show info if login failed and account can be determined as locked
This commit is contained in:
Roland Gruber
parent
38cbfb9dab
commit
780daded11
|
|
@ -1771,16 +1771,20 @@ class LAMException extends Exception {
|
|||
|
||||
private $title;
|
||||
|
||||
private $ldapErrorCode;
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
* @param string $title title
|
||||
* @param string $message message (optional)
|
||||
* @param Exception $cause (optional)
|
||||
* @param int $ldapErrorCode original LDAP error code
|
||||
*/
|
||||
public function __construct($title, $message = null, $cause = null) {
|
||||
public function __construct($title, $message = null, $cause = null, $ldapErrorCode = null) {
|
||||
parent::__construct($message, null, $cause);
|
||||
$this->title = $title;
|
||||
$this->ldapErrorCode = $ldapErrorCode;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1792,6 +1796,15 @@ class LAMException extends Exception {
|
|||
return $this->title;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the original LDAP error code.
|
||||
*
|
||||
* @return int error code
|
||||
*/
|
||||
public function getLdapErrorCode() {
|
||||
return $this->ldapErrorCode;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -92,7 +92,6 @@ class Ldap{
|
|||
ldap_set_option($this->server,LDAP_OPT_REFERRALS, $followReferrals);
|
||||
$bind = @ldap_bind($this->server, $user, $passwd);
|
||||
if ($bind) {
|
||||
$return = ldap_errno($this->server);
|
||||
$this->is_connected = true;
|
||||
return;
|
||||
}
|
||||
|
|
@ -103,17 +102,17 @@ class Ldap{
|
|||
|| ($errorNumber == 81)) {
|
||||
// connection failed
|
||||
logNewMessage(LOG_ERR, 'User ' . $user . ' (' . $clientSource . ') failed to log in (LDAP error: ' . getDefaultLDAPErrorString($this->server) . ').');
|
||||
throw new LAMException(_("Cannot connect to specified LDAP server. Please try again."));
|
||||
throw new LAMException(_("Cannot connect to specified LDAP server. Please try again."), null, null, $errorNumber);
|
||||
}
|
||||
elseif ($errorNumber == 49) {
|
||||
// user name/password invalid. Return to login page.
|
||||
logNewMessage(LOG_ERR, 'User ' . $user . ' (' . $clientSource . ') failed to log in (wrong password). ' . getDefaultLDAPErrorString($this->server));
|
||||
throw new LAMException(_("Wrong password/user name combination. Please try again."), getDefaultLDAPErrorString($this->server));
|
||||
throw new LAMException(_("Wrong password/user name combination. Please try again."), getDefaultLDAPErrorString($this->server), null, $errorNumber);
|
||||
}
|
||||
else {
|
||||
// other errors
|
||||
logNewMessage(LOG_ERR, 'User ' . $user . ' (' . $clientSource . ') failed to log in (LDAP error: ' . getDefaultLDAPErrorString($this->server) . ').');
|
||||
throw new LAMException(_("LDAP error, server says:"), "($errorNumber) " . getDefaultLDAPErrorString($this->server));
|
||||
throw new LAMException(_("LDAP error, server says:"), "($errorNumber) " . getDefaultLDAPErrorString($this->server), null, $errorNumber);
|
||||
}
|
||||
}
|
||||
throw new LAMException(_("Cannot connect to specified LDAP server. Please try again."));
|
||||
|
|
@ -122,6 +121,7 @@ class Ldap{
|
|||
/** Closes connection to server */
|
||||
public function close() {
|
||||
if ($this->server != null) {
|
||||
$this->is_connected = false;
|
||||
@ldap_close($this->server);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -178,8 +178,9 @@ setlanguage(); // setting correct language
|
|||
* @param \LAM\ENV\LAMLicenseValidator $licenseValidator license validator
|
||||
* @param string $error_message error message to display
|
||||
* @param string $errorDetails error details
|
||||
* @param string $extraMessage extra message that is shown as info
|
||||
*/
|
||||
function display_LoginPage($licenseValidator, $error_message, $errorDetails = null) {
|
||||
function display_LoginPage($licenseValidator, $error_message, $errorDetails = null, $extraMessage = null) {
|
||||
$config_object = $_SESSION['config'];
|
||||
$cfgMain = $_SESSION["cfgMain"];
|
||||
logNewMessage(LOG_DEBUG, "Display login page");
|
||||
|
|
@ -408,9 +409,12 @@ function display_LoginPage($licenseValidator, $error_message, $errorDetails = nu
|
|||
if (!empty($error_message)) {
|
||||
$row->add(new \htmlSpacer(null, '5px'), 12);
|
||||
$message = new htmlStatusMessage('ERROR', $error_message, $errorDetails);
|
||||
$message->colspan = 3;
|
||||
$row->add($message, 12);
|
||||
}
|
||||
if (!empty($extraMessage)) {
|
||||
$extraMessage = new htmlStatusMessage('INFO', $extraMessage);
|
||||
$row->add($extraMessage, 12);
|
||||
}
|
||||
|
||||
parseHtml(null, $row, array(), false, $tabindex, 'user');
|
||||
?>
|
||||
|
|
@ -590,12 +594,32 @@ if(isset($_POST['checklogin'])) {
|
|||
die();
|
||||
}
|
||||
catch (LAMException $e) {
|
||||
|
||||
display_LoginPage($licenseValidator, $e->getTitle(), $e->getMessage());
|
||||
$extraMessage = null;
|
||||
if (($searchLDAP !== null) && ($e->getLdapErrorCode() == 49)) {
|
||||
$extraMessage = getExtraInvalidCredentialsMessage($searchLDAP, $username);
|
||||
}
|
||||
display_LoginPage($licenseValidator, $e->getTitle(), $e->getMessage(), $extraMessage);
|
||||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Tries to get additional information why invalid credentials was returned. E.g. account is locked.
|
||||
*
|
||||
* @param Ldap $ldap LDAP object to connect for getting extra data
|
||||
* @param string $username failed DN
|
||||
* @return string extra message
|
||||
*/
|
||||
function getExtraInvalidCredentialsMessage($ldap, $username) {
|
||||
$extraMessage = null;
|
||||
$userData = ldapGetDN($username, array('dn', 'pwdaccountlockedtime'), $ldap->server());
|
||||
if (!empty($userData['pwdaccountlockedtime'][0])) {
|
||||
$extraMessage = _('Account is locked');
|
||||
}
|
||||
$ldap->close();
|
||||
return $extraMessage;
|
||||
}
|
||||
|
||||
//displays the login window
|
||||
display_LoginPage($licenseValidator, $error_message);
|
||||
?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue