尝试登录时此脚本存在的问题是,用户只能使用用户名字段中的用户名登录,密码字段中没有密码。他们还可以使用正确的用户名和密码登录。但是,使用正确的用户名和错误的密码时,登录失败。我搜索了一下但找不到多少。这就是我所拥有的。
<?php
session_start();
include('config/db.php');
//echo phpinfo();
if(isset($_REQUEST['hdn_submit']) && $_REQUEST['hdn_submit']=="1"){
$ldaprdn = $_POST['username'] . '@domain';
$uname = $_POST['username'];
$ldappass = $_POST['password'];
//$ldapconn = ldap_connect(" old IP address",port)or die("Could not connect to LDAP server.");
$ldapconn = ldap_connect("IP address",port)or die("Could not connect to LDAP server.");
//echo $ldaprdn;
if ($ldapconn)
{
//ldap_set_option($ldapconn,LDAP_OPT_PROTOCOL_VERSION,3) or die("Could not set ldap protocol version");
// binding to ldap server
$ldapbind = @ldap_bind($ldapconn,$ldaprdn,$ldappass);
// verify binding
if ($ldapbind)
{
//login successfull
$_SESSION['checkin'] = date('d/m/Y h:i:s A');
$_SESSION['user_name'] = $_REQUEST['username'];
header('Location: index.php');
}
else
{
//echo 'hello';
echo '<script language="javascript">alert("Invalid Login. Please try again!")</script>;';
$_SESSION['LoggedIn'] = '0';
}
}
}
?>
<?php include_once('template/header.php'); ?>
<div class="row page-area">
<div class="panel panel-primary" style="width:300px; margin:100px auto;">
<div class="panel-heading">User Login</div>
<div class="panel-body">
<form class="form-signin" method="post" action="">
<?php if($msg!=''){ ?>
<p class="bg-primary"><?php echo $msg; ?></p>
<?php } ?>
<input name="username" type="text" class="form-control" placeholder="User Name" required autofocus><br/>
<input type="password" name="password" class="form-control" placeholder="User Password" required><br/>
<button class="btn btn-lg btn-primary btn-block" type="submit">
Sign In
</button>
<input type="hidden" name="hdn_submit" value="1">
</form>
</div>
</div>
</div>
<?php include_once('template/footer.php'); ?>
答案 0 :(得分:0)
当他们在没有密码的情况下“登录”时,后端目录服务器极有可能惹恼anonymously
会话。
如果在目录服务器上禁用了匿名绑定,则应该会出现故障。
答案 1 :(得分:0)
<?php
session_start();
include('config/db.php');
//echo phpinfo();
if(isset($_REQUEST['hdn_submit']) && $_REQUEST['hdn_submit']=="1"){
$ldaprdn = $_POST['username'] . '@domain';
$uname = $_POST['username'];
$ldappass = $_POST['password'];
//$ldapconn = ldap_connect("IP",port)or die("Could not connect to LDAP server.");
$ldapconn = ldap_connect("IP",port)or die("Could not connect to LDAP server.");
//echo $ldaprdn;
if ($ldapconn)
{
//ldap_set_option($ldapconn,LDAP_OPT_PROTOCOL_VERSION,3) or die("Could not set ldap protocol version");
// binding to ldap server
if($ldaprdn!="" && $ldappass!=""){
$ldapbind = @ldap_bind($ldapconn,$ldaprdn,$ldappass);
// verify binding
if ($ldapbind)
{
//login successfull
$_SESSION['checkin'] = date('d/m/Y h:i:s A');
$_SESSION['user_name'] = $_REQUEST['username'];
header('Location: index.php');
}
else
{
//echo 'hello';
echo '<script language="javascript">alert("Invalid Login. Please try again!")</script>;';
$_SESSION['LoggedIn'] = '0';
}
}else{
echo '<script language="javascript">alert("Invalid Login. Please try again!")</script>;';
$_SESSION['LoggedIn'] = '0';
}
}
}
?>