WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

refactoring

This commit is contained in:
Roland Gruber 2018-12-29 09:51:51 +01:00
parent 87e47ae9b1
commit cf25c31a37
6 changed files with 104 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lam/VERSION
View File

@ -1 +1 @@
6.6 6.7.DEV

16
lam/lib/modules/dhcp_settings.inc
View File

@ -47,7 +47,7 @@ if (!function_exists('check_ip')) {
*/ */
function check_ip($ip, $subnet = false) { function check_ip($ip, $subnet = false) {
$part = explode(".", $ip); $part = explode(".", $ip);
// Wenn... Keine 4 Segmente gefunden wurde // IP must contain 4 segments
if (count($part) != 4) { if (count($part) != 4) {
return false; return false;
} }
@ -55,18 +55,12 @@ if (!function_exists('check_ip')) {
// check each segment // check each segment
for ($i = 0; $i < count($part); $i++) { for ($i = 0; $i < count($part); $i++) {
// only numbers are allowed // only numbers are allowed
if (!is_numeric($part[$i])) { if (!is_numeric($part[$i])
return false; || ($part[$i] > 255)
}
elseif ($part[$i] > 255) {
return false;
}
// non-subnet must be > 0 on last digit // non-subnet must be > 0 on last digit
elseif (!$subnet && ($i == 3) && ($part[$i] < 1)) { || (!$subnet && ($i == 3) && ($part[$i] < 1))
return false;
}
// subnet must be >= 0 on last digit // subnet must be >= 0 on last digit
elseif ($subnet && ($i == 3) && ($part[$i] < 0)) { || ($subnet && ($i == 3) && ($part[$i] < 0))) {
return false; return false;
} }
} }

35
lam/lib/modules/fixed_ip.inc
View File

@ -148,15 +148,12 @@ class fixed_ip extends baseModule {
} }
/** /**
* Checks if IPs are not overlaped.
* *
* Checked, if ips are overlapd. * @param ip IP address
* * @return not overlaped
* @param ip
*
* @return false, if overlapd, else true.
*
**/ **/
public function overlapd_ip($ip) { public function isNotOverlapedIp($ip) {
if (in_array($ip, $this->overlapd)) { if (in_array($ip, $this->overlapd)) {
return false; return false;
} }
@ -216,11 +213,12 @@ class fixed_ip extends baseModule {
$ex = explode(".", $this->fixed_ip[$id]['ip']); $ex = explode(".", $this->fixed_ip[$id]['ip']);
$tmp = $this->fixed_ip[$id]['ip']; $tmp = $this->fixed_ip[$id]['ip'];
$this->fixed_ip[$id]['ip'] = $ex_subnet['0'].".".$ex_subnet['1'].".".$ex_subnet['2'].".".$ex['3']; $this->fixed_ip[$id]['ip'] = $ex_subnet['0'].".".$ex_subnet['1'].".".$ex_subnet['2'].".".$ex['3'];
if ($tmp!=$this->fixed_ip[$id]['ip']) if ($tmp!=$this->fixed_ip[$id]['ip']) {
$ip_edit = true; $ip_edit = true;
} }
} }
} }
}
return $ip_edit; return $ip_edit;
} }
@ -231,8 +229,8 @@ class fixed_ip extends baseModule {
*/ */
function load_attributes($attr) { function load_attributes($attr) {
if (!$this->isRootNode()) { if (!$this->isRootNode()) {
$attributes = array('cn', 'dhcphwaddress', 'dhcpstatements', 'dhcpcomments'); $searchAttributes = array('cn', 'dhcphwaddress', 'dhcpstatements', 'dhcpcomments');
$entries = searchLDAP($this->getAccountContainer()->dn_orig, '(objectClass=dhcpHost)', $attributes); $entries = searchLDAP($this->getAccountContainer()->dn_orig, '(objectClass=dhcpHost)', $searchAttributes);
for ($i = 0; $i < sizeof($entries); $i++) { for ($i = 0; $i < sizeof($entries); $i++) {
$dhcphwaddress = explode(" ", $entries[$i]['dhcphwaddress'][0]); $dhcphwaddress = explode(" ", $entries[$i]['dhcphwaddress'][0]);
$dhcphwaddress = array_pop($dhcphwaddress); $dhcphwaddress = array_pop($dhcphwaddress);
@ -332,11 +330,8 @@ class fixed_ip extends baseModule {
if (!empty($_POST['ip_'.$id])) { if (!empty($_POST['ip_'.$id])) {
$_POST['ip_'.$id] = trim($_POST['ip_'.$id]); $_POST['ip_'.$id] = trim($_POST['ip_'.$id]);
} }
if (!empty($_POST['ip_'.$id]) && !(check_ip($_POST['ip_'.$id]))) { if ((!empty($_POST['ip_'.$id]) && !(check_ip($_POST['ip_'.$id])))
$error = true; || (!empty($_POST['ip_'.$id]) && !$this->isNotOverlapedIp($_POST['ip_'.$id]))) {
$this->fixed_ip[$id]['ip'] = $_POST['ip_'.$id];
}
elseif (!empty($_POST['ip_'.$id]) && !$this->overlapd_ip($_POST['ip_'.$id])) {
$error = true; $error = true;
$this->fixed_ip[$id]['ip'] = $_POST['ip_'.$id]; $this->fixed_ip[$id]['ip'] = $_POST['ip_'.$id];
} }
@ -352,7 +347,9 @@ class fixed_ip extends baseModule {
} }
// cn: // cn:
if (!empty($_POST['pc_'.$id])) $_POST['pc_'.$id] = trim($_POST['pc_'.$id]); if (!empty($_POST['pc_'.$id])) {
$_POST['pc_'.$id] = trim($_POST['pc_'.$id]);
}
if (!empty($_POST['pc_'.$id])) { if (!empty($_POST['pc_'.$id])) {
// name already in use // name already in use
@ -415,7 +412,7 @@ class fixed_ip extends baseModule {
// auto-completion for host names // auto-completion for host names
$autoNames = array(); $autoNames = array();
if (!empty($this->hostCache) && (sizeof($this->hostCache) < 200)) { if (!empty($this->hostCache) && (sizeof($this->hostCache) < 200)) {
foreach ($this->hostCache as $index => $attrs) { foreach ($this->hostCache as $attrs) {
if (!empty($attrs['cn'][0])) { if (!empty($attrs['cn'][0])) {
$autoNames[] = $attrs['cn'][0]; $autoNames[] = $attrs['cn'][0];
} }
@ -455,7 +452,7 @@ class fixed_ip extends baseModule {
foreach($this->fixed_ip AS $id => $arr) { foreach($this->fixed_ip AS $id => $arr) {
// pc name // pc name
$pcError = ""; $pcError = "";
$existsInDifferentDn = $this->hostNameExists($_POST['pc_'.$id]); $existsInDifferentDn = !empty($_POST['pc_' . $id]) && $this->hostNameExists($_POST['pc_' . $id]);
if (!$this->processed) { if (!$this->processed) {
$pcError = ""; $pcError = "";
} }
@ -507,7 +504,7 @@ class fixed_ip extends baseModule {
$this->getAccountContainer()->getAccountModule('dhcp_settings')->getDHCPOption('subnet-mask'))) { $this->getAccountContainer()->getAccountModule('dhcp_settings')->getDHCPOption('subnet-mask'))) {
$ipError = _("The IP address does not match the subnet."); $ipError = _("The IP address does not match the subnet.");
} }
elseif (!$this->overlapd_ip($this->fixed_ip[$id]['ip'])) { elseif (!$this->isNotOverlapedIp($this->fixed_ip[$id]['ip'])) {
$ipError = _("The IP address is already in use."); $ipError = _("The IP address is already in use.");
} }
$error = ''; $error = '';

53
lam/lib/modules/range.inc
View File

@ -7,7 +7,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2008 Thomas Manninger Copyright (C) 2008 Thomas Manninger
2008 - 2017 Roland Gruber 2008 - 2018 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -164,16 +164,10 @@ class range extends baseModule {
public function check_range($first_ip, $second_ip) { public function check_range($first_ip, $second_ip) {
$ex_first = explode(".", $first_ip); $ex_first = explode(".", $first_ip);
$ex_second = explode(".", $second_ip); $ex_second = explode(".", $second_ip);
if ($ex_first[0]<$ex_second[0]) return ($ex_first[0] < $ex_second[0])
return true; || ($ex_first[1] < $ex_second[1])
if ($ex_first[1]<$ex_second[1]) || ($ex_first[2] < $ex_second[2])
return true; || ($ex_first[3] < $ex_second[3]);
if ($ex_first[2]<$ex_second[2])
return true;
if ($ex_first[3]<$ex_second[3]) {
return true;
}
return false;
} }
/** /**
@ -191,15 +185,15 @@ class range extends baseModule {
/** /**
* *
* Checked, if Ranges are overlaped. * Checks if ranges are not overlaped.
* *
* @param first ip * @param first ip
* @param second ip * @param second ip
* *
* @return false, if overlaped, else true. * @return not overlaped
* *
**/ **/
function overlaped_range($ip,$ipB) { function isNotOverlapedRange($ip,$ipB) {
$ex = explode(".", $ip); $ex = explode(".", $ip);
$exB = explode(".", $ipB); $exB = explode(".", $ipB);
@ -286,18 +280,20 @@ class range extends baseModule {
$ex = explode(".", $this->ranges[$id]['range_start']); $ex = explode(".", $this->ranges[$id]['range_start']);
$tmp = $this->ranges[$id]['range_start']; $tmp = $this->ranges[$id]['range_start'];
$this->ranges[$id]['range_start'] = $ex_subnet['0'].".".$ex_subnet['1'].".".$ex_subnet['2'].".".$ex['3']; $this->ranges[$id]['range_start'] = $ex_subnet['0'].".".$ex_subnet['1'].".".$ex_subnet['2'].".".$ex['3'];
if($tmp!=$this->ranges[$id]['range_start']) if($tmp!=$this->ranges[$id]['range_start']) {
$range_edit = true; $range_edit = true;
} }
}
if (!empty($this->ranges[$id]['range_end']) && !range::check_subnet_range($this->ranges[$id]['range_end'],$dhcpAttrs['cn'][0], $mask)) { if (!empty($this->ranges[$id]['range_end']) && !range::check_subnet_range($this->ranges[$id]['range_end'],$dhcpAttrs['cn'][0], $mask)) {
// Range anpassen: // Range anpassen:
$ex = explode(".", $this->ranges[$id]['range_end']); $ex = explode(".", $this->ranges[$id]['range_end']);
$tmp = $this->ranges[$id]['range_end']; $tmp = $this->ranges[$id]['range_end'];
$this->ranges[$id]['range_end'] = $ex_subnet['0'].".".$ex_subnet['1'].".".$ex_subnet['2'].".".$ex['3']; $this->ranges[$id]['range_end'] = $ex_subnet['0'].".".$ex_subnet['1'].".".$ex_subnet['2'].".".$ex['3'];
if($tmp!=$this->ranges[$id]['range_end']) if($tmp!=$this->ranges[$id]['range_end']) {
$range_edit = true; $range_edit = true;
} }
} }
}
if ($range_edit) { if ($range_edit) {
// sort the range new, id it was edit. // sort the range new, id it was edit.
foreach($this->ranges AS $id=>$arr) { foreach($this->ranges AS $id=>$arr) {
@ -354,7 +350,7 @@ class range extends baseModule {
$this->ranges[$id]['range_end'] = $_POST['range_end_'.$id]; $this->ranges[$id]['range_end'] = $_POST['range_end_'.$id];
// Check if ip overlaped: // Check if ip overlaped:
if(!$this->overlaped_range($_POST['range_start_'.$id],$_POST['range_end_'.$id])) { if(!$this->isNotOverlapedRange($_POST['range_start_'.$id],$_POST['range_end_'.$id])) {
$errorOccured = true; $errorOccured = true;
} }
@ -438,16 +434,11 @@ class range extends baseModule {
else { else {
$this->poolsNew[$index]['dhcprange'][$rIndex] = $from . ' ' . $to; $this->poolsNew[$index]['dhcprange'][$rIndex] = $from . ' ' . $to;
// check ranges // check ranges
if (!check_ip($from) || !check_ip($to)) { if (!check_ip($from) || !check_ip($to)
$errorOccured = true; || !$this->isNotOverlapedRange($from, $to)
} || !range::check_subnet_range($from, $subnet, $mask)
elseif (!$this->overlaped_range($from, $to)) { || !range::check_subnet_range($to, $subnet, $mask)
$errorOccured = true; || !$this->check_range($from, $to)) {
}
elseif (!range::check_subnet_range($from, $subnet, $mask) || !range::check_subnet_range($to, $subnet, $mask)) {
$errorOccured = true;
}
elseif (!$this->check_range($from, $to)) {
$errorOccured = true; $errorOccured = true;
} }
} }
@ -510,7 +501,7 @@ class range extends baseModule {
$error = _("The range end needs to be greater than the range start."); $error = _("The range end needs to be greater than the range start.");
} elseif ($this->processed && !range::check_subnet_range($this->ranges[$id]['range_start'], $subnet, $mask)) { } elseif ($this->processed && !range::check_subnet_range($this->ranges[$id]['range_start'], $subnet, $mask)) {
$error = _("The IP does not match the subnet."); $error = _("The IP does not match the subnet.");
} elseif ($this->processed && !$this->overlaped_range($this->ranges[$id]['range_start'],$this->ranges[$id]['range_end']) ) { } elseif ($this->processed && !$this->isNotOverlapedRange($this->ranges[$id]['range_start'],$this->ranges[$id]['range_end']) ) {
$error = _("The range conflicts with another range."); $error = _("The range conflicts with another range.");
} }
} }
@ -590,7 +581,7 @@ class range extends baseModule {
elseif (!range::check_subnet_range($from, $subnet, $mask)) { elseif (!range::check_subnet_range($from, $subnet, $mask)) {
$message = _("The IP does not match the subnet."); $message = _("The IP does not match the subnet.");
} }
elseif (!$this->overlaped_range($from, $to)) { elseif (!$this->isNotOverlapedRange($from, $to)) {
$message = _("The range conflicts with another range."); $message = _("The range conflicts with another range.");
} }
} }
@ -781,7 +772,7 @@ class range extends baseModule {
if (!empty($this->poolsNew)) { if (!empty($this->poolsNew)) {
foreach ($this->poolsNew as $index => $poolAttrs) { foreach ($this->poolsNew as $poolAttrs) {
$cn = !empty($poolAttrs['cn'][0]) ? $poolAttrs['cn'][0] : ''; $cn = !empty($poolAttrs['cn'][0]) ? $poolAttrs['cn'][0] : '';
$peer = ''; $peer = '';
if (!empty($poolAttrs['dhcpstatements'])) { if (!empty($poolAttrs['dhcpstatements'])) {
@ -792,7 +783,7 @@ class range extends baseModule {
} }
} }
if (!empty($poolAttrs['dhcprange'])) { if (!empty($poolAttrs['dhcprange'])) {
foreach ($poolAttrs['dhcprange'] as $rIndex => $range) { foreach ($poolAttrs['dhcprange'] as $range) {
$range = explode(' ', $range); $range = explode(' ', $range);
$from = !empty($range[0]) ? $range[0] : ''; $from = !empty($range[0]) ? $range[0] : '';
$to = !empty($range[1]) ? $range[1] : ''; $to = !empty($range[1]) ? $range[1] : '';

70
lam/lib/security.inc
View File

@ -61,7 +61,9 @@ function lam_start_session() {
*/ */
function startSecureSession($redirectToLogin = true, $initSecureData = false) { function startSecureSession($redirectToLogin = true, $initSecureData = false) {
// start session // start session
if (isset($_SESSION)) unset($_SESSION); if (isset($_SESSION)) {
unset($_SESSION);
}
if (strtolower(session_module_name()) == 'files') { if (strtolower(session_module_name()) == 'files') {
$sessionDir = dirname(__FILE__) . "/../sess"; $sessionDir = dirname(__FILE__) . "/../sess";
session_save_path($sessionDir); session_save_path($sessionDir);
@ -125,8 +127,12 @@ function startSecureSession($redirectToLogin = true, $initSecureData = false) {
* *
*/ */
function checkClientIP() { function checkClientIP() {
if (isset($_SESSION['cfgMain'])) $cfg = $_SESSION['cfgMain']; if (isset($_SESSION['cfgMain'])) {
else $cfg = new LAMCfgMain(); $cfg = $_SESSION['cfgMain'];
}
else {
$cfg = new LAMCfgMain();
}
$allowedHosts = $cfg->allowedHosts; $allowedHosts = $cfg->allowedHosts;
$url = getCallingURL(); $url = getCallingURL();
if ((strpos($url, '/selfService/selfService') !== false) || ((strpos($url, '/misc/ajax.php?') !== false) && strpos($url, 'selfservice=1') !== false)) { if ((strpos($url, '/selfService/selfService') !== false) || ((strpos($url, '/misc/ajax.php?') !== false) && strpos($url, 'selfservice=1') !== false)) {
@ -142,7 +148,9 @@ function checkClientIP() {
for ($i = 0; $i < sizeof($allowedHosts); $i++) { for ($i = 0; $i < sizeof($allowedHosts); $i++) {
$host = $allowedHosts[$i]; $host = $allowedHosts[$i];
$ipRegex = '/^[0-9a-z\\.:\\*]+$/i'; $ipRegex = '/^[0-9a-z\\.:\\*]+$/i';
if (!preg_match($ipRegex, $host)) continue; if (!preg_match($ipRegex, $host)) {
continue;
}
$hostRegex = str_replace(".", "\\.", $host); $hostRegex = str_replace(".", "\\.", $host);
$hostRegex = '/^' . str_replace("*", ".*", $hostRegex) . '$/'; $hostRegex = '/^' . str_replace("*", ".*", $hostRegex) . '$/';
$clientIP = $_SERVER['REMOTE_ADDR']; $clientIP = $_SERVER['REMOTE_ADDR'];
@ -225,8 +233,12 @@ function logoffAndBackToLoginPage() {
* @return boolean debug enabled * @return boolean debug enabled
*/ */
function isDebugLoggingEnabled() { function isDebugLoggingEnabled() {
if (isset($_SESSION['cfgMain'])) $cfg = $_SESSION['cfgMain']; if (isset($_SESSION['cfgMain'])) {
else $cfg = new LAMCfgMain(); $cfg = $_SESSION['cfgMain'];
}
else {
$cfg = new LAMCfgMain();
}
return $cfg->logLevel >= LOG_DEBUG; return $cfg->logLevel >= LOG_DEBUG;
} }
@ -238,13 +250,21 @@ function isDebugLoggingEnabled() {
*/ */
function logNewMessage($level, $message) { function logNewMessage($level, $message) {
$possibleLevels = array(LOG_DEBUG => 'DEBUG', LOG_NOTICE => 'NOTICE', LOG_WARNING => 'WARNING', LOG_ERR => 'ERROR'); $possibleLevels = array(LOG_DEBUG => 'DEBUG', LOG_NOTICE => 'NOTICE', LOG_WARNING => 'WARNING', LOG_ERR => 'ERROR');
if (!in_array($level, array_keys($possibleLevels))) StatusMessage('ERROR', 'Invalid log level!', $level); if (!in_array($level, array_keys($possibleLevels))) {
if (isset($_SESSION['cfgMain'])) $cfg = $_SESSION['cfgMain']; StatusMessage('ERROR', 'Invalid log level!', $level);
else $cfg = new LAMCfgMain(); }
if (isset($_SESSION['cfgMain'])) {
$cfg = $_SESSION['cfgMain'];
}
else {
$cfg = new LAMCfgMain();
}
// check if logging is disabled // check if logging is disabled
if ($cfg->logDestination == 'NONE') return; if (($cfg->logDestination == 'NONE')
// check if log level is high enough // check if log level is high enough
elseif ($cfg->logLevel < $level) return; || ($cfg->logLevel < $level)) {
return;
}
// ok to log, build log message // ok to log, build log message
$prefix = "LDAP Account Manager (" . session_id() . ' - ' . getClientIPForLogging() . ") - " . $possibleLevels[$level] . ": "; $prefix = "LDAP Account Manager (" . session_id() . ' - ' . getClientIPForLogging() . ") - " . $possibleLevels[$level] . ": ";
$message = $prefix . $message; $message = $prefix . $message;
@ -286,11 +306,10 @@ function checkIfWriteAccessIsAllowed($scope = null) {
} }
if ($_SESSION['config']->getAccessLevel() >= LAMConfig::ACCESS_ALL) { if ($_SESSION['config']->getAccessLevel() >= LAMConfig::ACCESS_ALL) {
$typeSettings = $_SESSION['config']->get_typeSettings(); $typeSettings = $_SESSION['config']->get_typeSettings();
if ($scope == null) { if (($scope == null)
return true;
}
elseif (!isset($typeSettings['readOnly_' . $scope]) || !$typeSettings['readOnly_' . $scope]) {
// check if write for this type is allowed // check if write for this type is allowed
|| !isset($typeSettings['readOnly_' . $scope])
|| !$typeSettings['readOnly_' . $scope]) {
return true; return true;
} }
} }
@ -365,8 +384,12 @@ function checkPasswordStrength($password, $userName, $otherUserAttrs) {
if ($password == null) { if ($password == null) {
$password = ""; $password = "";
} }
if (isset($_SESSION['cfgMain'])) $cfg = $_SESSION['cfgMain']; if (isset($_SESSION['cfgMain'])) {
else $cfg = new LAMCfgMain(); $cfg = $_SESSION['cfgMain'];
}
else {
$cfg = new LAMCfgMain();
}
// check length // check length
if (strlen($password) < $cfg->passwordMinLength) { if (strlen($password) < $cfg->passwordMinLength) {
return sprintf(_('The password is too short. You have to enter at least %s characters.'), $cfg->passwordMinLength); return sprintf(_('The password is too short. You have to enter at least %s characters.'), $cfg->passwordMinLength);
@ -656,8 +679,9 @@ function lamEncrypt($data, $prefix='') {
// use OpenSSL if available // use OpenSSL if available
if (function_exists('openssl_random_pseudo_bytes')) { if (function_exists('openssl_random_pseudo_bytes')) {
// OpenSSL may have been enabled in a running session // OpenSSL may have been enabled in a running session
if (!isset($_COOKIE[$prefix . "IV"]) || ($_COOKIE[$prefix . "IV"] == '')) return $data; if (!isset($_COOKIE[$prefix . "IV"])
if ($_COOKIE[$prefix . "IV"] == "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx") { || ($_COOKIE[$prefix . "IV"] == '')
|| ($_COOKIE[$prefix . "IV"] == "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")) {
return $data; return $data;
} }
// read key and iv from cookie // read key and iv from cookie
@ -683,8 +707,9 @@ function lamDecrypt($data, $prefix='') {
// use OpenSSL if available // use OpenSSL if available
if (function_exists('openssl_random_pseudo_bytes')) { if (function_exists('openssl_random_pseudo_bytes')) {
// OpenSSL may have been enabled in a running session // OpenSSL may have been enabled in a running session
if (!isset($_COOKIE[$prefix . "IV"]) || ($_COOKIE[$prefix . "IV"] == '')) return $data; if (!isset($_COOKIE[$prefix . "IV"])
if ($_COOKIE[$prefix . "IV"] == "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx") { || ($_COOKIE[$prefix . "IV"] == '')
|| ($_COOKIE[$prefix . "IV"] == "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")) {
return $data; return $data;
} }
// read key and iv from cookie // read key and iv from cookie
@ -692,8 +717,7 @@ function lamDecrypt($data, $prefix='') {
$key = base64_decode($_COOKIE[$prefix . "Key"]); $key = base64_decode($_COOKIE[$prefix . "Key"]);
// decrypt string // decrypt string
$ret = openssl_decrypt($data, lamEncryptionAlgo(), $key, 0, $iv); $ret = openssl_decrypt($data, lamEncryptionAlgo(), $key, 0, $iv);
$ret = base64_decode(str_replace(chr(00), "", $ret)); return base64_decode(str_replace(chr(00), "", $ret));
return $ret;
} }
// otherwise do not decrypt // otherwise do not decrypt
else { else {

16
lam/templates/login.php
View File

@ -533,13 +533,17 @@ if(isset($_POST['checklogin'])) {
else { else {
$searchSuccess = false; $searchSuccess = false;
$searchError = _('Unable to find the user name in LDAP.'); $searchError = _('Unable to find the user name in LDAP.');
if (ldap_errno($searchLDAP->server()) != 0) $searchError .= ' ' . getDefaultLDAPErrorString($searchLDAP->server()); if (ldap_errno($searchLDAP->server()) != 0) {
$searchError .= ' ' . getDefaultLDAPErrorString($searchLDAP->server());
}
} }
} }
else { else {
$searchSuccess = false; $searchSuccess = false;
$searchError = _('Unable to find the user name in LDAP.'); $searchError = _('Unable to find the user name in LDAP.');
if (ldap_errno($searchLDAP->server()) != 0) $searchError .= ' ' . getDefaultLDAPErrorString($searchLDAP->server()); if (ldap_errno($searchLDAP->server()) != 0) {
$searchError .= ' ' . getDefaultLDAPErrorString($searchLDAP->server());
}
} }
} }
if (!$searchSuccess) { if (!$searchSuccess) {
@ -579,12 +583,8 @@ if(isset($_POST['checklogin'])) {
die(); die();
} }
else { else {
if ($result === False) { if (($result === False)
// connection failed || ($result == 81)) {
$error_message = _("Cannot connect to specified LDAP server. Please try again.");
logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
}
elseif ($result == 81) {
// connection failed // connection failed
$error_message = _("Cannot connect to specified LDAP server. Please try again."); $error_message = _("Cannot connect to specified LDAP server. Please try again.");
logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').'); logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').');