2011-06-01 Ramon Novoa <rnovoa@artica.es>
* include/auth/mysql.php: Do not allow empty passwords when authenticating against an LDAP server. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@4396 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
parent
38b29ecbbc
commit
4020308dda
|
@ -1,3 +1,8 @@
|
|||
2011-06-01 Ramon Novoa <rnovoa@artica.es>
|
||||
|
||||
* include/auth/mysql.php: Do not allow empty passwords when
|
||||
authenticating against an LDAP server.
|
||||
|
||||
2011-06-01 Javier Lanz <javier.lanz@artica.es>
|
||||
|
||||
* include/functions_graph.php: Fixed a deprecated function call
|
||||
|
|
|
@ -423,7 +423,7 @@ function ldap_process_user_login ($login, $password) {
|
|||
}
|
||||
}
|
||||
|
||||
if (!@ldap_bind ($ds, $config["ldap_login_attr"]."=".$login.",".$config["ldap_base_dn"], $password)) {
|
||||
if (strlen($password) == 0 || !@ldap_bind ($ds, $config["ldap_login_attr"]."=".$login.",".$config["ldap_base_dn"], $password)) {
|
||||
$config["auth_error"] = 'User not found in database or incorrect password';
|
||||
@ldap_close ($ds);
|
||||
return false;
|
||||
|
|
Loading…
Reference in New Issue