Menu
▾
▴
[Wpmu-ldap-commits] SF.net SVN: wpmu-ldap:[114] trunk
|
From: <axe...@us...> - 2010-06-20 05:26:34
|
Revision: 114
http://wpmu-ldap.svn.sourceforge.net/wpmu-ldap/?rev=114&view=rev
Author: axelseaa
Date: 2010-06-20 05:26:28 +0000 (Sun, 20 Jun 2010)
Log Message:
-----------
fix for bug #3017995 - new catches to properly allow for account switching between ldap and local authentication sources
Modified Paths:
--------------
trunk/ldap/lib/wpmu_ldap.functions.php
trunk/ldap_auth.php
Modified: trunk/ldap/lib/wpmu_ldap.functions.php
===================================================================
--- trunk/ldap/lib/wpmu_ldap.functions.php 2010-06-18 12:05:40 UTC (rev 113)
+++ trunk/ldap/lib/wpmu_ldap.functions.php 2010-06-20 05:26:28 UTC (rev 114)
@@ -90,6 +90,17 @@
function wpmuLdapAuthenticate($ldapString, $loginUserName, $loginPassword) {
$errors = new WP_Error;
+ // Check that user is not flagged as a ldap account
+ require ( ABSPATH . WPINC . '/registration.php' );
+ if ( username_exists($loginUserName) ) {
+ $loginObj = get_userdatabylogin($loginUserName);
+ $ldapMeta = get_usermeta($loginObj->ID,'ldap_login');
+ if ($ldapMeta != 'true') {
+ $errors->add('invalid_userpass', __('<strong>ERROR</strong>: Wrong username / password combination. LDAP Access Denied.'));
+ return array('result' => false,'errors' => $errors);
+ }
+ }
+
$server = new LDAP_ro($ldapString);
if (LDAP_DEBUG_MODE) {
echo "DEBUG: Attempting to authenticate user: $loginUserName<br/>";
@@ -163,8 +174,7 @@
}
// otherwise, the account *does* exist already, so just get the account info
- else
- $loginObj = get_userdatabylogin($loginUserName);
+ else $loginObj = get_userdatabylogin($loginUserName);
// At this point we must have a login object, but just in case something went wrong
if (!$loginObj) {
@@ -306,7 +316,7 @@
function wpmuLdapUsernamePasswordAuthenticate($user, $username, $password) {
if ( is_a($user, 'WP_User') ) return $user;
-
+
// check that username and password are not empty
if ( (empty($username) || empty($password)) ) {
return $user; // probably an WP_Error object, set in "wp_authenticate_username_password()"
@@ -314,7 +324,7 @@
// setup ldap string
$ldapString = wpmuSetupLdapOptions();
-
+
// Authenticate via LDAP, potentially creating a WP user
$ldapauthresult = wpmuLdapAuthenticate($ldapString, $username, $password);
@@ -324,6 +334,13 @@
return $ldapauthresult['errors'];
}
}
+
+function wpmuLdapCheckLdapMeta($userdata) {
+ $ldapMeta = get_usermeta($userdata->ID,'ldap_login');
+ if (isset($ldapMeta) && $ldapMeta == 'true')
+ return new WP_Error('invalid_userpass', __('<strong>ERROR</strong>: Wrong username / password combination. Local Access Denied.'));
+ return $userdata;
+}
function wpmuLdapSSOAuthenticate($user, $username, $password) {
if ( is_a($user, 'WP_User') ) return $user;
Modified: trunk/ldap_auth.php
===================================================================
--- trunk/ldap_auth.php 2010-06-18 12:05:40 UTC (rev 113)
+++ trunk/ldap_auth.php 2010-06-20 05:26:28 UTC (rev 114)
@@ -50,6 +50,7 @@
// Authentication filters
add_action('authenticate', 'wpmuLdapUsernamePasswordAuthenticate', 25, 3);
+ add_filter('wp_authenticate_user', 'wpmuLdapCheckLdapMeta'); //disabled local login if ldap meta flag is set
if (get_site_option('ldapSSOEnabled')) add_action('authenticate', 'wpmuLdapSSOAuthenticate', 40, 3);
// disable only for ldap accounts
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
