updated plugin AuthLDAP version 2.5.2
This commit is contained in:
Gitium
@ -3,7 +3,7 @@
|
||||
Plugin Name: AuthLDAP
|
||||
Plugin URI: https://github.com/heiglandreas/authLdap
|
||||
Description: This plugin allows you to use your existing LDAP as authentication base for WordPress
|
||||
Version: 2.4.10
|
||||
Version: 2.5.2
|
||||
Author: Andreas Heigl <andreas@heigl.org>
|
||||
Author URI: http://andreas.heigl.org
|
||||
License: MIT
|
||||
@ -82,6 +82,7 @@ function authLdap_options_panel()
|
||||
'GroupEnable' => authLdap_get_post('authLDAPGroupEnable', false),
|
||||
'GroupOverUser' => authLdap_get_post('authLDAPGroupOverUser', false),
|
||||
'DoNotOverwriteNonLdapUsers' => authLdap_get_post('authLDAPDoNotOverwriteNonLdapUsers', false),
|
||||
'UserRead' => authLdap_get_post('authLDAPUseUserAccount', false),
|
||||
);
|
||||
if (authLdap_set_options($new_options)) {
|
||||
echo "<div class='updated'><p>Saved Options!</p></div>";
|
||||
@ -112,6 +113,7 @@ function authLdap_options_panel()
|
||||
$authLDAPGroupEnable = authLdap_get_option('GroupEnable');
|
||||
$authLDAPGroupOverUser = authLdap_get_option('GroupOverUser');
|
||||
$authLDAPDoNotOverwriteNonLdapUsers = authLdap_get_option('DoNotOverwriteNonLdapUsers');
|
||||
$authLDAPUseUserAccount= authLdap_get_option('UserRead');
|
||||
|
||||
$tChecked = ($authLDAP) ? ' checked="checked"' : '';
|
||||
$tDebugChecked = ($authLDAPDebug) ? ' checked="checked"' : '';
|
||||
@ -120,6 +122,7 @@ function authLdap_options_panel()
|
||||
$tGroupOverUserChecked = ($authLDAPGroupOverUser) ? ' checked="checked"' : '';
|
||||
$tStartTLSChecked = ($authLDAPStartTLS) ? ' checked="checked"' : '';
|
||||
$tDoNotOverwriteNonLdapUsers = ($authLDAPDoNotOverwriteNonLdapUsers) ? ' checked="checked"' : '';
|
||||
$tUserRead = ($authLDAPUseUserAccount) ? ' checked="checked"' : '';
|
||||
|
||||
$roles = new WP_Roles();
|
||||
|
||||
@ -233,6 +236,7 @@ function authLdap_login($user, $username, $password, $already_md5 = false)
|
||||
$authLDAPDefaultRole = authLdap_get_option('DefaultRole');
|
||||
$authLDAPGroupEnable = authLdap_get_option('GroupEnable');
|
||||
$authLDAPGroupOverUser = authLdap_get_option('GroupOverUser');
|
||||
$authLDAPUseUserAccount = authLdap_get_option('UserRead');
|
||||
|
||||
if (! $username) {
|
||||
authLdap_debug('Username not supplied: return false');
|
||||
@ -281,10 +285,13 @@ function authLdap_login($user, $username, $password, $already_md5 = false)
|
||||
return false;
|
||||
}
|
||||
|
||||
// Rebind with the default credentials after the user has been loged in
|
||||
// Otherwise the credentials of the user trying to login will be used
|
||||
// This fixes #55
|
||||
authLdap_get_server()->bind();
|
||||
// Make optional querying from the admin account #213
|
||||
if (! authLdap_get_option('UserRead')) {
|
||||
// Rebind with the default credentials after the user has been loged in
|
||||
// Otherwise the credentials of the user trying to login will be used
|
||||
// This fixes #55
|
||||
authLdap_get_server()->bind();
|
||||
}
|
||||
|
||||
if (true !== $result) {
|
||||
authLdap_debug('LDAP authentication failed');
|
||||
@ -293,7 +300,7 @@ function authLdap_login($user, $username, $password, $already_md5 = false)
|
||||
return;
|
||||
}
|
||||
|
||||
authLdap_debug('LDAP authentication successfull');
|
||||
authLdap_debug('LDAP authentication successful');
|
||||
$attributes = array_values(
|
||||
array_filter(
|
||||
apply_filters(
|
||||
@ -440,6 +447,13 @@ function authLdap_login($user, $username, $password, $already_md5 = false)
|
||||
$userid = wp_insert_user($user_info);
|
||||
}
|
||||
|
||||
// if the user exists, wp_insert_user will update the existing user record
|
||||
if (is_wp_error($userid)) {
|
||||
authLdap_debug('Error creating user : ' . $userid->get_error_message());
|
||||
trigger_error('Error creating user: ' . $userid->get_error_message());
|
||||
return $userid;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add hook for custom updates
|
||||
*
|
||||
@ -448,13 +462,6 @@ function authLdap_login($user, $username, $password, $already_md5 = false)
|
||||
*/
|
||||
do_action('authLdap_login_successful', $userid, $attribs[0]);
|
||||
|
||||
// if the user exists, wp_insert_user will update the existing user record
|
||||
if (is_wp_error($userid)) {
|
||||
authLdap_debug('Error creating user : ' . $userid->get_error_message());
|
||||
trigger_error('Error creating user: ' . $userid->get_error_message());
|
||||
return $userid;
|
||||
}
|
||||
|
||||
authLdap_debug('user id = ' . $userid);
|
||||
|
||||
// flag the user as an ldap user so we can hide the password fields in the user profile
|
||||
@ -505,23 +512,25 @@ function authLdap_get_uid($username)
|
||||
*/
|
||||
function authLdap_user_role($uid)
|
||||
{
|
||||
global $wpdb;
|
||||
global $wpdb, $wp_roles;
|
||||
|
||||
if (!$uid) {
|
||||
return '';
|
||||
}
|
||||
|
||||
$meta_value = $wpdb->get_var(
|
||||
"SELECT meta_value FROM {$wpdb->usermeta} WHERE meta_key = '{$wpdb->prefix}capabilities' AND user_id = {$uid}"
|
||||
);
|
||||
|
||||
if (!$meta_value) {
|
||||
/** @var array<string, bool> $usercapabilities */
|
||||
$usercapabilities = get_user_meta( $uid, "{$wpdb->prefix}capabilities", true);
|
||||
if ( ! is_array( $usercapabilities ) ) {
|
||||
return '';
|
||||
}
|
||||
|
||||
$capabilities = unserialize($meta_value);
|
||||
$roles = is_array($capabilities) ? array_keys($capabilities) : array('');
|
||||
$role = $roles[0];
|
||||
/** @var array<string, array{name: string, capabilities: array<mixed>} $editable_roles */
|
||||
$editable_roles = $wp_roles->roles;
|
||||
|
||||
// By using this approach we are now using the order of the roles from the WP_Roles object
|
||||
// and not from the capabilities any more.
|
||||
$userroles = array_keys(array_intersect_key($editable_roles, $usercapabilities));
|
||||
$role = $userroles[0];
|
||||
|
||||
authLdap_debug("Existing user's role: {$role}");
|
||||
return $role;
|
||||
|
||||
Reference in New Issue
Block a user