phpBB

Code Changes

File: phpbb/auth/provider/ldap.php

  Unmodified   Added   Modified   Removed
Line 1Line 1
<?php

<?php

 


/**
*
* This file is part of the phpBB Forum Software package.

/**
*
* This file is part of the phpBB Forum Software package.

Line 12Line 13
*/

namespace phpbb\auth\provider;

*/

namespace phpbb\auth\provider;

 

use phpbb\config\config;
use phpbb\db\driver\driver_interface;
use phpbb\language\language;
use phpbb\user;


/**
* Database authentication provider for phpBB3
* This is for authentication via the integrated user table
*/


/**
* Database authentication provider for phpBB3
* This is for authentication via the integrated user table
*/

class ldap extends \phpbb\auth\provider\base

class ldap extends base

{

{

	/**
* phpBB passwords manager
*
* @var \phpbb\passwords\manager
*/
protected $passwords_manager;






	/** @var config phpBB config */
protected $config;

/** @var driver_interface DBAL driver interface */
protected $db;

/** @var language phpBB language class */
protected $language;

/** @var user phpBB user */
protected $user;


/**
* LDAP Authentication Constructor
*


/**
* LDAP Authentication Constructor
*

	 * @param	\phpbb\db\driver\driver_interface		$db		Database object
* @param \phpbb\config\config $config Config object
* @param \phpbb\passwords\manager $passwords_manager Passwords manager object
* @param \phpbb\user $user User object

	 * @param	config				$config		Config object
* @param driver_interface $db DBAL driver interface
* @param language $language Language object
* @param user $user User object

	 */

	 */

	public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\user $user)

	public function __construct(config $config, driver_interface $db, language $language, user $user)

	{

	{

		$this->db = $db;

 
		$this->config = $config;

		$this->config = $config;

		$this->passwords_manager = $passwords_manager;


		$this->db = $db;
$this->language = $language;

		$this->user = $user;
}


		$this->user = $user;
}


Line 49Line 60
	{
if (!@extension_loaded('ldap'))
{

	{
if (!@extension_loaded('ldap'))
{

			return $this->user->lang['LDAP_NO_LDAP_EXTENSION'];

			return $this->language->lang('LDAP_NO_LDAP_EXTENSION');

		}

$this->config['ldap_port'] = (int) $this->config['ldap_port'];

		}

$this->config['ldap_port'] = (int) $this->config['ldap_port'];

Line 64Line 75

if (!$ldap)
{


if (!$ldap)
{

			return $this->user->lang['LDAP_NO_SERVER_CONNECTION'];

			return $this->language->lang('LDAP_NO_SERVER_CONNECTION');

		}

@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);

		}

@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);

Line 72Line 83

if ($this->config['ldap_user'] || $this->config['ldap_password'])
{


if ($this->config['ldap_user'] || $this->config['ldap_password'])
{

			if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password'])))

			if (!@ldap_bind($ldap, html_entity_decode($this->config['ldap_user'], ENT_COMPAT), html_entity_decode($this->config['ldap_password'], ENT_COMPAT)))

			{

			{

				return $this->user->lang['LDAP_INCORRECT_USER_PASSWORD'];

				return $this->language->lang('LDAP_INCORRECT_USER_PASSWORD');

			}
}

// ldap_connect only checks whether the specified server is valid, so the connection might still fail
$search = @ldap_search(
$ldap,

			}
}

// ldap_connect only checks whether the specified server is valid, so the connection might still fail
$search = @ldap_search(
$ldap,

			htmlspecialchars_decode($this->config['ldap_base_dn']),

			html_entity_decode($this->config['ldap_base_dn'], ENT_COMPAT),

			$this->ldap_user_filter($this->user->data['username']),
(empty($this->config['ldap_email'])) ?

			$this->ldap_user_filter($this->user->data['username']),
(empty($this->config['ldap_email'])) ?

				array(htmlspecialchars_decode($this->config['ldap_uid'])) :
array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])),

				array(html_entity_decode($this->config['ldap_uid'], ENT_COMPAT)) :
array(html_entity_decode($this->config['ldap_uid'], ENT_COMPAT), html_entity_decode($this->config['ldap_email'], ENT_COMPAT)),

			0,
1
);

if ($search === false)
{

			0,
1
);

if ($search === false)
{

			return $this->user->lang['LDAP_SEARCH_FAILED'];

			return $this->language->lang('LDAP_SEARCH_FAILED');

		}

$result = @ldap_get_entries($ldap, $search);

		}

$result = @ldap_get_entries($ldap, $search);

Line 101Line 112

if (!is_array($result) || count($result) < 2)
{


if (!is_array($result) || count($result) < 2)
{

			return sprintf($this->user->lang['LDAP_NO_IDENTITY'], $this->user->data['username']);

			return $this->language->lang('LDAP_NO_IDENTITY', $this->user->data['username']);

		}


		}


		if (!empty($this->config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($this->config['ldap_email'])]))

		if (!empty($this->config['ldap_email']) && !isset($result[0][html_entity_decode($this->config['ldap_email'])]))

		{

		{

			return $this->user->lang['LDAP_NO_EMAIL'];

			return $this->language->lang('LDAP_NO_EMAIL');

		}

return false;

		}

return false;

Line 169Line 180

if ($this->config['ldap_user'] || $this->config['ldap_password'])
{


if ($this->config['ldap_user'] || $this->config['ldap_password'])
{

			if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password'])))

			if (!@ldap_bind($ldap, html_entity_decode($this->config['ldap_user'], ENT_COMPAT), html_entity_decode($this->config['ldap_password'], ENT_COMPAT)))

			{
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,

			{
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,

Line 181Line 192

$search = @ldap_search(
$ldap,


$search = @ldap_search(
$ldap,

			htmlspecialchars_decode($this->config['ldap_base_dn']),

			html_entity_decode($this->config['ldap_base_dn'], ENT_COMPAT),

			$this->ldap_user_filter($username),
(empty($this->config['ldap_email'])) ?

			$this->ldap_user_filter($username),
(empty($this->config['ldap_email'])) ?

				array(htmlspecialchars_decode($this->config['ldap_uid'])) :
array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])),

				array(html_entity_decode($this->config['ldap_uid'], ENT_COMPAT)) :
array(html_entity_decode($this->config['ldap_uid'], ENT_COMPAT), html_entity_decode($this->config['ldap_email'], ENT_COMPAT)),

			0,
1
);

			0,
1
);

Line 194Line 205

if (is_array($ldap_result) && count($ldap_result) > 1)
{


if (is_array($ldap_result) && count($ldap_result) > 1)
{

			if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password)))

			if (@ldap_bind($ldap, $ldap_result[0]['dn'], html_entity_decode($password, ENT_COMPAT)))

			{
@ldap_close($ldap);


			{
@ldap_close($ldap);


Line 245Line 256
					// generate user account data
$ldap_user_row = array(
'username' => $username,

					// generate user account data
$ldap_user_row = array(
'username' => $username,

						'user_password'	=> $this->passwords_manager->hash($password),
'user_email' => (!empty($this->config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($this->config['ldap_email'])][0]) : '',

						'user_password'	=> '',
'user_email' => (!empty($this->config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][html_entity_decode($this->config['ldap_email'], ENT_COMPAT)][0]) : '',

						'group_id'		=> (int) $row['group_id'],
'user_type' => USER_NORMAL,
'user_ip' => $this->user->ip,

						'group_id'		=> (int) $row['group_id'],
'user_type' => USER_NORMAL,
'user_ip' => $this->user->ip,

Line 326Line 337
	 */
private function ldap_user_filter($username)
{

	 */
private function ldap_user_filter($username)
{

		$filter = '(' . $this->config['ldap_uid'] . '=' . $this->ldap_escape(htmlspecialchars_decode($username)) . ')';

		$filter = '(' . $this->config['ldap_uid'] . '=' . $this->ldap_escape(html_entity_decode($username, ENT_COMPAT)) . ')';

		if ($this->config['ldap_user_filter'])
{
$_filter = ($this->config['ldap_user_filter'][0] == '(' && substr($this->config['ldap_user_filter'], -1) == ')') ? $this->config['ldap_user_filter'] : "({$this->config['ldap_user_filter']})";

		if ($this->config['ldap_user_filter'])
{
$_filter = ($this->config['ldap_user_filter'][0] == '(' && substr($this->config['ldap_user_filter'], -1) == ')') ? $this->config['ldap_user_filter'] : "({$this->config['ldap_user_filter']})";