From abc7901284b20ffa471b65e1cb82a07e33ae6241 Mon Sep 17 00:00:00 2001 From: Martin Lormes <1294964+tfnab@users.noreply.github.com> Date: Tue, 6 Nov 2018 21:26:03 +0100 Subject: [PATCH 1/5] fixes https://github.com/digital-me/phplist-plugin-ldap/issues/3 --- plugins/ldapAuth.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/ldapAuth.php b/plugins/ldapAuth.php index 3eb201c..86d7969 100644 --- a/plugins/ldapAuth.php +++ b/plugins/ldapAuth.php @@ -35,12 +35,12 @@ function localValidateLogin($login,$password) { $query = sprintf($query, $GLOBALS['tables']['admin']); $req = Sql_Query_Params($query, array($login)); $admindata = Sql_Fetch_Assoc($req); - $encryptedPass = hash(ENCRYPTION_ALGO,$password); + $encryptedPass = hash(HASH_ALGO,$password); $passwordDB = $admindata['password']; #Password encryption verification. if(strlen($passwordDB)<$GLOBALS['hash_length']) { // Passwords are encrypted but the actual is not. #Encrypt the actual DB password before performing the validation below. - $encryptedPassDB = hash(ENCRYPTION_ALGO,$passwordDB); + $encryptedPassDB = hash(HASH_ALGO,$passwordDB); $query = "update %s set password = '%s' where loginname = ?"; $query = sprintf($query, $GLOBALS['tables']['admin'], $encryptedPassDB); $passwordDB = $encryptedPassDB; From 99e09e4d220f421c1fe29ecf79a80a194160dfef Mon Sep 17 00:00:00 2001 From: Martin Lormes <1294964+tfnab@users.noreply.github.com> Date: Thu, 8 Nov 2018 08:49:37 +0100 Subject: [PATCH 2/5] call method from core for local admin authentication --- plugins/ldapAuth.php | 30 +++--------------------------- 1 file changed, 3 insertions(+), 27 deletions(-) diff --git a/plugins/ldapAuth.php b/plugins/ldapAuth.php index 86d7969..3401a52 100644 --- a/plugins/ldapAuth.php +++ b/plugins/ldapAuth.php @@ -28,33 +28,9 @@ class ldapAuth extends phplistPlugin { public $authProvider = true; function localValidateLogin($login,$password) { - $query - = ' select password, disabled, id' - . ' from %s' - . ' where loginname = ?'; - $query = sprintf($query, $GLOBALS['tables']['admin']); - $req = Sql_Query_Params($query, array($login)); - $admindata = Sql_Fetch_Assoc($req); - $encryptedPass = hash(HASH_ALGO,$password); - $passwordDB = $admindata['password']; - #Password encryption verification. - if(strlen($passwordDB)<$GLOBALS['hash_length']) { // Passwords are encrypted but the actual is not. - #Encrypt the actual DB password before performing the validation below. - $encryptedPassDB = hash(HASH_ALGO,$passwordDB); - $query = "update %s set password = '%s' where loginname = ?"; - $query = sprintf($query, $GLOBALS['tables']['admin'], $encryptedPassDB); - $passwordDB = $encryptedPassDB; - $req = Sql_Query_Params($query, array($login)); - } - if ($admindata["disabled"]) { - return array(0,s("your account has been disabled")); - } elseif (#Password validation. - !empty($passwordDB) && $encryptedPass == $passwordDB) { - return array($admindata['id'],"OK"); - } else { - return array(0,s("incorrect password")); - } - return array(0,s("Login failed")); + require __DIR__.'/../phpListAdminAuthentication.php'; + $core_admin_auth = new phpListAdminAuthentication(); + return $core_admin_auth->validateLogin($login,$password); } function getPassword($email) { From 81f9cb3f071a496b49eba69f861037b1fa16a32d Mon Sep 17 00:00:00 2001 From: Martin Lormes <1294964+tfnab@users.noreply.github.com> Date: Mon, 12 Nov 2018 11:54:51 +0100 Subject: [PATCH 3/5] replace dirname(__FILE__) with __DIR__ as introduced in PHP 5.3 --- plugins/ldapAuth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/ldapAuth.php b/plugins/ldapAuth.php index 3401a52..9bcc433 100644 --- a/plugins/ldapAuth.php +++ b/plugins/ldapAuth.php @@ -16,7 +16,7 @@ * of admin users. */ -require_once dirname(__FILE__).'/../accesscheck.php'; +require_once __DIR__.'/../accesscheck.php'; class ldapAuth extends phplistPlugin { public $name = 'LDAP Authentication Plugin'; From b3821de6c4f0f4dff4bc0fd137ebe8540547b755 Mon Sep 17 00:00:00 2001 From: Martin Lormes <1294964+tfnab@users.noreply.github.com> Date: Mon, 12 Nov 2018 11:58:06 +0100 Subject: [PATCH 4/5] require phpListAdminAuthentication.php using require_once, just in case --- plugins/ldapAuth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/ldapAuth.php b/plugins/ldapAuth.php index 9bcc433..beb61d1 100644 --- a/plugins/ldapAuth.php +++ b/plugins/ldapAuth.php @@ -28,7 +28,7 @@ class ldapAuth extends phplistPlugin { public $authProvider = true; function localValidateLogin($login,$password) { - require __DIR__.'/../phpListAdminAuthentication.php'; + require_once __DIR__.'/../phpListAdminAuthentication.php'; $core_admin_auth = new phpListAdminAuthentication(); return $core_admin_auth->validateLogin($login,$password); } From 363e128d7789ac37f00c2cdd65b56986f1d016a5 Mon Sep 17 00:00:00 2001 From: Martin Lormes <1294964+tfnab@users.noreply.github.com> Date: Mon, 12 Nov 2018 17:18:53 +0100 Subject: [PATCH 5/5] added phpDoc for localValidateLogin --- plugins/ldapAuth.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/plugins/ldapAuth.php b/plugins/ldapAuth.php index beb61d1..348f555 100644 --- a/plugins/ldapAuth.php +++ b/plugins/ldapAuth.php @@ -27,6 +27,9 @@ class ldapAuth extends phplistPlugin { public $documentationUrl = 'https://github.com/digital-me/phplist-plugin-ldap'; public $authProvider = true; + /** + * For users in $ldap_except_users this method provides a fallback to the authentication method from phpList core + */ function localValidateLogin($login,$password) { require_once __DIR__.'/../phpListAdminAuthentication.php'; $core_admin_auth = new phpListAdminAuthentication();