forked from extern/egroupware
- fixed handling of passwords with special chars
- made handling of empty passwords more obvious - fixed primary group to use negative group-id - patch 889: support other apache mod_auth_*
This commit is contained in:
parent
fddb756140
commit
48289a5fdd
@ -84,6 +84,11 @@
|
||||
|
||||
/* Program starts here */
|
||||
|
||||
// some apache mod_auth_* modules use REMOTE_USER instead of PHP_AUTH_USER, thanks to Sylvain Beucler
|
||||
if ($GLOBALS['egw_info']['server']['auth_type'] == 'http' && !isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['REMOTE_USER']))
|
||||
{
|
||||
$_SERVER['PHP_AUTH_USER'] = $_SERVER['REMOTE_USER'];
|
||||
}
|
||||
if($GLOBALS['egw_info']['server']['auth_type'] == 'http' && isset($_SERVER['PHP_AUTH_USER']))
|
||||
{
|
||||
$submit = True;
|
||||
@ -93,12 +98,12 @@
|
||||
}
|
||||
else
|
||||
{
|
||||
$passwd = $_POST['passwd'];
|
||||
$passwd = get_magic_quotes_gpc() ? stripslashes($_POST['passwd']) : $_POST['passwd'];
|
||||
$passwd_type = $_POST['passwd_type'];
|
||||
|
||||
if($GLOBALS['egw_info']['server']['allow_cookie_auth'])
|
||||
{
|
||||
$eGW_remember = explode('::::',stripslashes($_COOKIE['eGW_remember']));
|
||||
$eGW_remember = explode('::::',get_magic_quotes_gpc() ? stripslashes($_COOKIE['eGW_remember']) : $_COOKIE['eGW_remember']);
|
||||
|
||||
if($eGW_remember[0] && $eGW_remember[1] && $eGW_remember[2])
|
||||
{
|
||||
|
@ -38,10 +38,6 @@
|
||||
*/
|
||||
function authenticate($username, $passwd)
|
||||
{
|
||||
if (ereg('[()|&=*,<>!~]',$username))
|
||||
{
|
||||
return False;
|
||||
}
|
||||
// allow non-ascii in username & password
|
||||
$username = $GLOBALS['egw']->translation->convert($username,$GLOBALS['egw']->translation->charset(),'utf-8');
|
||||
$passwd = $GLOBALS['egw']->translation->convert($passwd,$GLOBALS['egw']->translation->charset(),'utf-8');
|
||||
@ -62,7 +58,7 @@
|
||||
$attributes = array('uid','dn','givenName','sn','mail','uidNumber','gidNumber','shadowExpire');
|
||||
|
||||
$filter = $GLOBALS['egw_info']['server']['ldap_search_filter'] ? $GLOBALS['egw_info']['server']['ldap_search_filter'] : '(uid=%user)';
|
||||
$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['egw_info']['user']['domain']),$filter);
|
||||
$filter = str_replace(array('%user','%domain'),array(ldap::quote($username),$GLOBALS['egw_info']['user']['domain']),$filter);
|
||||
|
||||
if ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap')
|
||||
{
|
||||
@ -84,16 +80,10 @@
|
||||
return false; // account is expired
|
||||
}
|
||||
$userDN = $allValues[0]['dn'];
|
||||
/*
|
||||
generate a bogus password to pass if the user doesn't give us one
|
||||
this gets around systems that are anonymous search enabled
|
||||
*/
|
||||
if (empty($passwd))
|
||||
{
|
||||
$passwd = crypt(microtime());
|
||||
}
|
||||
|
||||
// try to bind as the user with user suplied password
|
||||
if (@ldap_bind($ldap, $userDN, $passwd))
|
||||
// only if a non-empty password given, in case anonymous search is enabled
|
||||
if (!empty($passwd) && @ldap_bind($ldap, $userDN, $passwd))
|
||||
{
|
||||
if ($GLOBALS['egw_info']['server']['account_repository'] != 'ldap')
|
||||
{
|
||||
@ -106,12 +96,13 @@
|
||||
'sn' => 'lastname',
|
||||
'uidnumber' => 'account_id',
|
||||
'mail' => 'email',
|
||||
'gidnumber' => 'primary_group',
|
||||
) as $ldap_name => $acct_name)
|
||||
{
|
||||
$GLOBALS['auto_create_acct'][$acct_name] =
|
||||
$GLOBALS['egw']->translation->convert($allValues[0][$ldap_name][0],'utf-8');
|
||||
}
|
||||
// our group-ids are negative
|
||||
$GLOBALS['auto_create_acct']['primary_group'] = -$allValues[0]['gidnumber'][0];
|
||||
return True;
|
||||
}
|
||||
return ($id = $GLOBALS['egw']->accounts->name2id($username,'account_lid','u')) &&
|
||||
|
Loading…
Reference in New Issue
Block a user