From 957502a28b1d2afec74cad30731dc2ee101cafe3 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Sat, 18 Mar 2006 16:19:18 +0000 Subject: - Added init_{$auth_plugin} function which can be used to test a connection to the authentication system before actually saving the new configuration. This will hopefully stop people from locking themselves out by using an authentication system that they cannot connect to. git-svn-id: file:///svn/phpbb/trunk@5653 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/acp/acp_board.php | 36 +++++++++++++++++++++++++++++++++ phpBB/includes/auth/auth_ldap.php | 42 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index d39316226b..cc5b316a09 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -282,6 +282,11 @@ class acp_board continue; } + if ($config_name == 'auth_method') + { + continue; + } + $config_value = $cfg_array[$config_name]; $this->new_config[$config_name] = $config_value; @@ -313,6 +318,8 @@ class acp_board sort($auth_plugins); + $updated_auth_settings = false; + $old_auth_config = array(); foreach ($auth_plugins as $method) { if ($method && file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx)) @@ -337,11 +344,13 @@ class acp_board continue; } + $old_auth_config[$field] = $this->new_config[$field]; $config_value = $cfg_array[$field]; $this->new_config[$field] = $config_value; if ($submit) { + $updated_auth_settings = true; set_config($field, $config_value); } } @@ -350,6 +359,33 @@ class acp_board } } } + + if ($submit && (($cfg_array['auth_method'] != $this->new_config['auth_method']) || $updated_auth_settings)) + { + $method = $cfg_array['auth_method']; + if ($method && in_array($method, $auth_plugins)) + { + include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); + + $method = 'init_' . $method; + if (function_exists($method)) + { + if (($error = $method()) == true) + { + foreach ($old_auth_config as $config_name => $config_value) + { + set_config($config_name, $config_value); + } + trigger_error($error . adm_back_link($this->u_action)); + } + } + set_config('auth_method', $cfg_array['auth_method']); + } + else + { + trigger_error('NO_AUTH_PLUGIN'); + } + } } if ($submit) diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index 2eedd5a17b..17c29cc5e6 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -19,6 +19,48 @@ * */ +/** +* Only allow changing authentication to ldap if we can connect to the ldap server +*/ +function init_ldap() +{ + global $config, $user; + + if (!extension_loaded('ldap')) + { + return $user->lang['LDAP_NO_LDAP_EXTENSION']; + } + + if (!($ldap = @ldap_connect($config['ldap_server']))) + { + return $user->lang['LDAP_NO_SERVER_CONNECTION']; + } + + @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); + + // We'll get a notice here that we don't want, if we cannot connect to the server. + // ldap_connect only checks whether the specified server is valid, so the connection might still fail + ob_start(); + + $search = @ldap_search($ldap, $config['ldap_base_dn'], $config['ldap_uid'] . '=' . $user->data['username'], array($config['ldap_uid'])); + + if (ob_get_clean()) + { + return $user->lang['LDAP_NO_SERVER_CONNECTION']; + } + + $result = @ldap_get_entries($ldap, $search); + + @ldap_close($ldap); + + if (is_array($result) && sizeof($result) > 1) + { + return false; + } + + return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']); +} + /** * Login function */ -- cgit v1.2.1