Permalink
Browse files

Added logic to login() to prevent logging in with full name/e-mail/fi…

…rst name/last name. Only a Senate username is now allowed.
  • Loading branch information...
1 parent 8de073b commit 752909b936c309ea1179a9278f4dacdb28d3bcf6 @kzalewski kzalewski committed Mar 26, 2012
Showing with 27 additions and 5 deletions.
  1. +27 −5 public/stats/SenLDAP.class.php
@@ -34,8 +34,29 @@ function login($user, $pass, $host, $port = self::DEFAULT_LDAP_PORT, &$err)
$ldapBind = ldap_bind($conn, $user, $pass);
if (!$ldapBind) {
- //$err = "Unable to log in to LDAP server as user [$user].";
$err = "Wrong Username and/or Password.";
+ ldap_unbind($conn);
+ return false;
+ }
+
+ // Confirm that the provided username is truly a username.
+ $sr = ldap_search($conn, '', "uid=$user", array('uid'));
+ if (!$sr) {
+ $err = "Unable to validate username.";
+ ldap_unbind($conn);
+ return false;
+ }
+
+ $ent = ldap_get_entries($conn, $sr);
+ if ($ent['count'] == 0) {
+ $err = "Login [$user] is not a valid username.";
+ ldap_unbind($conn);
+ return false;
+ }
+
+ if ($ent[0]['uid'][0] != $user) {
+ $err = "Provided username does not match looked-up username.";
+ $ldap_unbind($conn);
return false;
}
@@ -62,27 +83,28 @@ function logout()
function getGroups()
{
+ $conn = $this->ldapConn;
$dn = '';
$filter = '(uid='.$this->ldapUser.')';
$attr = array("gidnumber");
- $sr = ldap_search($this->ldapConn, $dn, $filter, $attr);
+ $sr = ldap_search($conn, $dn, $filter, $attr);
if (!$sr) {
echo "ldap_search() failed\n";
return null;
}
//Gets the entries and reads their length. Each array starts with a
//namespace and then gives the data, hence the -1 to move the cursor up one
- $entries = ldap_get_entries($this->ldapConn, $sr);
+ $entries = ldap_get_entries($conn, $sr);
$gidarray = $entries[0]['gidnumber'];
$gidcount = $gidarray['count'];
$attr = array("displayname");
$groupNames = array();
for ($i = 0; $i < $gidcount; $i++) {
$filter = '(&(objectClass=groupOfNames)(gidnumber='.$gidarray[$i].'))';
- $sr = ldap_search($this->ldapConn, $dn, $filter, $attr);
- $groupEntry = ldap_get_entries($this->ldapConn, $sr);
+ $sr = ldap_search($conn, $dn, $filter, $attr);
+ $groupEntry = ldap_get_entries($conn, $sr);
$groupNames[] = $groupEntry[0]['displayname'][0];
}
return $groupNames;

0 comments on commit 752909b

Please sign in to comment.