From f40e2aba2261aaf79ee3b5ebe87b71dd6d30d1cb Mon Sep 17 00:00:00 2001
From: Nils Adermann <naderman@naderman.de>
Date: Sun, 10 Dec 2006 17:44:45 +0000
Subject: - finally correctly calculate current time for birthday calculation
 [Bug #6030] - allow searching forums with unsearchable subforums [Bug #6056]
 - addition of an optional HTTP_X_FORWARDED_FOR check in sessions, including
 bans - do not index forums which have indexing disabled on index recreation
 [Bug #6060] - properly handle html entities in the theme editor [Bug #6048] -
 anonymous access is no longer required for the LDAP auth plugin [Bug #6046] -
 corrected mcp_front queue link to point to approve_details [Bug #6134] -
 added direct (dis)approval to mcp_front queue items [Bug #6134] - proper
 mysql version test for fulltext-compatibility [Bug #6054] - added note to
 style/language "used by" column so it's clear that bots are included -
 correctly update bot last visit time [Bug #6108]

git-svn-id: file:///svn/phpbb/trunk@6740 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/auth/auth_ldap.php | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

(limited to 'phpBB/includes/auth/auth_ldap.php')

diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php
index 8241db1c4f..365361a364 100644
--- a/phpBB/includes/auth/auth_ldap.php
+++ b/phpBB/includes/auth/auth_ldap.php
@@ -34,6 +34,14 @@ function init_ldap()
 	@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
 	@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
 
+	if ($config['ldap_user'] || $config['ldap_password'])
+	{
+		if (!@ldap_bind($ldap, ldap_escape(htmlspecialchars_decode($config['ldap_user'])), htmlspecialchars_decode($config['ldap_password'])))
+		{
+			return $user->lang['LDAP_INCORRECT_USER_PASSWORD'];
+		}
+	}
+
 	// ldap_connect only checks whether the specified server is valid, so the connection might still fail
 	$search = @ldap_search(
 		$ldap,
@@ -95,6 +103,14 @@ function login_ldap(&$username, &$password)
 	@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
 	@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
 
+	if ($config['ldap_user'] || $config['ldap_password'])
+	{
+		if (!@ldap_bind($ldap, $config['ldap_user'], htmlspecialchars_decode($config['ldap_password'])))
+		{
+			return $user->lang['LDAP_NO_SERVER_CONNECTION'];
+		}
+	}
+
 	$search = @ldap_search(
 		$ldap,
 		$config['ldap_base_dn'],
@@ -221,6 +237,14 @@ function acp_ldap(&$new)
 		<dt><label for="ldap_server">' . $user->lang['LDAP_SERVER'] . ':</label><br /><span>' . $user->lang['LDAP_SERVER_EXPLAIN'] . '</span></dt>
 		<dd><input type="text" id="ldap_server" size="40" name="config[ldap_server]" value="' . $new['ldap_server'] . '" /></dd>
 	</dl>
+	<dl>
+		<dt><label for="ldap_user">' . $user->lang['LDAP_USER'] . ':</label><br /><span>' . $user->lang['LDAP_USER_EXPLAIN'] . '</span></dt>
+		<dd><input type="text" id="ldap_user" size="40" name="config[ldap_user]" value="' . $new['ldap_user'] . '" /></dd>
+	</dl>
+	<dl>
+		<dt><label for="ldap_password">' . $user->lang['LDAP_PASSWORD'] . ':</label><br /><span>' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '</span></dt>
+		<dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" /></dd>
+	</dl>
 	<dl>
 		<dt><label for="ldap_dn">' . $user->lang['LDAP_DN'] . ':</label><br /><span>' . $user->lang['LDAP_DN_EXPLAIN'] . '</span></dt>
 		<dd><input type="text" id="ldap_dn" size="40" name="config[ldap_base_dn]" value="' . $new['ldap_base_dn'] . '" /></dd>
@@ -238,7 +262,7 @@ function acp_ldap(&$new)
 	// These are fields required in the config table
 	return array(
 		'tpl'		=> $tpl,
-		'config'	=> array('ldap_server', 'ldap_base_dn', 'ldap_uid', 'ldap_email')
+		'config'	=> array('ldap_server', 'ldap_user', 'ldap_password', 'ldap_base_dn', 'ldap_uid', 'ldap_email')
 	);
 }
 
-- 
cgit v1.2.1