Anybody a PHP Coder in here?
Thread Starter
The Man... keeping you down.
Joined: August 15, 2004
Posts: 823
Likes: 1
From: Stealin' ur internetz
I am working on a script to authenticate users that try to access my MRP/Finished Inventory Database with a LDAP server. I've run into a problem with my code that for all tense and purposes seems right, but isnt working the way I want.
Basically, if you don't fill in the Username or Password box, I want it to error out and return you to the logon screen. Well it works for the username, but not the password. Put in a bogus username, no password: Error. Put in no screenname, bogus password: Error. Put in correct username, no password: successful authentication. Its using AD's ability to authenticate anonymously which won't work with some of my other security. Can't have that happening or the department workers won't be sent to the correct program.
I am attaching the code for reference. The top strlen commands are my error checkers.
Any ideas?
Basically, if you don't fill in the Username or Password box, I want it to error out and return you to the logon screen. Well it works for the username, but not the password. Put in a bogus username, no password: Error. Put in no screenname, bogus password: Error. Put in correct username, no password: successful authentication. Its using AD's ability to authenticate anonymously which won't work with some of my other security. Can't have that happening or the department workers won't be sent to the correct program.
I am attaching the code for reference. The top strlen commands are my error checkers.
Code:
<?php
if ((strlen($_REQUEST["username"]) <= 0) && (strlen($_REQEUST["password"]) <= 0)) {
?>
<html>
<head>
<title>Management System</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" type="text/css" href="./main.css" media="all" />
<style type="text/css" media="all">@import "./main.css";</style>
</head>
<body bgcolor="#999999">
<br /><br /><br /><br /><br /><br /><br /><br />
<form action="index.php" method="post" name="mainlogin">
<table width="300" border="0" align="center" cellpadding="6" cellspacing="0" class="std">
<tr>
<th colspan="2" align="center"><b>Sentinel Management System</b></th>
</tr>
<tr>
<td align="right" nowrap>Username:</td>
<td align="left" nowrap><input type="text" size="25" maxlength="20" name="username" class="text" /></td>
</tr>
<tr>
<td align="right" nowrap>Password:</td>
<td align="left" nowrap><input type="password" size="25" maxlength="32" name="password" class="text" /></td>
</tr>
<tr>
<td align="left" nowrap></td>
<td align="right" valign="bottom" nowrap><input type="submit" name="login" value="login" class="button" /></td>
</tr>
</table>
<div align="center">
<span style="font-size:7pt">Version 0.1a</span>
</div>
</form>
</body>
</html>
<?php
}
else {
$username = $_REQUEST["username"];
$password = $_REQUEST["password"];
include 'global.php';
$ldap = ldap_connect($config['ldapServer']);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
if ($ldap) {
$bind = @ldap_bind($ldap, $config['ldapUsername'], $config['ldapPassword']);
$result = @ldap_search($ldap, $config['ldapBase'], "sAMAccountName=" . $username);
if (ldap_count_entries($ldap, $result) == 1) {
$info = ldap_get_entries($ldap, $result);
$userDn = $info[0]["dn"];
$auth = @ldap_bind($ldap, $userDn, $password);
}
if ($auth) {
print "<p>Successfully authenticated the user '" . $username . "' (" . $userDn . ").</p>\n";
}
else {
?>
<html>
<head>
<title>Sentinel Management System</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta HTTP-EQUIV="REFRESH" content="4; url=http://localhost/">
<link rel="stylesheet" type="text/css" href="./main.css" media="all" />
<style type="text/css" media="all">@import "./main.css";</style>
</head>
<body>
<body bgcolor="#999999">
<br /><br /><br /><br /><br /><br /><br /><br />
<table width="300" border="0" align="center" cellpadding="6" cellspacing="0" class="std">
<tr>
<th colspan="2" align="center"><b>ERROR</b></th>
</tr>
<tr>
<td colspan="2" align="center" nowrap><b>100: Authentication Failed</b></td>
</tr>
<tr>
<td colspan="2" align="center" nowrap>Check your Username and Password</td>
</tr>
<tr>
<td colspan="2" align="center" valign="bottom" nowrap><a href="http://localhost/"><input type="submit" name="login" value="Return" class="button" /></a></td>
</tr>
</table>
</body>
</html>
<?php
}
}
else {
print "<p>Could not connect to the Authentication server. Contact the IT Department.</p>\n";
}
@ldap_close($ldap);
}
?>
Joined: August 23, 2004
Posts: 3,599
Likes: 3
From: Bay Area, California
just in case we have enough time to do your work too eh? 
Thread Starter
The Man... keeping you down.
Joined: August 15, 2004
Posts: 823
Likes: 1
From: Stealin' ur internetz
Originally posted by cntchds@November 12, 2004, 11:42 PM
just in case we have enough time to do your work too eh?
just in case we have enough time to do your work too eh?