tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2011-06-01 Ramon Novoa <rnovoa@artica.es> 

* include/auth/mysql.php: Do not allow empty passwords when
	  authenticating against an LDAP server.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@4396 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
ramonn 2011-06-01 10:51:53 +00:00
parent 38b29ecbbc
commit 4020308dda
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pandora_console/ChangeLog
View File

@ -1,3 +1,8 @@
2011-06-01 Ramon Novoa <rnovoa@artica.es>
* include/auth/mysql.php: Do not allow empty passwords when
authenticating against an LDAP server.
2011-06-01 Javier Lanz <javier.lanz@artica.es> 2011-06-01 Javier Lanz <javier.lanz@artica.es>
* include/functions_graph.php: Fixed a deprecated function call * include/functions_graph.php: Fixed a deprecated function call

2
pandora_console/include/auth/mysql.php
View File

@ -423,7 +423,7 @@ function ldap_process_user_login ($login, $password) {
} }
} }
if (!@ldap_bind ($ds, $config["ldap_login_attr"]."=".$login.",".$config["ldap_base_dn"], $password)) { if (strlen($password) == 0 || !@ldap_bind ($ds, $config["ldap_login_attr"]."=".$login.",".$config["ldap_base_dn"], $password)) {
$config["auth_error"] = 'User not found in database or incorrect password'; $config["auth_error"] = 'User not found in database or incorrect password';
@ldap_close ($ds); @ldap_close ($ds);
return false; return false;