Update plugin.php

Adding again the validation that allow more than one admin group
2016-11-18 15:55:56 -02:00 · 2016-11-18 15:55:56 -02:00 · 0950958232
commit 0950958232
parent 1c92562cb8
1 changed files with 13 additions and 12 deletions
--- a/plugin.php
+++ b/plugin.php
@ -149,19 +149,20 @@ function ldapauth_is_valid_user( $value ) {
 			if (defined('LDAPAUTH_GROUP_ATTR') && defined('LDAPAUTH_GROUP_REQ')) {
 	
                           $in_group = false;
-$bind = ldap_bind($ldapConnection, LDAPAUTH_SEARCH_USER, LDAPAUTH_SEARCH_PASS);
+			   $bind = ldap_bind($ldapConnection, LDAPAUTH_SEARCH_USER, LDAPAUTH_SEARCH_PASS);

-	                   $searchGroup = ldap_search($ldapConnection, LDAPAUTH_GROUP_REQ, LDAPAUTH_GROUP_ATTR . "=" . $_REQUEST['username']);
-                           $searchG = ldap_get_entries($ldapConnection,$searchGroup);
-			   
-if ( LDAPAUTH_GROUP_SCOP == 'base'){
- if ($searchG[0]['dn'] == LDAPAUTH_GROUP_REQ) $in_group = true;
- }
-else{
- if ($searchG[0]['dn']) $in_group = true;
- }
-
-if (!$in_group) die('Not in admin group');
+			   $groups_to_check = explode(";", strtolower(LDAPAUTH_GROUP_REQ)); // This is now an array
+			   foreach($groups_to_check as $group){
+		                   $searchGroup = ldap_search($ldapConnection, $group, LDAPAUTH_GROUP_ATTR . "=" . $_REQUEST['username']);
+	                           $searchG = ldap_get_entries($ldapConnection,$searchGroup);
+				   if ( LDAPAUTH_GROUP_SCOP == 'base'){
+					if ($searchG[0]['dn'] == $group) $in_group = true;
+					}
+				   else{
+					if ($searchG[0]['dn']) $in_group = true;
+				   }
+			   }
+			   if (!$in_group) die('Not in admin group');
 			}
 			
 			// attribute index returned by ldap_get_entries is lowercased (http://php.net/manual/en/function.ldap-get-entries.php)