gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2024-11-26 15:32:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

propperly check if user exists in database (Closes #388)

Browse Source
This commit is contained in:
Uwe Steinmann 2018-01-24 09:18:24 +01:00
parent 483272e32b
commit beb29ca34e
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
inc/inc.ClassLdapAuthentication.php
View File

@ -125,11 +125,15 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
/* No do the actual authentication of the user */ /* No do the actual authentication of the user */
$bind = @ldap_bind($ds, $dn, $password); $bind = @ldap_bind($ds, $dn, $password);
$user = $dms->getUserByLogin($username); $user = $dms->getUserByLogin($username);
if($user === false) {
ldap_close($ds);
return false;
}
if ($bind) { if ($bind) {
// Successfully authenticated. Now check to see if the user exists within // Successfully authenticated. Now check to see if the user exists within
// the database. If not, add them in if _restricted is not set, // the database. If not, add them in if _restricted is not set,
// but do not add their password. // but do not add their password.
if (is_bool($user) && !$settings->_restricted) { if (is_null($user) && !$settings->_restricted) {
// Retrieve the user's LDAP information. // Retrieve the user's LDAP information.
if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) { if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) {
$search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$username.")".$settings->_ldapFilter.")"); $search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$username.")".$settings->_ldapFilter.")");