Skip to content

bring up to date with upstream #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

bring up to date with upstream #1

Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
abc7901
fixes https://github.com/digital-me/phplist-plugin-ldap/issues/3
tfnab Nov 6, 2018
b1e5004
Merge pull request #5 from tfnab/master
btlogy Nov 7, 2018
99e09e4
call method from core for local admin authentication
tfnab Nov 8, 2018
a48a94b
Merge remote-tracking branch 'upstream/master'
tfnab Nov 12, 2018
81f9cb3
replace dirname(__FILE__) with __DIR__ as introduced in PHP 5.3
tfnab Nov 12, 2018
b3821de
require phpListAdminAuthentication.php using require_once, just in case
tfnab Nov 12, 2018
363e128
added phpDoc for localValidateLogin
tfnab Nov 12, 2018
3b6f085
Merge pull request #6 from tfnab/master
btlogy Dec 6, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 7 additions & 28 deletions plugins/ldapAuth.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
* of admin users.
*/

require_once dirname(__FILE__).'/../accesscheck.php';
require_once __DIR__.'/../accesscheck.php';

class ldapAuth extends phplistPlugin {
public $name = 'LDAP Authentication Plugin';
Expand All @@ -27,34 +27,13 @@ class ldapAuth extends phplistPlugin {
public $documentationUrl = 'https://github.com/digital-me/phplist-plugin-ldap';
public $authProvider = true;

/**
* For users in $ldap_except_users this method provides a fallback to the authentication method from phpList core
*/
function localValidateLogin($login,$password) {
$query
= ' select password, disabled, id'
. ' from %s'
. ' where loginname = ?';
$query = sprintf($query, $GLOBALS['tables']['admin']);
$req = Sql_Query_Params($query, array($login));
$admindata = Sql_Fetch_Assoc($req);
$encryptedPass = hash(ENCRYPTION_ALGO,$password);
$passwordDB = $admindata['password'];
#Password encryption verification.
if(strlen($passwordDB)<$GLOBALS['hash_length']) { // Passwords are encrypted but the actual is not.
#Encrypt the actual DB password before performing the validation below.
$encryptedPassDB = hash(ENCRYPTION_ALGO,$passwordDB);
$query = "update %s set password = '%s' where loginname = ?";
$query = sprintf($query, $GLOBALS['tables']['admin'], $encryptedPassDB);
$passwordDB = $encryptedPassDB;
$req = Sql_Query_Params($query, array($login));
}
if ($admindata["disabled"]) {
return array(0,s("your account has been disabled"));
} elseif (#Password validation.
!empty($passwordDB) && $encryptedPass == $passwordDB) {
return array($admindata['id'],"OK");
} else {
return array(0,s("incorrect password"));
}
return array(0,s("Login failed"));
require_once __DIR__.'/../phpListAdminAuthentication.php';
$core_admin_auth = new phpListAdminAuthentication();
return $core_admin_auth->validateLogin($login,$password);
}

function getPassword($email) {
Expand Down