steffen: server/kolab-webadmin/kolab-webadmin/php/admin/include auth.class.php, 1.1, 1.2
cvs at intevation.de
cvs at intevation.de
Mon May 24 13:53:39 CEST 2004
Author: steffen
Update of /kolabrepository/server/kolab-webadmin/kolab-webadmin/php/admin/include
In directory doto:/tmp/cvs-serv26090/kolab-webadmin/php/admin/include
Modified Files:
auth.class.php
Log Message:
reasonable default for homeServer. Check IP address when authenticating to make it more difficult to hijack a session
Index: auth.class.php
===================================================================
RCS file: /kolabrepository/server/kolab-webadmin/kolab-webadmin/php/admin/include/auth.class.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- auth.class.php 17 May 2004 15:24:26 -0000 1.1
+++ auth.class.php 24 May 2004 11:53:37 -0000 1.2
@@ -1,6 +1,6 @@
<?php
/*
- * Copyright (c) 2004 Klarälvdalens Datakonsult AB
+ * Copyright (c) 2004 Klarälvdalens Datakonsult AB
*
* Written by Steffen Hansen <steffen at klaralvdalens-datakonsult.se>
*
@@ -52,33 +52,34 @@
if( !$bind_result ) {
// Anon. bind first
if( !$ldap->bind() ) {
- $this->error_string = "Could not bind to LDAP server";
- $this->gotoLoginPage();
+ $this->error_string = "Could not bind to LDAP server";
+ $this->gotoLoginPage();
}
// User not logged in, check login/password
if( isset( $_POST['username'] ) && isset( $_POST['password'] ) ) {
- $dn = $ldap->dnForUid( $_POST['username'] );
- if( $dn ) {
- $bind_result = $ldap->bind( $dn, $_POST['password'] );
- if( $bind_result ) {
- // All OK!
- $_SESSION['auth_dn'] = $dn;
- $_SESSION['auth_user'] = $_POST['username'];
- $_SESSION['auth_pw'] = $_POST['password'];
- $_SESSION['auth_group'] = $ldap->groupForUid($_POST['username']);
- return true;
- } else {
- $this->error_string = "Wrong username or password";
- $this->gotoLoginPage();
- }
- } else {
- $this->error_string = "Wrong username or password";
- //$this->error_string = "Dn not found";
- $this->gotoLoginPage();
- }
+ $dn = $ldap->dnForUid( $_POST['username'] );
+ if( $dn ) {
+ $bind_result = $ldap->bind( $dn, $_POST['password'] );
+ if( $bind_result ) {
+ // All OK!
+ $_SESSION['auth_dn'] = $dn;
+ $_SESSION['auth_user'] = $_POST['username'];
+ $_SESSION['auth_pw'] = $_POST['password'];
+ $_SESSION['auth_group'] = $ldap->groupForUid($_POST['username']);
+ $_SESSION['remote_ip'] = $_SERVER['REMOTE_ADDR'];
+ return true;
+ } else {
+ $this->error_string = "Wrong username or password";
+ $this->gotoLoginPage();
+ }
+ } else {
+ $this->error_string = "Wrong username or password";
+ //$this->error_string = "Dn not found";
+ $this->gotoLoginPage();
+ }
} else {
- $this->error_string = 'Please log in as a valid user';
- $this->gotoLoginPage();
+ $this->error_string = 'Please log in as a valid user';
+ $this->gotoLoginPage();
}
} else {
// All OK, user already logged in
@@ -125,7 +126,7 @@
}
function isAuthenticated() {
- return isset( $_SESSION['auth_dn'] );
+ return isset( $_SESSION['auth_dn'] ) && $_SESSION['remote_ip'] == $_SERVER['REMOTE_ADDR'];
}
function dn() {
More information about the commits
mailing list