2011-06-01 Ramon Novoa <rnovoa@artica.es>

* include/auth/mysql.php: Do not allow empty passwords when
	  authenticating against an LDAP server.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@4396 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
ramonn 2011-06-01 10:51:53 +00:00
parent 38b29ecbbc
commit 4020308dda
2 changed files with 6 additions and 1 deletions

View File

@ -1,3 +1,8 @@
2011-06-01 Ramon Novoa <rnovoa@artica.es>
* include/auth/mysql.php: Do not allow empty passwords when
authenticating against an LDAP server.
2011-06-01 Javier Lanz <javier.lanz@artica.es>
* include/functions_graph.php: Fixed a deprecated function call

View File

@ -423,7 +423,7 @@ function ldap_process_user_login ($login, $password) {
}
}
if (!@ldap_bind ($ds, $config["ldap_login_attr"]."=".$login.",".$config["ldap_base_dn"], $password)) {
if (strlen($password) == 0 || !@ldap_bind ($ds, $config["ldap_login_attr"]."=".$login.",".$config["ldap_base_dn"], $password)) {
$config["auth_error"] = 'User not found in database or incorrect password';
@ldap_close ($ds);
return false;