better error messages on login
This commit is contained in:
parent
fd8e7c1de3
commit
605713a181
|
@ -1487,8 +1487,9 @@ function getDefaultLDAPErrorString($server) {
|
||||||
logNewMessage(LOG_DEBUG, 'Password change failed because of ' . $extError);
|
logNewMessage(LOG_DEBUG, 'Password change failed because of ' . $extError);
|
||||||
$extError = _('Your password does not meet the password strength qualifications. Please retry with another one.');
|
$extError = _('Your password does not meet the password strength qualifications. Please retry with another one.');
|
||||||
}
|
}
|
||||||
$message = _('LDAP error, server says:') . ' ' . ldap_error($server);
|
$genericErrorMessage = ldap_error($server);
|
||||||
if (!empty($extError)) {
|
$message = _('LDAP error, server says:') . ' ' . $genericErrorMessage;
|
||||||
|
if (!empty($extError) && ($genericErrorMessage != $extError)) {
|
||||||
$message .= ' - ' . $extError;
|
$message .= ' - ' . $extError;
|
||||||
}
|
}
|
||||||
return $message;
|
return $message;
|
||||||
|
|
|
@ -72,14 +72,14 @@ class Ldap{
|
||||||
* @param string $user user name
|
* @param string $user user name
|
||||||
* @param string $passwd password
|
* @param string $passwd password
|
||||||
* @param boolean $allowAnonymous specifies if anonymous binds are allowed
|
* @param boolean $allowAnonymous specifies if anonymous binds are allowed
|
||||||
* @return mixed if connect succeeds the 0 is returned, else false or error number
|
* @throws LAMException unable to connect
|
||||||
*/
|
*/
|
||||||
public function connect($user, $passwd, $allowAnonymous=false) {
|
public function connect($user, $passwd, $allowAnonymous=false) {
|
||||||
// close any prior connection
|
// close any prior connection
|
||||||
@$this->close();
|
@$this->close();
|
||||||
// do not allow anonymous bind
|
// do not allow anonymous bind
|
||||||
if (!$allowAnonymous && ((!$user)||($user == "")||(!$passwd))) {
|
if (!$allowAnonymous && ((!$user)||($user == "")||(!$passwd))) {
|
||||||
return false;
|
throw new LAMException(_("Cannot connect to specified LDAP server. Please try again."));
|
||||||
}
|
}
|
||||||
// save password und username encrypted
|
// save password und username encrypted
|
||||||
$this->encrypt_login($user, $passwd);
|
$this->encrypt_login($user, $passwd);
|
||||||
|
@ -94,18 +94,30 @@ class Ldap{
|
||||||
if ($bind) {
|
if ($bind) {
|
||||||
$return = ldap_errno($this->server);
|
$return = ldap_errno($this->server);
|
||||||
$this->is_connected = true;
|
$this->is_connected = true;
|
||||||
// return success number
|
return;
|
||||||
return $return;
|
|
||||||
}
|
}
|
||||||
// return error number
|
// return error number
|
||||||
else {
|
$errorNumber = ldap_errno($this->server);
|
||||||
return ldap_errno($this->server);
|
$clientSource = empty($_SERVER['REMOTE_ADDR']) ? '' : $_SERVER['REMOTE_ADDR'];
|
||||||
|
if (($errorNumber === False)
|
||||||
|
|| ($errorNumber == 81)) {
|
||||||
|
// connection failed
|
||||||
|
logNewMessage(LOG_ERR, 'User ' . $user . ' (' . $clientSource . ') failed to log in (LDAP error: ' . getDefaultLDAPErrorString($this->server) . ').');
|
||||||
|
throw new LAMException(_("Cannot connect to specified LDAP server. Please try again."));
|
||||||
}
|
}
|
||||||
|
elseif ($errorNumber == 49) {
|
||||||
|
// user name/password invalid. Return to login page.
|
||||||
|
logNewMessage(LOG_ERR, 'User ' . $user . ' (' . $clientSource . ') failed to log in (wrong password). ' . getDefaultLDAPErrorString($this->server));
|
||||||
|
throw new LAMException(_("Wrong password/user name combination. Please try again."), getDefaultLDAPErrorString($this->server));
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
return false;
|
// other errors
|
||||||
|
logNewMessage(LOG_ERR, 'User ' . $user . ' (' . $clientSource . ') failed to log in (LDAP error: ' . getDefaultLDAPErrorString($this->server) . ').');
|
||||||
|
throw new LAMException(_("LDAP error, server says:"), "($errorNumber) " . getDefaultLDAPErrorString($this->server));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
throw new LAMException(_("Cannot connect to specified LDAP server. Please try again."));
|
||||||
|
}
|
||||||
|
|
||||||
/** Closes connection to server */
|
/** Closes connection to server */
|
||||||
public function close() {
|
public function close() {
|
||||||
|
@ -121,9 +133,14 @@ class Ldap{
|
||||||
*/
|
*/
|
||||||
public function server() {
|
public function server() {
|
||||||
if (!$this->is_connected) {
|
if (!$this->is_connected) {
|
||||||
|
try {
|
||||||
$this->connect($this->getUserName(), $this->getPassword());
|
$this->connect($this->getUserName(), $this->getPassword());
|
||||||
$this->is_connected = true;
|
$this->is_connected = true;
|
||||||
}
|
}
|
||||||
|
catch (LAMException $e) {
|
||||||
|
logNewMessage(LOG_ERR, $e->getTitle() . ' ' . $e->getMessage());
|
||||||
|
}
|
||||||
|
}
|
||||||
return $this->server;
|
return $this->server;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -11,6 +11,7 @@ use \htmlGroup;
|
||||||
use \htmlInputCheckbox;
|
use \htmlInputCheckbox;
|
||||||
use \htmlButton;
|
use \htmlButton;
|
||||||
use \htmlStatusMessage;
|
use \htmlStatusMessage;
|
||||||
|
use LAMException;
|
||||||
use \Ldap;
|
use \Ldap;
|
||||||
use \htmlResponsiveRow;
|
use \htmlResponsiveRow;
|
||||||
use \htmlDiv;
|
use \htmlDiv;
|
||||||
|
@ -174,8 +175,9 @@ $_SESSION['header'] .= '<link rel="manifest" href="' . $manifestUrl . '/template
|
||||||
*
|
*
|
||||||
* @param \LAM\ENV\LAMLicenseValidator $licenseValidator license validator
|
* @param \LAM\ENV\LAMLicenseValidator $licenseValidator license validator
|
||||||
* @param string $error_message error message to display
|
* @param string $error_message error message to display
|
||||||
|
* @param string $errorDetails error details
|
||||||
*/
|
*/
|
||||||
function display_LoginPage($licenseValidator, $error_message) {
|
function display_LoginPage($licenseValidator, $error_message, $errorDetails = null) {
|
||||||
$config_object = $_SESSION['config'];
|
$config_object = $_SESSION['config'];
|
||||||
$cfgMain = $_SESSION["cfgMain"];
|
$cfgMain = $_SESSION["cfgMain"];
|
||||||
logNewMessage(LOG_DEBUG, "Display login page");
|
logNewMessage(LOG_DEBUG, "Display login page");
|
||||||
|
@ -405,7 +407,7 @@ function display_LoginPage($licenseValidator, $error_message) {
|
||||||
// error message
|
// error message
|
||||||
if(!empty($error_message)) {
|
if(!empty($error_message)) {
|
||||||
$row->add(new \htmlSpacer(null, '5px'), 12);
|
$row->add(new \htmlSpacer(null, '5px'), 12);
|
||||||
$message = new htmlStatusMessage('ERROR', $error_message);
|
$message = new htmlStatusMessage('ERROR', $error_message, $errorDetails);
|
||||||
$message->colspan = 3;
|
$message->colspan = 3;
|
||||||
$row->add($message, 12);
|
$row->add($message, 12);
|
||||||
}
|
}
|
||||||
|
@ -517,12 +519,8 @@ if(isset($_POST['checklogin'])) {
|
||||||
$searchSuccess = true;
|
$searchSuccess = true;
|
||||||
$searchError = '';
|
$searchError = '';
|
||||||
$searchLDAP = new Ldap($_SESSION['config']);
|
$searchLDAP = new Ldap($_SESSION['config']);
|
||||||
$searchLDAPResult = $searchLDAP->connect($searchDN, $searchPassword, true);
|
try {
|
||||||
if (! ($searchLDAPResult == 0)) {
|
$searchLDAP->connect($searchDN, $searchPassword, true);
|
||||||
$searchSuccess = false;
|
|
||||||
$searchError = _('Cannot connect to specified LDAP server. Please try again.') . ' ' . getDefaultLDAPErrorString($searchLDAP->server());
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$searchResult = ldap_search($searchLDAP->server(), $_SESSION['config']->getLoginSearchSuffix(), $searchFilter, array('dn'), 0, 0, 0, LDAP_DEREF_NEVER);
|
$searchResult = ldap_search($searchLDAP->server(), $_SESSION['config']->getLoginSearchSuffix(), $searchFilter, array('dn'), 0, 0, 0, LDAP_DEREF_NEVER);
|
||||||
if ($searchResult) {
|
if ($searchResult) {
|
||||||
$searchInfo = ldap_get_entries($searchLDAP->server(), $searchResult);
|
$searchInfo = ldap_get_entries($searchLDAP->server(), $searchResult);
|
||||||
|
@ -555,7 +553,6 @@ if(isset($_POST['checklogin'])) {
|
||||||
$searchError .= ' ' . getDefaultLDAPErrorString($searchLDAP->server());
|
$searchError .= ' ' . getDefaultLDAPErrorString($searchLDAP->server());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
if (!$searchSuccess) {
|
if (!$searchSuccess) {
|
||||||
$error_message = $searchError;
|
$error_message = $searchError;
|
||||||
logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in. ' . $searchError . '');
|
logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in. ' . $searchError . '');
|
||||||
|
@ -565,9 +562,15 @@ if(isset($_POST['checklogin'])) {
|
||||||
}
|
}
|
||||||
$searchLDAP->close();
|
$searchLDAP->close();
|
||||||
}
|
}
|
||||||
|
catch (LAMException $e) {
|
||||||
|
$searchLDAP->close();
|
||||||
|
display_LoginPage($licenseValidator, $e->getTitle(), $e->getMessage());
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
}
|
||||||
// try to connect to LDAP
|
// try to connect to LDAP
|
||||||
$result = $_SESSION['ldap']->connect($username, $password); // Connect to LDAP server for verifying username/password
|
try {
|
||||||
if($result === 0) {// Username/password correct. Do some configuration and load main frame.
|
$_SESSION['ldap']->connect($username, $password); // Connect to LDAP server for verifying username/password
|
||||||
$_SESSION['loggedIn'] = true;
|
$_SESSION['loggedIn'] = true;
|
||||||
// set security settings for session
|
// set security settings for session
|
||||||
$_SESSION['sec_session_id'] = session_id();
|
$_SESSION['sec_session_id'] = session_id();
|
||||||
|
@ -586,24 +589,8 @@ if(isset($_POST['checklogin'])) {
|
||||||
}
|
}
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
else {
|
catch (LAMException $e) {
|
||||||
if (($result === False)
|
display_LoginPage($licenseValidator, $e->getTitle(), $e->getMessage());
|
||||||
|| ($result == 81)) {
|
|
||||||
// connection failed
|
|
||||||
$error_message = _("Cannot connect to specified LDAP server. Please try again.");
|
|
||||||
logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
|
|
||||||
}
|
|
||||||
elseif ($result == 49) {
|
|
||||||
// user name/password invalid. Return to login page.
|
|
||||||
$error_message = _("Wrong password/user name combination. Please try again.");
|
|
||||||
logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in (wrong password).');
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
// other errors
|
|
||||||
$error_message = _("LDAP error, server says:") . "\n<br>($result) " . ldap_err2str($result);
|
|
||||||
logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
|
|
||||||
}
|
|
||||||
display_LoginPage($licenseValidator, $error_message);
|
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue