ldap登录问题

时间:2014-12-17 17:07:01

标签: php forms ldap

尝试登录时此脚本存在的问题是,用户只能使用用户名字段中的用户名登录,密码字段中没有密码。他们还可以使用正确的用户名和密码登录。但是,使用正确的用户名和错误的密码时,登录失败。我搜索了一下但找不到多少。这就是我所拥有的。

<?php 
    session_start();
    include('config/db.php');
    //echo phpinfo();
    if(isset($_REQUEST['hdn_submit']) && $_REQUEST['hdn_submit']=="1"){ 

        $ldaprdn = $_POST['username'] . '@domain';
        $uname = $_POST['username'];
        $ldappass = $_POST['password'];
        //$ldapconn = ldap_connect(" old IP address",port)or die("Could not connect to LDAP server.");
        $ldapconn = ldap_connect("IP address",port)or die("Could not connect to LDAP server.");
        //echo $ldaprdn;
        if ($ldapconn)
        {
            //ldap_set_option($ldapconn,LDAP_OPT_PROTOCOL_VERSION,3) or die("Could not set ldap protocol version");
            // binding to ldap server
            $ldapbind = @ldap_bind($ldapconn,$ldaprdn,$ldappass);
            // verify binding
            if ($ldapbind)
            {
                //login successfull 
                $_SESSION['checkin'] = date('d/m/Y h:i:s A');
                $_SESSION['user_name'] = $_REQUEST['username'];

                header('Location: index.php');

            }
            else
            {
                //echo 'hello';
                echo '<script language="javascript">alert("Invalid Login. Please try again!")</script>;';
                $_SESSION['LoggedIn'] = '0';

            }

        }

    }

 ?>

<?php  include_once('template/header.php'); ?>
<div class="row page-area">

  <div class="panel panel-primary" style="width:300px; margin:100px auto;">
    <div class="panel-heading">User Login</div>
    <div class="panel-body">
      <form class="form-signin" method="post" action="">

          <?php if($msg!=''){ ?>
          <p class="bg-primary"><?php echo $msg; ?></p>
          <?php } ?>

          <input name="username" type="text" class="form-control" placeholder="User Name" required autofocus><br/>
          <input type="password" name="password" class="form-control" placeholder="User Password" required><br/>
          <button class="btn btn-lg btn-primary btn-block" type="submit">
              Sign In
          </button>
          <input type="hidden" name="hdn_submit" value="1">
      </form>
    </div>
  </div>

</div>

<?php  include_once('template/footer.php'); ?>

2 个答案:

答案 0 :(得分:0)

当他们在没有密码的情况下“登录”时,后端目录服务器极有可能惹恼anonymously会话。

如果在目录服务器上禁用了匿名绑定,则应该会出现故障。

答案 1 :(得分:0)

<?php 
    session_start();
    include('config/db.php');
    //echo phpinfo();
    if(isset($_REQUEST['hdn_submit']) && $_REQUEST['hdn_submit']=="1"){ 

        $ldaprdn = $_POST['username'] . '@domain';
        $uname = $_POST['username'];
        $ldappass = $_POST['password'];
        //$ldapconn = ldap_connect("IP",port)or die("Could not connect to LDAP server.");
        $ldapconn = ldap_connect("IP",port)or die("Could not connect to LDAP server.");
        //echo $ldaprdn;
        if ($ldapconn)
        {
            //ldap_set_option($ldapconn,LDAP_OPT_PROTOCOL_VERSION,3) or die("Could not set ldap protocol version");
            // binding to ldap server
            if($ldaprdn!="" && $ldappass!=""){
                $ldapbind = @ldap_bind($ldapconn,$ldaprdn,$ldappass);
                // verify binding
                if ($ldapbind)
                {
                    //login successfull 
                    $_SESSION['checkin'] = date('d/m/Y h:i:s A');
                    $_SESSION['user_name'] = $_REQUEST['username'];

                    header('Location: index.php');

                }
                else
                {
                    //echo 'hello';
                    echo '<script language="javascript">alert("Invalid Login. Please try again!")</script>;';
                    $_SESSION['LoggedIn'] = '0';

                }
            }else{
                    echo '<script language="javascript">alert("Invalid Login. Please try again!")</script>;';
                    $_SESSION['LoggedIn'] = '0';
            }

        }

    }

 ?>
相关问题
最新问题