#22 LDAP auth doesn't get password from cookie

open
nobody
None
5
2009-08-13
2009-08-13
Ian Catley
No

When using LDAP authentication, there is no account made of the fact that if the password is taken from the cookie due to session timeout, then it will already be encrypted.

Fix: ldap.inc.php; function password_check(...)

$ldap_pw = substr($accountInfo["userPassword"][0],7);
+ if ($password == $ldap_pw)
+ $cryptpw = $password;
+ else
$cryptpw = returnCryptPassword($password,$ldap_pw);

Discussion