function submitLogin() { global $authMechs; $authtype = getContinuationVar("authtype", processInputVar('authtype', ARG_STRING)); if (!array_key_exists($authtype, $authMechs)) { // FIXME - hackerish dbDisconnect(); exit; } if (isset($_GET['userid'])) { unset($_GET['userid']); } $userid = processInputVar('userid', ARG_STRING, ''); $passwd = $_POST['password']; if (empty($userid) || empty($passwd)) { selectAuth(); return; } if (get_magic_quotes_gpc()) { $userid = stripslashes($userid); $passwd = stripslashes($passwd); } if ($authMechs[$authtype]['type'] == 'ldap') { ldapLogin($authtype, $userid, $passwd); } elseif ($authMechs[$authtype]['type'] == 'local') { localLogin($userid, $passwd, $authtype); } else { selectAuth(); } }
// Seeing if we should try logging the user in with a request // to a LDAP server, or just against what is stored in the // staff database table if ($CFG['LDAP_Enabled'] && $tableRows[0]['StaffPassword'] == "ldap") { ldapLogin($username, $password, $CFG['LDAP_Server'], $CFG['LDAP_UPN'], $CFG['LDAP_DN'], $CFG['LDAP_StaffGroups'], $databaseConnection, false); } else { if (password_verify($password, $tableRows[0]['StaffPassword'])) { // Updating the sessions table and cookie setSessionInformation($username, $databaseConnection); echo 'success'; } else { echo 'The password is incorrect'; } } } else { // The username doesn't exist, so either attempt to create // the new user from a successful LDAP bind, or if it's not // enabled, let the user know that the username is incorrect if ($CFG['LDAP_Enabled']) { ldapLogin($username, $password, $CFG['LDAP_Server'], $CFG['LDAP_UPN'], $CFG['LDAP_DN'], $CFG['LDAP_StaffGroups'], $databaseConnection, true); } else { echo "The username is incorrect"; } } } else { // There was no username and/or password entered, so let the user know echo "The username and / or password is empty"; } } // Closing the connection to the database dbClose($databaseConnection);