|
From: Luis M <le...@us...> - 2004-10-29 21:45:39
|
Update of /cvsroot/phpslash/phpslash-dev/include/modules/auth/authtypes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv27201 Modified Files: slashAuthLDAP.class Log Message: psl_preauth() works flawlessly now. problem was md5()'ing password before saveAuthor(), which essentially will md5() password again in the form: username:md5_password :-) ... talk about recursion... Index: slashAuthLDAP.class =================================================================== RCS file: /cvsroot/phpslash/phpslash-dev/include/modules/auth/authtypes/slashAuthLDAP.class,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** slashAuthLDAP.class 29 Oct 2004 18:44:53 -0000 1.9 --- slashAuthLDAP.class 29 Oct 2004 21:45:29 -0000 1.10 *************** *** 32,35 **** --- 32,36 ---- * @param $password plain text password * @param $user_info array that holds metadata like md5 user/pass combo + * @return $user_info if true, false if fails * * TODO Should psl_preauth make sure that $username exists in LDAP *************** *** 48,71 **** return false; } - $is_user = false; - // generate the expected response ! $md5_pw = $user_info['password']; // this is the raw MD5ed user/pass combo ! ! /** FIXME at this point i could simply match: md5_pw with md5(username:password)... */ $expected_response = md5("$md5_pw:$challenge"); $response = $this->psl_passwd($username,$password,$challenge); ! // compare the responses ! debug("responses","$expected_response == $response"); ! if ($expected_response == $response) { // success ! $is_user = true; } else { $this->auth["error"] = pslgetText("LDAP preauthentication failed."); } ! debug("return",$is_user); ! return $is_user; } --- 49,70 ---- return false; } // generate the expected response ! $ary = $this->get_psluser_info($username); /* queries sql for password */ ! $md5_pw = $ary['password']; // md5(username:password) in sql db ! //debug("responses","MD5 with no challenge: $md5_pw"); $expected_response = md5("$md5_pw:$challenge"); $response = $this->psl_passwd($username,$password,$challenge); ! //debug("responses","MD5 pass no challenge: ".$this->psl_passwd($username,$password)); ! // compare the responses ! debug("responses","expected: $expected_response == response: $response"); ! if ( $expected_response == $response ) { // success ! return $user_info; } else { $this->auth["error"] = pslgetText("LDAP preauthentication failed."); } ! return false; } *************** *** 186,190 **** $ary['author_name'] = $username; $ary['author_realname'] = $username; /* TODO get cn from LDAP */ ! $ary['password'] = $this->psl_passwd($username,$password); /** permissions TODO ask if this is right way? */ $perms = array('nobody'=>20,'user'=>21); --- 185,190 ---- $ary['author_name'] = $username; $ary['author_realname'] = $username; /* TODO get cn from LDAP */ ! $ary['password'] = $password; ! debug("password","old: $password. new: ".$ary['password']); /** permissions TODO ask if this is right way? */ $perms = array('nobody'=>20,'user'=>21); *************** *** 194,198 **** /** loads $this->ary with whatever is needed to allow propper authentication @see slashAuth::load_user_info() */ ! $this->load_user_info($ary); } else { debug("user","Could not register authenticated user in SQL db"); --- 194,199 ---- /** loads $this->ary with whatever is needed to allow propper authentication @see slashAuth::load_user_info() */ ! $new_info = $this->load_user_info($ary); ! debug("new_info",$new_info); } else { debug("user","Could not register authenticated user in SQL db"); |
