Attached Files | bug1047.patch [^] (10,155 bytes) 2010-01-20 20:55 [Show Content] [Hide Content]--- functions.inc.php 2009-10-24 12:59:42.055547388 +0100
+++ functions.inc.php 2010-01-20 20:48:11.411473429 +0000
@@ -149,73 +149,80 @@
{
global $CONFIG;
$toReturn = false;
-
- $sql = "SELECT id, password, status, user_source FROM `{$GLOBALS['dbUsers']}` WHERE username = '{$username}'";
- $result = mysql_query($sql);
- if (mysql_error()) trigger_error(mysql_error(),E_USER_WARNING);
- if (mysql_num_rows($result) == 1)
- {
- // Exist in SiT DB
- $obj = mysql_fetch_object($result);
- if ($obj->user_source == 'sit')
- {
- if (md5($password) == $obj->password AND $obj->status != 0) $toReturn = true;
- else $toReturn = false;
- }
- elseif ($obj->user_source == 'ldap')
- {
- // Auth against LDAP and sync
- $toReturn = authenticateLDAP($username, $password, $obj->id);
- if ($toReturn === -1)
- {
- // Communication with LDAP server failed
- if ($CONFIG['ldap_allow_cached_password'])
- {
- // Use cached password
- if (md5($password) == $obj->password AND $obj->status != 0) $toReturn = true;
- else $toReturn = false;
- }
- else
- {
- $toReturn = false;
- }
- }
- elseif ($toReturn)
- {
- $toReturn = true;
- }
- else
- {
- $toReturn = false;
- }
- }
- }
- elseif (mysql_num_rows($result) > 1)
+
+ if (!empty($username) AND !empty($password))
{
- // Multiple this should NEVER happen
- trigger_error("Username not unique", E_USER_ERROR);
- $toReturn = false;
+ $sql = "SELECT id, password, status, user_source FROM `{$GLOBALS['dbUsers']}` WHERE username = '{$username}'";
+ $result = mysql_query($sql);
+ if (mysql_error()) trigger_error(mysql_error(),E_USER_WARNING);
+ if (mysql_num_rows($result) == 1)
+ {
+ // Exist in SiT DB
+ $obj = mysql_fetch_object($result);
+ if ($obj->user_source == 'sit')
+ {
+ if (md5($password) == $obj->password AND $obj->status != 0) $toReturn = true;
+ else $toReturn = false;
+ }
+ elseif ($obj->user_source == 'ldap')
+ {
+ // Auth against LDAP and sync
+ $toReturn = authenticateLDAP($username, $password, $obj->id);
+ if ($toReturn === -1)
+ {
+ // Communication with LDAP server failed
+ if ($CONFIG['ldap_allow_cached_password'])
+ {
+ // Use cached password
+ if (md5($password) == $obj->password AND $obj->status != 0) $toReturn = true;
+ else $toReturn = false;
+ }
+ else
+ {
+ $toReturn = false;
+ }
+ }
+ elseif ($toReturn)
+ {
+ $toReturn = true;
+ }
+ else
+ {
+ $toReturn = false;
+ }
+ }
+ }
+ elseif (mysql_num_rows($result) > 1)
+ {
+ // Multiple this should NEVER happen
+ trigger_error("Username not unique", E_USER_ERROR);
+ $toReturn = false;
+ }
+ else
+ {
+ // Don't exist, check LDAP etc
+ if ($CONFIG['use_ldap'])
+ {
+ $toReturn = authenticateLDAP($username, $password);
+ if ($toReturn === -1) $toReturn = false;
+ }
+ }
+
+ if ($toReturn)
+ {
+ journal(CFG_LOGGING_MAX,'User Authenticated',"{$username} authenticated from " . getenv('REMOTE_ADDR'),CFG_JOURNAL_LOGIN,0);
+ debug_log ("Authenticate: User authenticated",TRUE);
+ }
+ else
+ {
+ debug_log ("authenticate: User NOT authenticated",TRUE);
+ }
}
else
{
- // Don't exist, check LDAP etc
- if ($CONFIG['use_ldap'])
- {
- $toReturn = authenticateLDAP($username, $password);
- if ($toReturn === -1) $toReturn = false;
- }
- }
-
- if ($toReturn)
- {
- journal(CFG_LOGGING_MAX,'User Authenticated',"{$username} authenticated from " . getenv('REMOTE_ADDR'),CFG_JOURNAL_LOGIN,0);
- debug_log ("Authenticate: User authenticated",TRUE);
- }
- else
- {
- debug_log ("authenticate: User NOT authenticated",TRUE);
+ debug_log ("Blank username or password for user thus denying access");
+ $toReturn = false;
}
-
return $toReturn;
}
@@ -227,72 +234,80 @@
global $CONFIG;
$toReturn = false;
- $sql = "SELECT id, password, contact_source, active FROM `{$GLOBALS['dbContacts']}` WHERE username = '{$username}'";
- $result = mysql_query($sql);
- if (mysql_error()) trigger_error(mysql_error(),E_USER_WARNING);
- if (mysql_num_rows($result) == 1)
+ if (!empty($username) AND !empty($password))
{
- debug_log ("Authenticate: Just one contact in db");
- // Exists in SiT DB
- $obj = mysql_fetch_object($result);
- if ($obj->contact_source == 'sit')
- {
- if ((md5($password) == $obj->password OR $password == $obj->password) AND $obj->active == 'true') $toReturn = true;
- else $toReturn = false;
- }
- elseif ($obj->contact_source == 'ldap')
- {
- // Auth against LDAP and sync
- $toReturn = authenticateLDAP($username, $password, $obj->id, false);
- if ($toReturn === -1)
- {
- // Communication with LDAP server failed
- if ($CONFIG['ldap_allow_cached_password'])
- {
- debug_log ("LDAP connection failed, using cached password");
- // Use cached password
- if ((md5($password) == $obj->password OR $password == $obj->password) AND $obj->active == 'true') $toReturn = true;
- else $toReturn = false;
- debug_log ("Cached contact {$toReturn} {$password}");
-
- }
- else
- {
- debug_log ("Cached passwords are not enabled");
- $toReturn = false;
- }
- }
- elseif ($toReturn)
- {
- $toReturn = true;
- }
- else
- {
- $toReturn = false;
- }
- }
- else
- {
- debug_log ("Source SOMETHING ELSE this shouldn't happen'");
- $toReturn = false;
- }
- }
- elseif (mysql_num_rows($result) > 1)
- {
- debug_log ("Multiple");
- // Multiple this should NEVER happen
- trigger_error($GLOBALS['strUsernameNotUnique'], E_USER_ERROR);
- $toReturn = false;
+ $sql = "SELECT id, password, contact_source, active FROM `{$GLOBALS['dbContacts']}` WHERE username = '{$username}'";
+ $result = mysql_query($sql);
+ if (mysql_error()) trigger_error(mysql_error(),E_USER_WARNING);
+ if (mysql_num_rows($result) == 1)
+ {
+ debug_log ("Authenticate: Just one contact in db");
+ // Exists in SiT DB
+ $obj = mysql_fetch_object($result);
+ if ($obj->contact_source == 'sit')
+ {
+ if ((md5($password) == $obj->password OR $password == $obj->password) AND $obj->active == 'true') $toReturn = true;
+ else $toReturn = false;
+ }
+ elseif ($obj->contact_source == 'ldap')
+ {
+ // Auth against LDAP and sync
+ $toReturn = authenticateLDAP($username, $password, $obj->id, false);
+ if ($toReturn === -1)
+ {
+ // Communication with LDAP server failed
+ if ($CONFIG['ldap_allow_cached_password'])
+ {
+ debug_log ("LDAP connection failed, using cached password");
+ // Use cached password
+ if ((md5($password) == $obj->password OR $password == $obj->password) AND $obj->active == 'true') $toReturn = true;
+ else $toReturn = false;
+ debug_log ("Cached contact {$toReturn} {$password}");
+
+ }
+ else
+ {
+ debug_log ("Cached passwords are not enabled");
+ $toReturn = false;
+ }
+ }
+ elseif ($toReturn)
+ {
+ $toReturn = true;
+ }
+ else
+ {
+ $toReturn = false;
+ }
+ }
+ else
+ {
+ debug_log ("Source SOMETHING ELSE this shouldn't happen'");
+ $toReturn = false;
+ }
+ }
+ elseif (mysql_num_rows($result) > 1)
+ {
+ debug_log ("Multiple");
+ // Multiple this should NEVER happen
+ trigger_error($GLOBALS['strUsernameNotUnique'], E_USER_ERROR);
+ $toReturn = false;
+ }
+ else
+ {
+ debug_log ("Authenticate: No matching contact '$username' found in db");
+ // Don't exist, check LDAP etc
+ if ($CONFIG['use_ldap'] AND !empty($CONFIG['ldap_customer_group']))
+ {
+ $toReturn = authenticateLDAP($username, $password, 0, false);
+ if ($toReturn === -1) $toReturn = false;
+ }
+ }
}
else
{
- debug_log ("Authenticate: No matching contact '$username' found in db");
- // Don't exist, check LDAP etc
- if ($CONFIG['use_ldap'] AND !empty($CONFIG['ldap_customer_group']))
- {
- $toReturn = authenticateLDAP($username, $password, 0, false);
- if ($toReturn === -1) $toReturn = false;
- }
+ debug_log ("Blank username or password for user thus denying access");
+ $toReturn = false;
}
debug_log ("authenticateContact returning {$toReturn}");
functions.inc.php [^] (286,368 bytes) 2010-01-20 20:56 |