[Openupload-svn-update] SF.net SVN: openupload:[336] trunk/lib/modules/auth/ldap.inc.php

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 336
          http://openupload.svn.sourceforge.net/openupload/?rev=336&view=rev
Author:   tsdogs
Date:     2009-08-27 16:19:45 +0000 (Thu, 27 Aug 2009)

Log Message:
-----------
fix AD strange behavier with empty passwords.

Modified Paths:
--------------
    trunk/lib/modules/auth/ldap.inc.php

Modified: trunk/lib/modules/auth/ldap.inc.php
===================================================================

--- trunk/lib/modules/auth/ldap.inc.php	2009-08-27 16:18:47 UTC (rev 335)
+++ trunk/lib/modules/auth/ldap.inc.php	2009-08-27 16:19:45 UTC (rev 336)
@@ -28,7 +28,6 @@
 
   function disconnect() {
     @ldap_unbind($this->ds);
-    @ldap_close($this->ds);
   }
 
   function bind() {
@@ -38,18 +37,24 @@
   }
 
   function authenticate($login,$password) {
+    $result = false;
+    /* just to be sure */
+    $this->disconnect();
     if ($this->connect()) {
       if ($this->config['type'] != 'AD') {
         $uid = $this->ufield.'='.$login.','.$this->config['userdn'];
       } else {
         $uid = $login.'@'.$this->config['domain'];
       }
-      if (@ldap_bind($this->ds, $uid, $password)) {
-        return true;
+      if ($uid!=NULL and $password!=NULL) {
+        /* prevent injection (?), and special chars, thanks to Jason Weir */
+        if (@ldap_bind($this->ds, $uid, $password)===TRUE) {
+          $result = true;
+        }
       }
       $this->disconnect();
     }
-    return false;
+    return $result;
   }
 
   function userinfo($login) {


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


