diff options
| -rw-r--r-- | phpBB/includes/acp/acp_board.php | 36 | ||||
| -rw-r--r-- | phpBB/includes/auth/auth_ldap.php | 42 | ||||
| -rw-r--r-- | phpBB/language/en/acp/board.php | 17 |
3 files changed, 88 insertions, 7 deletions
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index d39316226b..cc5b316a09 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -282,6 +282,11 @@ class acp_board continue; } + if ($config_name == 'auth_method') + { + continue; + } + $config_value = $cfg_array[$config_name]; $this->new_config[$config_name] = $config_value; @@ -313,6 +318,8 @@ class acp_board sort($auth_plugins); + $updated_auth_settings = false; + $old_auth_config = array(); foreach ($auth_plugins as $method) { if ($method && file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx)) @@ -337,11 +344,13 @@ class acp_board continue; } + $old_auth_config[$field] = $this->new_config[$field]; $config_value = $cfg_array[$field]; $this->new_config[$field] = $config_value; if ($submit) { + $updated_auth_settings = true; set_config($field, $config_value); } } @@ -350,6 +359,33 @@ class acp_board } } } + + if ($submit && (($cfg_array['auth_method'] != $this->new_config['auth_method']) || $updated_auth_settings)) + { + $method = $cfg_array['auth_method']; + if ($method && in_array($method, $auth_plugins)) + { + include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); + + $method = 'init_' . $method; + if (function_exists($method)) + { + if (($error = $method()) == true) + { + foreach ($old_auth_config as $config_name => $config_value) + { + set_config($config_name, $config_value); + } + trigger_error($error . adm_back_link($this->u_action)); + } + } + set_config('auth_method', $cfg_array['auth_method']); + } + else + { + trigger_error('NO_AUTH_PLUGIN'); + } + } } if ($submit) diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index 2eedd5a17b..17c29cc5e6 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -20,6 +20,48 @@ */ /** +* Only allow changing authentication to ldap if we can connect to the ldap server +*/ +function init_ldap() +{ + global $config, $user; + + if (!extension_loaded('ldap')) + { + return $user->lang['LDAP_NO_LDAP_EXTENSION']; + } + + if (!($ldap = @ldap_connect($config['ldap_server']))) + { + return $user->lang['LDAP_NO_SERVER_CONNECTION']; + } + + @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); + + // We'll get a notice here that we don't want, if we cannot connect to the server. + // ldap_connect only checks whether the specified server is valid, so the connection might still fail + ob_start(); + + $search = @ldap_search($ldap, $config['ldap_base_dn'], $config['ldap_uid'] . '=' . $user->data['username'], array($config['ldap_uid'])); + + if (ob_get_clean()) + { + return $user->lang['LDAP_NO_SERVER_CONNECTION']; + } + + $result = @ldap_get_entries($ldap, $search); + + @ldap_close($ldap); + + if (is_array($result) && sizeof($result) > 1) + { + return false; + } + + return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']); +} + +/** * Login function */ function login_ldap(&$username, &$password) diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php index fb7795a900..fa9736cae5 100644 --- a/phpBB/language/en/acp/board.php +++ b/phpBB/language/en/acp/board.php @@ -308,13 +308,16 @@ $lang = array_merge($lang, array( // Auth settings $lang = array_merge($lang, array( 'ACP_AUTH_SETTINGS_EXPLAIN' => 'phpBB2 supports authentication plug-ins, or modules. These allow you determine how users are authenticated when they log into the board. By default three plug-ins are provided; DB, LDAP and Apache. Not all methods require additional information so only fill out fields if they are relevant to the selected method.', - 'AUTH_METHOD' => 'Select an authentication method', - 'LDAP_SERVER' => 'LDAP server name', - 'LDAP_SERVER_EXPLAIN' => 'If using LDAP this is the name or IP address of the server.', - 'LDAP_DN' => 'LDAP base dn', - 'LDAP_DN_EXPLAIN' => 'This is the Distinguished Name, locating the user information, e.g. o=My Company,c=US', - 'LDAP_UID' => 'LDAP uid', - 'LDAP_UID_EXPLAIN' => 'This is the key under which to search for a given login identity, e.g. uid, sn, etc.', + 'AUTH_METHOD' => 'Select an authentication method', + 'LDAP_NO_IDENTITY' => 'Could not find a login identity for %s', + 'LDAP_NO_LDAP_EXTENSION' => 'LDAP extension not availible', + 'LDAP_NO_SERVER_CONNECTION' => 'Could not connect to LDAP server', + 'LDAP_DN' => 'LDAP base dn', + 'LDAP_DN_EXPLAIN' => 'This is the Distinguished Name, locating the user information, e.g. o=My Company,c=US', + 'LDAP_SERVER' => 'LDAP server name', + 'LDAP_SERVER_EXPLAIN' => 'If using LDAP this is the name or IP address of the server.', + 'LDAP_UID' => 'LDAP uid', + 'LDAP_UID_EXPLAIN' => 'This is the key under which to search for a given login identity, e.g. uid, sn, etc.', )); // Board defaults |