From 181d0ee88066ff1b73d08347bba0e8ff0961ca24 Mon Sep 17 00:00:00 2001 From: Tom Laermans Date: Tue, 5 Jan 2010 20:06:24 +0000 Subject: [PATCH] avoid error on ldap bind when session has expired git-svn-id: http://www.observium.org/svn/observer/trunk@596 61d68cd4-352d-0410-923a-c4978735b2b8 --- html/includes/authenticate.inc | 43 ++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/html/includes/authenticate.inc b/html/includes/authenticate.inc index 8e6c037fb..c28066da3 100644 --- a/html/includes/authenticate.inc +++ b/html/includes/authenticate.inc @@ -26,31 +26,34 @@ if($_COOKIE['username'] && $_COOKIE['password']){ $auth_success = 0; -if ($config['auth_mechanism'] == "mysql" || !$config['auth_mechanism']) +if ($_SESSION['username']) { - $encrypted = md5($_SESSION['password']); - $sql = "SELECT username FROM `users` WHERE `username`='".$_SESSION['username']."' AND `password`='".$encrypted."'"; - $query = mysql_query($sql); - $row = @mysql_fetch_array($query); - if($row['username'] && $row['username'] == $_SESSION['username']) { - $auth_success = 1; - } -} -else if ($config['auth_mechanism'] == "ldap") -{ - $ds=@ldap_connect($config['auth_ldap_server'],$config['auth_ldap_port']); - if ($ds) + if ($config['auth_mechanism'] == "mysql" || !$config['auth_mechanism']) { - if (ldap_bind($ds, $config['auth_ldap_prefix'] . $_SESSION['username'] . $config['auth_ldap_suffix'], $_SESSION['password'])) - { + $encrypted = md5($_SESSION['password']); + $sql = "SELECT username FROM `users` WHERE `username`='".$_SESSION['username']."' AND `password`='".$encrypted."'"; + $query = mysql_query($sql); + $row = @mysql_fetch_array($query); + if($row['username'] && $row['username'] == $_SESSION['username']) { $auth_success = 1; } } -} -else -{ - echo "ERROR: no valid auth_mechanism defined."; - exit(); + else if ($config['auth_mechanism'] == "ldap") + { + $ds=@ldap_connect($config['auth_ldap_server'],$config['auth_ldap_port']); + if ($ds) + { + if (ldap_bind($ds, $config['auth_ldap_prefix'] . $_SESSION['username'] . $config['auth_ldap_suffix'], $_SESSION['password'])) + { + $auth_success = 1; + } + } + } + else + { + echo "ERROR: no valid auth_mechanism defined."; + exit(); + } } if ($auth_success) {