moved message

3 years ago · e03cd1f57c
2 changed files with 31 additions and 32 deletions
--- a/lam/lib/account.inc
+++ b/lam/lib/account.inc
@ -1521,6 +1521,36 @@ function getDefaultLDAPErrorString($server) {
 	return $message;
 }

+/**
+ * Tries to get additional information why invalid credentials was returned. E.g. account is locked.
+ *
+ * @param handle $ldap LDAP object to connect for getting extra data
+ * @param string $userDn failed DN
+ * @return string extra message
+ */
+function getExtraInvalidCredentialsMessage($ldap, $userDn) {
+	$attributes = array('dn', 'pwdaccountlockedtime', 'krbprincipalexpiration',
+		'krbpasswordexpiration', 'passwordexpirationtime');
+	$userData = ldapGetDN($userDn, $attributes, $ldap);
+	$now = new DateTime('now', getTimeZone());
+	if (!empty($userData['pwdaccountlockedtime'][0])) {
+		return _('Account is locked');
+	}
+	if (!empty($userData['krbprincipalexpiration'][0])) {
+		$kerberosExpirationDate = parseLDAPTimestamp($userData['krbprincipalexpiration'][0]);
+		if ($now >= $kerberosExpirationDate) {
+			return _('Kerberos account is expired');
+		}
+	}
+	if (!empty($userData['krbpasswordexpiration'][0])) {
+		$kerberosExpirationDate = parseLDAPTimestamp($userData['krbpasswordexpiration'][0]);
+		if ($now >= $kerberosExpirationDate) {
+			return _('Kerberos password is expired');
+		}
+	}
+	return null;
+}
+
 /**
 * Returns the URL under which the page was loaded.
 * This includes any GET parameters set.
--- a/lam/templates/login.php
+++ b/lam/templates/login.php
@ -1,6 +1,5 @@
 <?php
 namespace LAM\LOGIN;
-use DateTime;
 use LAM\LIB\TWO_FACTOR\TwoFactorProviderService;
 use \LAMConfig;
 use \LAMCfgMain;
@ -602,7 +601,7 @@ if(isset($_POST['checklogin'])) {
 	catch (LAMException $e) {
 		$extraMessage = null;
 		if (($searchLDAP !== null) && ($e->getLdapErrorCode() == 49)) {
-			$extraMessage = getExtraInvalidCredentialsMessage($searchLDAP, $username);
+			$extraMessage = getExtraInvalidCredentialsMessage($searchLDAP->server(), $username);
 			$searchLDAP->close();
 		}
 		display_LoginPage($licenseValidator, $e->getTitle(), $e->getMessage(), $extraMessage);
@ -610,36 +609,6 @@ if(isset($_POST['checklogin'])) {
    }
 }

-/**
- * Tries to get additional information why invalid credentials was returned. E.g. account is locked.
- * 
- * @param Ldap $ldap LDAP object to connect for getting extra data
- * @param string $username failed DN
- * @return string extra message
- */
-function getExtraInvalidCredentialsMessage($ldap, $username) {
-    $attributes = array('dn', 'pwdaccountlockedtime', 'krbprincipalexpiration',
-        'krbpasswordexpiration', 'passwordexpirationtime');
-	$userData = ldapGetDN($username, $attributes, $ldap->server());
-	$now = new DateTime('now', getTimeZone());
-	if (!empty($userData['pwdaccountlockedtime'][0])) {
-		return _('Account is locked');
-	}
-	if (!empty($userData['krbprincipalexpiration'][0])) {
-		$kerberosExpirationDate = parseLDAPTimestamp($userData['krbprincipalexpiration'][0]);
-		if ($now >= $kerberosExpirationDate) {
-			return _('Kerberos account is expired');
-		}
-	}
-	if (!empty($userData['krbpasswordexpiration'][0])) {
-		$kerberosExpirationDate = parseLDAPTimestamp($userData['krbpasswordexpiration'][0]);
-		if ($now >= $kerberosExpirationDate) {
-			return _('Kerberos password is expired');
-		}
-	}
-	return null;
-}
-
 //displays the login window
 display_LoginPage($licenseValidator, $error_message);
 ?>