2 files changed, 78 insertions, 0 deletions
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php
index d39316226b..cc5b316a09 100644
--- a/phpBB/includes/acp/acp_board.php
+++ b/phpBB/includes/acp/acp_board.php
@@ -282,6 +282,11 @@ class acp_board
 				continue;
 			}
 
+			if ($config_name == 'auth_method')
+			{
+				continue;
+			}
+
 			$config_value = $cfg_array[$config_name];
 			$this->new_config[$config_name] = $config_value;
 
@@ -313,6 +318,8 @@ class acp_board
 
 			sort($auth_plugins);
 
+			$updated_auth_settings = false;
+			$old_auth_config = array();
 			foreach ($auth_plugins as $method)
 			{
 				if ($method && file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
@@ -337,11 +344,13 @@ class acp_board
 									continue;
 								}
 
+								$old_auth_config[$field] = $this->new_config[$field];
 								$config_value = $cfg_array[$field];
 								$this->new_config[$field] = $config_value;
 
 								if ($submit)
 								{
+									$updated_auth_settings = true;
 									set_config($field, $config_value);
 								}
 							}
@@ -350,6 +359,33 @@ class acp_board
 					}
 				}
 			}
+
+			if ($submit && (($cfg_array['auth_method'] != $this->new_config['auth_method']) || $updated_auth_settings))
+			{
+				$method = $cfg_array['auth_method'];
+				if ($method && in_array($method, $auth_plugins))
+				{
+					include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
+
+					$method = 'init_' . $method;
+					if (function_exists($method))
+					{
+						if (($error = $method()) == true)
+						{
+							foreach ($old_auth_config as $config_name => $config_value)
+							{
+								set_config($config_name, $config_value);
+							}
+							trigger_error($error . adm_back_link($this->u_action));
+						}
+					}
+					set_config('auth_method', $cfg_array['auth_method']);
+				}
+				else
+				{
+					trigger_error('NO_AUTH_PLUGIN');
+				}
+			}
 		}
 
 		if ($submit)
diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php
index 2eedd5a17b..17c29cc5e6 100644
--- a/phpBB/includes/auth/auth_ldap.php
+++ b/phpBB/includes/auth/auth_ldap.php
@@ -20,6 +20,48 @@
 */
 
 /**
+* Only allow changing authentication to ldap if we can connect to the ldap server
+*/
+function init_ldap()
+{
+	global $config, $user;
+
+	if (!extension_loaded('ldap'))
+	{
+		return $user->lang['LDAP_NO_LDAP_EXTENSION'];
+	}
+
+	if (!($ldap = @ldap_connect($config['ldap_server'])))
+	{
+		return $user->lang['LDAP_NO_SERVER_CONNECTION'];
+	}
+
+	@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
+
+	// We'll get a notice here that we don't want, if we cannot connect to the server.
+	// ldap_connect only checks whether the specified server is valid, so the connection might still fail
+	ob_start();
+
+	$search = @ldap_search($ldap, $config['ldap_base_dn'], $config['ldap_uid'] . '=' . $user->data['username'], array($config['ldap_uid']));
+
+	if (ob_get_clean())
+	{
+		return $user->lang['LDAP_NO_SERVER_CONNECTION'];
+	}
+
+	$result = @ldap_get_entries($ldap, $search);
+
+	@ldap_close($ldap);
+
+	if (is_array($result) && sizeof($result) > 1)
+	{
+		return false;
+	}
+
+	return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']);
+}
+
+/**
 * Login function
 */
 function login_ldap(&$username, &$password)