diff --git a/lib/ldap-auth.php b/lib/ldap-auth.php
index bdf5656c21c2e35207b230e562d48aab61e9f01a..10bb2f2ae587788fcb8cdbcd61514282fb2e6d43 100644
--- a/lib/ldap-auth.php
+++ b/lib/ldap-auth.php
@@ -12,7 +12,7 @@ will return "nope" if the user/pass passed is inavlid
Example usage:
-include_once("ldap-auth.php");
+require "ldap-auth.php";
isAuthd = ldapAuth("usaername", "password");
@@ -29,6 +29,8 @@ if (isAuthd == "sucs"){
// we don't care about warnings, we write our own
error_reporting(E_ERROR | E_PARSE);
+define(LDAP_OPT_DIAGNOSTIC_MESSAGE, 0x0032);
+
function ldapAuth($username, $password)
{
@@ -45,24 +47,29 @@ function ldapAuth($username, $password)
$username = implode("@", $s);
}
+ // filter out everything but A-Z a-z 0-9 . - _ from username
+ $safeusername = preg_replace("/[^A-Za-z0-9\.\-\_]/", '', $username);
+
+ // if safeusername isn't the same as username just error out
+ if ($safeusername != $username) {
+ return "nope";
+ }
+
// ldap servers
$sucsLDAPServer = 'silver.sucs.swan.ac.uk';
- $lisLDAPServer = 'ccs-suld1.swan.ac.uk';
-
- // lis auth stuffs
- $lisUsernameOu = substr($username, -1);
- $lisOtherOu = "Moved";
+ $issLDAPServer = '192.168.10.16';
// how to bind
- $sucsBindDn = "uid=$username,ou=People,dc=sucs,dc=org";
- $lisBindDn1 = "cn=$username,ou=$lisUsernameOu,ou=Students,ou=SWANSEA,o=SWANUNI";
- $lisBindDn2 = "cn=$username,ou=$lisOtherOu,ou=Students,ou=SWANSEA,o=SWANUNI";
+ $sucsBindDn = "uid=$safeusername,ou=People,dc=sucs,dc=org";
+ $issBindDn = "cn=$safeusername,ou=Students,ou=Active,ou=Resources,o=Swansea";
// Main auth
// Try and connect to silver
$ldapconnSUCS = ldap_connect($sucsLDAPServer) or die("Could not connect to SUCS LDAP server.");
+ ldap_set_option($ldapconnSUCS,LDAP_OPT_PROTOCOL_VERSION,3);
+
if ($ldapconnSUCS) {
//echo "Connected to $sucsLDAPServer
";
@@ -73,28 +80,28 @@ function ldapAuth($username, $password)
if ($ldapbindSUCS) {
//echo "Auth'd as $username using SUCS LDAP
";
return "sucs";
- // turns out they didn't give us valid sucs creds, lets try lis now
+ // turns out they didn't give us valid sucs creds, lets try iss now
} else {
- // try and connect to the lis ldap server
- $ldapconnLIS = ldap_connect($lisLDAPServer) or die("Could not connect to uni LDAP server.");
- //echo "Connected to $lisLDAPServer
";
+ // try and connect to the iss ldap server
+ $ldapconnISS = ldap_connect($issLDAPServer) or die("Could not connect to uni LDAP server.");
+ // echo "Connected to $issLDAPServer
";
+
+ ldap_set_option($ldapconnISS,LDAP_OPT_PROTOCOL_VERSION,3);
// lets try and bind to the uni ldap
- $ldapbindLIS1 = ldap_bind($ldapconnLIS, $lisBindDn1, $password);
- if ($ldapbindLIS1) {
- //echo "Auth'd as $username using uni LDAP using ou=$lisUsernameOu
";
+ $ldapbindiss = ldap_bind($ldapconnISS, $issBindDn, $password);
+
+ /*if (ldap_get_option($ldapconnISS, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error)) {
+ echo "Error Binding to LDAP: $extended_error";
+ }*/
+
+ if ($ldapbindiss) {
+ //echo "Auth'd as $username using uni LDAP using ou=$issUsernameOu
";
return "uni";
} else {
- $ldapbindLIS2 = ldap_bind($ldapconnLIS, $lisBindDn2, $password);
- if ($ldapbindLIS2) {
- //echo "Auth'd as $username using uni LDAP using ou=moved
";
- return "uni";
- // shit, couldn't bind to anything
- } else {
- //exit("Invalid Username or Password");
- return "nope";
- }
+ //exit("Invalid Username or Password");
+ return "nope";
}
}
}
diff --git a/lib/session.php b/lib/session.php
index 00b472bf9226e7bd013a79f480e3008b32238963..243e01250523b2dd04551cd37e2501c0dacde0ff 100644
--- a/lib/session.php
+++ b/lib/session.php
@@ -116,7 +116,15 @@ class Session
// Is this a login attempt ?
if ($submit != '' && $session_user != '' && $session_pass != '') {
- $this->session_init($session_user, $session_pass);
+ // filter out everything but A-Z a-z 0-9 . - _ from username
+ $safeusername = preg_replace("/[^A-Za-z0-9\.\-\_]/", '', $session_user);
+ if ($safeusername != $session_user) {
+ trigger_error("Invalid username", E_USER_NOTICE);
+ $this->newsession();
+ return;
+ } elseif ($safeusername == $session_user) {
+ $this->session_init($safeusername, $session_pass);
+ }
}
// Retrieve session information
diff --git a/static/About/History.txt b/static/About/History.txt
index 2f63f325bedbab0dc767c8afbcf18dc3018fd43d..b4135b4a32667abe8ef48de9ed78782b8add5f7b 100644
--- a/static/About/History.txt
+++ b/static/About/History.txt
@@ -13,14 +13,22 @@
Gaming |
+2019 |
+colours (Declan Morbey) |
+elbows (Laurence Sebastian Bowes) |
+mr_miyagi_420 (Rafal Gajewski) |
+vectre (Alexander Moras) |
+mpg (Maxwell Michael Gisborne) |
+
+
|
- 2018
+2018
|
-vectre (Alexander Moras) |
-elbows (Laurence Sebastian Bowes) |
-xray_effect (Ryan Williams) |
-None |
-arcryalis (Hywel Williams) |
+vectre (Alexander Moras) |
+elbows (Laurence Sebastian Bowes) |
+xray_effect (Ryan Williams) |
+None |
+arcryalis (Gwen Williams) |
|
@@ -280,4 +288,4 @@
|
-In 2001, the elections were moved so that the committee now stays in position for one calendar year.
\ No newline at end of file
+In 2001, the elections were moved so that the committee now stays in position for one calendar year.