Anybody a PHP Coder in here?
#1
The Man... keeping you down.
Thread Starter
Join Date: August 15, 2004
Location: Stealin' ur internetz
Posts: 823
Likes: 0
Received 1 Like
on
1 Post
I am working on a script to authenticate users that try to access my MRP/Finished Inventory Database with a LDAP server. I've run into a problem with my code that for all tense and purposes seems right, but isnt working the way I want.
Basically, if you don't fill in the Username or Password box, I want it to error out and return you to the logon screen. Well it works for the username, but not the password. Put in a bogus username, no password: Error. Put in no screenname, bogus password: Error. Put in correct username, no password: successful authentication. Its using AD's ability to authenticate anonymously which won't work with some of my other security. Can't have that happening or the department workers won't be sent to the correct program.
I am attaching the code for reference. The top strlen commands are my error checkers.
Any ideas?
Basically, if you don't fill in the Username or Password box, I want it to error out and return you to the logon screen. Well it works for the username, but not the password. Put in a bogus username, no password: Error. Put in no screenname, bogus password: Error. Put in correct username, no password: successful authentication. Its using AD's ability to authenticate anonymously which won't work with some of my other security. Can't have that happening or the department workers won't be sent to the correct program.
I am attaching the code for reference. The top strlen commands are my error checkers.
Code:
<?php if ((strlen($_REQUEST["username"]) <= 0) && (strlen($_REQEUST["password"]) <= 0)) { ?> <html> <head> <title>Management System</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <link rel="stylesheet" type="text/css" href="./main.css" media="all" /> <style type="text/css" media="all">@import "./main.css";</style> </head> <body bgcolor="#999999"> <br /><br /><br /><br /><br /><br /><br /><br /> <form action="index.php" method="post" name="mainlogin"> <table width="300" border="0" align="center" cellpadding="6" cellspacing="0" class="std"> <tr> <th colspan="2" align="center"><b>Sentinel Management System</b></th> </tr> <tr> <td align="right" nowrap>Username:</td> <td align="left" nowrap><input type="text" size="25" maxlength="20" name="username" class="text" /></td> </tr> <tr> <td align="right" nowrap>Password:</td> <td align="left" nowrap><input type="password" size="25" maxlength="32" name="password" class="text" /></td> </tr> <tr> <td align="left" nowrap></td> <td align="right" valign="bottom" nowrap><input type="submit" name="login" value="login" class="button" /></td> </tr> </table> <div align="center"> <span style="font-size:7pt">Version 0.1a</span> </div> </form> </body> </html> <?php } else { $username = $_REQUEST["username"]; $password = $_REQUEST["password"]; include 'global.php'; $ldap = ldap_connect($config['ldapServer']); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($connect, LDAP_OPT_REFERRALS, 0); if ($ldap) { $bind = @ldap_bind($ldap, $config['ldapUsername'], $config['ldapPassword']); $result = @ldap_search($ldap, $config['ldapBase'], "sAMAccountName=" . $username); if (ldap_count_entries($ldap, $result) == 1) { $info = ldap_get_entries($ldap, $result); $userDn = $info[0]["dn"]; $auth = @ldap_bind($ldap, $userDn, $password); } if ($auth) { print "<p>Successfully authenticated the user '" . $username . "' (" . $userDn . ").</p>\n"; } else { ?> <html> <head> <title>Sentinel Management System</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta HTTP-EQUIV="REFRESH" content="4; url=http://localhost/"> <link rel="stylesheet" type="text/css" href="./main.css" media="all" /> <style type="text/css" media="all">@import "./main.css";</style> </head> <body> <body bgcolor="#999999"> <br /><br /><br /><br /><br /><br /><br /><br /> <table width="300" border="0" align="center" cellpadding="6" cellspacing="0" class="std"> <tr> <th colspan="2" align="center"><b>ERROR</b></th> </tr> <tr> <td colspan="2" align="center" nowrap><b>100: Authentication Failed</b></td> </tr> <tr> <td colspan="2" align="center" nowrap>Check your Username and Password</td> </tr> <tr> <td colspan="2" align="center" valign="bottom" nowrap><a href="http://localhost/"><input type="submit" name="login" value="Return" class="button" /></a></td> </tr> </table> </body> </html> <?php } } else { print "<p>Could not connect to the Authentication server. Contact the IT Department.</p>\n"; } @ldap_close($ldap); } ?>
#3
The Man... keeping you down.
Thread Starter
Join Date: August 15, 2004
Location: Stealin' ur internetz
Posts: 823
Likes: 0
Received 1 Like
on
1 Post
Originally posted by cntchds@November 12, 2004, 11:42 PM
just in case we have enough time to do your work too eh?
just in case we have enough time to do your work too eh?