.g. uid, sn, etc.', + 'AUTH_METHOD' => 'Select an authentication method', + 'LDAP_NO_IDENTITY' => 'Could not find a login identity for %s', + 'LDAP_NO_LDAP_EXTENSION' => 'LDAP extension not availible', + 'LDAP_NO_SERVER_CONNECTION' => 'Could not connect to LDAP server', + 'LDAP_DN' => 'LDAP base dn', + 'LDAP_DN_EXPLAIN' => 'This is the Distinguished Name, locating the user information, e.g. o=My Company,c=US', + 'LDAP_SERVER' => 'LDAP server name', + 'LDAP_SERVER_EXPLAIN' => 'If using LDAP this is the name or IP address of the server.', + 'LDAP_UID' => 'LDAP uid', + 'LDAP_UID_EXPLAIN' => 'This is the key under which to search for a given login identity, e.g. uid, sn, etc.', )); // Board defaults |