vmario/yourls-ldap-auth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix ldapauth_authorized_admins logic

Browse Source 
ldapauth_is_valid_user must return boolean type. Thanks @pjaydev
This commit is contained in:
K3A 2019-10-29 17:56:16 +00:00 committed by GitHub
parent 2a3cb0334b
commit c4ad990ab2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
plugin.php
View File

@ -144,17 +144,18 @@ function ldapauth_is_valid_user( $value ) {
$username = $_SESSION['LDAPAUTH_AUTH_USER']; $username = $_SESSION['LDAPAUTH_AUTH_USER'];
// why is this checked here, but not before the cookie is set? // why is this checked here, but not before the cookie is set?
if ( ldapauth_is_authorized_user( $username ) ) { if ( ldapauth_is_authorized_user( $username ) ) {
if( !isset($yourls_user_passwords[$username]) ) { if( !isset($yourls_user_passwords[$username]) ) {
// set a dummy password to work around the "Stealing cookies" problem // set a dummy password to work around the "Stealing cookies" problem
// we prepend with 'phpass:' to avoid YOURLS trying to auto-encrypt it and // we prepend with 'phpass:' to avoid YOURLS trying to auto-encrypt it and
// write it to user/config.php // write it to user/config.php
ldapauth_debug('Setting dummy entry in $yourls_user_passwords for user ' . $username); ldapauth_debug('Setting dummy entry in $yourls_user_passwords for user ' . $username);
$yourls_user_passwords[$username]='phpass:ThereIsNoPasswordButHey,WhoCares?'; $yourls_user_passwords[$username]='phpass:ThereIsNoPasswordButHey,WhoCares?';
} }
yourls_set_user( $_SESSION['LDAPAUTH_AUTH_USER'] ); yourls_set_user( $_SESSION['LDAPAUTH_AUTH_USER'] );
return true; return true;
} else { } else {
return $username.' is not admin user.'; ldapauth_debug($username . ' is not admin user.');
return $value;
} }
} else if ( isset( $_REQUEST['username'] ) && isset( $_REQUEST['password'] ) } else if ( isset( $_REQUEST['username'] ) && isset( $_REQUEST['password'] )
&& !empty( $_REQUEST['username'] ) && !empty( $_REQUEST['password'] ) ) { && !empty( $_REQUEST['username'] ) && !empty( $_REQUEST['password'] ) ) {