From e14559f16ec474f993208fde7c9065c2aa3d385a Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Sat, 26 Mar 2016 19:38:47 +0000 Subject: [PATCH] Added special auth handling for admin@localhost. This could be useful for LDAP installs where admin account does not exist in LDAP directory or is misconfigured. --- WEB-INF/lib/auth/Auth_db.class.php | 25 ++++++++++++++++++++----- WEB-INF/lib/auth/Auth_ldap.class.php | 7 +++++++ WEB-INF/templates/footer.tpl | 2 +- 3 files changed, 28 insertions(+), 6 deletions(-) diff --git a/WEB-INF/lib/auth/Auth_db.class.php b/WEB-INF/lib/auth/Auth_db.class.php index 7475e6bc..40743b4e 100644 --- a/WEB-INF/lib/auth/Auth_db.class.php +++ b/WEB-INF/lib/auth/Auth_db.class.php @@ -41,10 +41,10 @@ class Auth_db extends Auth { */ function authenticate($login, $password) { - $mdb2 = getConnection(); - - // Try md5 password match first. - $sql = "SELECT id FROM tt_users + $mdb2 = getConnection(); + + // Try md5 password match first. + $sql = "SELECT id FROM tt_users WHERE login = ".$mdb2->quote($login)." AND password = md5(".$mdb2->quote($password).") AND status = 1"; $res = $mdb2->query($sql); @@ -77,8 +77,23 @@ class Auth_db extends Auth { if ($val['id'] > 0) { return array('login'=>$login,'id'=>$val['id']); } - return false; } + + // Special handling for admin@localhost - search for an account with admin role with a matching password. + if ($login == 'admin@localhost') { + $sql = "SELECT id, login FROM tt_users + WHERE role = 1024 AND password = md5(".$mdb2->quote($password).") AND status = 1"; + $res = $mdb2->query($sql); + if (is_a($res, 'PEAR_Error')) { + die($res->getMessage()); + } + $val = $res->fetchRow(); + if ($val['id'] > 0) { + return array('login'=>$val['login'],'id'=>$val['id']); + } + } + + return false; } function isPasswordExternal() { diff --git a/WEB-INF/lib/auth/Auth_ldap.class.php b/WEB-INF/lib/auth/Auth_ldap.class.php index 25d375bc..b3f5d52a 100644 --- a/WEB-INF/lib/auth/Auth_ldap.class.php +++ b/WEB-INF/lib/auth/Auth_ldap.class.php @@ -78,6 +78,13 @@ class Auth_ldap extends Auth { */ function authenticate($login, $password) { + // Special handling for admin@localhost - authenticate against db, not ldap. + // It is a fallback mechanism when admin account in LDAP directory does not exist or is misconfigured. + if ($login == 'admin@localhost') { + import('auth.Auth_db'); + return Auth_db::authenticate($login, $password); + } + if (!function_exists('ldap_bind')) { die ('php_ldap extension not loaded!'); } diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index eeab7899..c93ca09c 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.9.19.3442 | Copyright © Anuko | +  Anuko Time Tracker 1.9.20.3443 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} -- 2.20.1