mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-28 06:08:52 +00:00
- Added init_{$auth_plugin} function which can be used to test a connection to the authentication system before actually saving the new configuration. This will hopefully stop people from locking themselves out by using an authentication system that they cannot connect to.
git-svn-id: file:///svn/phpbb/trunk@5653 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Nils Adermann
parent
9f7bc93125
commit
957502a28b
3 changed files with 88 additions and 7 deletions
|
|
@ -282,6 +282,11 @@ class acp_board
|
|||
continue;
|
||||
}
|
||||
|
||||
if ($config_name == 'auth_method')
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
$config_value = $cfg_array[$config_name];
|
||||
$this->new_config[$config_name] = $config_value;
|
||||
|
||||
|
|
@ -313,6 +318,8 @@ class acp_board
|
|||
|
||||
sort($auth_plugins);
|
||||
|
||||
$updated_auth_settings = false;
|
||||
$old_auth_config = array();
|
||||
foreach ($auth_plugins as $method)
|
||||
{
|
||||
if ($method && file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
|
||||
|
|
@ -337,11 +344,13 @@ class acp_board
|
|||
continue;
|
||||
}
|
||||
|
||||
$old_auth_config[$field] = $this->new_config[$field];
|
||||
$config_value = $cfg_array[$field];
|
||||
$this->new_config[$field] = $config_value;
|
||||
|
||||
if ($submit)
|
||||
{
|
||||
$updated_auth_settings = true;
|
||||
set_config($field, $config_value);
|
||||
}
|
||||
}
|
||||
|
|
@ -350,6 +359,33 @@ class acp_board
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($submit && (($cfg_array['auth_method'] != $this->new_config['auth_method']) || $updated_auth_settings))
|
||||
{
|
||||
$method = $cfg_array['auth_method'];
|
||||
if ($method && in_array($method, $auth_plugins))
|
||||
{
|
||||
include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
|
||||
|
||||
$method = 'init_' . $method;
|
||||
if (function_exists($method))
|
||||
{
|
||||
if (($error = $method()) == true)
|
||||
{
|
||||
foreach ($old_auth_config as $config_name => $config_value)
|
||||
{
|
||||
set_config($config_name, $config_value);
|
||||
}
|
||||
trigger_error($error . adm_back_link($this->u_action));
|
||||
}
|
||||
}
|
||||
set_config('auth_method', $cfg_array['auth_method']);
|
||||
}
|
||||
else
|
||||
{
|
||||
trigger_error('NO_AUTH_PLUGIN');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($submit)
|
||||
|
|
|
|||
|
|
@ -19,6 +19,48 @@
|
|||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* Only allow changing authentication to ldap if we can connect to the ldap server
|
||||
*/
|
||||
function init_ldap()
|
||||
{
|
||||
global $config, $user;
|
||||
|
||||
if (!extension_loaded('ldap'))
|
||||
{
|
||||
return $user->lang['LDAP_NO_LDAP_EXTENSION'];
|
||||
}
|
||||
|
||||
if (!($ldap = @ldap_connect($config['ldap_server'])))
|
||||
{
|
||||
return $user->lang['LDAP_NO_SERVER_CONNECTION'];
|
||||
}
|
||||
|
||||
@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
|
||||
// We'll get a notice here that we don't want, if we cannot connect to the server.
|
||||
// ldap_connect only checks whether the specified server is valid, so the connection might still fail
|
||||
ob_start();
|
||||
|
||||
$search = @ldap_search($ldap, $config['ldap_base_dn'], $config['ldap_uid'] . '=' . $user->data['username'], array($config['ldap_uid']));
|
||||
|
||||
if (ob_get_clean())
|
||||
{
|
||||
return $user->lang['LDAP_NO_SERVER_CONNECTION'];
|
||||
}
|
||||
|
||||
$result = @ldap_get_entries($ldap, $search);
|
||||
|
||||
@ldap_close($ldap);
|
||||
|
||||
if (is_array($result) && sizeof($result) > 1)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']);
|
||||
}
|
||||
|
||||
/**
|
||||
* Login function
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -309,10 +309,13 @@ $lang = array_merge($lang, array(
|
|||
$lang = array_merge($lang, array(
|
||||
'ACP_AUTH_SETTINGS_EXPLAIN' => 'phpBB2 supports authentication plug-ins, or modules. These allow you determine how users are authenticated when they log into the board. By default three plug-ins are provided; DB, LDAP and Apache. Not all methods require additional information so only fill out fields if they are relevant to the selected method.',
|
||||
'AUTH_METHOD' => 'Select an authentication method',
|
||||
'LDAP_SERVER' => 'LDAP server name',
|
||||
'LDAP_SERVER_EXPLAIN' => 'If using LDAP this is the name or IP address of the server.',
|
||||
'LDAP_NO_IDENTITY' => 'Could not find a login identity for %s',
|
||||
'LDAP_NO_LDAP_EXTENSION' => 'LDAP extension not availible',
|
||||
'LDAP_NO_SERVER_CONNECTION' => 'Could not connect to LDAP server',
|
||||
'LDAP_DN' => 'LDAP base dn',
|
||||
'LDAP_DN_EXPLAIN' => 'This is the Distinguished Name, locating the user information, e.g. o=My Company,c=US',
|
||||
'LDAP_SERVER' => 'LDAP server name',
|
||||
'LDAP_SERVER_EXPLAIN' => 'If using LDAP this is the name or IP address of the server.',
|
||||
'LDAP_UID' => 'LDAP uid',
|
||||
'LDAP_UID_EXPLAIN' => 'This is the key under which to search for a given login identity, e.g. uid, sn, etc.',
|
||||
));
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue