Index: authentication_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/authentication_api.php,v retrieving revision 1.53 diff -u -r1.53 authentication_api.php --- authentication_api.php 10 Aug 2005 16:21:28 -0000 1.53 +++ authentication_api.php 17 Jan 2007 00:16:21 -0000 @@ -72,9 +72,15 @@ $t_login_method = config_get( 'login_method' ); if ( false === $t_user_id ) { - if ( BASIC_AUTH == $t_login_method ) { - # attempt to create the user if using BASIC_AUTH - $t_cookie_string = user_create( $p_username, $p_password ); + if ( BASIC_AUTH == $t_login_method || LDAP == $t_login_method ) { + + # attempt to create the user if using BASIC_AUTH or LDAP + if ( BASIC_AUTH == $t_login_method) { + $t_cookie_string = user_create( $p_username, $p_password ); + } elseif ( LDAP == $t_login_method ) { + # get the users' email address as well if using LDAP + $t_cookie_string = user_create( $p_username, '', ldap_email_from_username( $p_username ) ); + } if ( false === $t_cookie_string ) { # it didn't work @@ -161,7 +167,7 @@ # set the cookies $g_script_login_cookie = $t_user['cookie_string']; - + # cache user id for future reference $g_cache_current_user_id = $t_user_id; @@ -173,11 +179,11 @@ # Returns true on success, false otherwise function auth_logout() { global $g_cache_current_user_id; - + # clear cached userid $g_cache_current_user_id = null; - - # clear cookies, if they were set + + # clear cookies, if they were set if (auth_clear_cookies()) { helper_clear_pref_cookies(); } @@ -301,7 +307,7 @@ global $g_script_login_cookie; $t_cookies_cleared = false; - + # clear cookie, if not logged in from script if ($g_script_login_cookie == null) { $t_cookie_name = config_get( 'string_cookie' ); @@ -373,8 +379,8 @@ if ( $g_script_login_cookie !== null ) { return $g_script_login_cookie; } - - # fetch user cookie + + # fetch user cookie $t_cookie_name = config_get( 'string_cookie' ); $t_cookie = gpc_get_cookie( $t_cookie_name, '' ); @@ -382,12 +388,12 @@ if ( is_blank( $t_cookie ) ) { if ( ON == config_get( 'allow_anonymous_login' ) ) { if ( $g_cache_anonymous_user_cookie_string === null ) { - if ( function_exists( 'db_is_connected' ) && db_is_connected() ) { + if ( function_exists( 'db_is_connected' ) && db_is_connected() ) { # get anonymous information if database is available $query = sprintf('SELECT id, cookie_string FROM %s WHERE username = \'%s\'', config_get( 'mantis_user_table' ), config_get( 'anonymous_account' ) ); $result = db_query( $query ); - + if ( 1 == db_num_rows( $result ) ) { $row = db_fetch_array( $result ); $t_cookie = $row['cookie_string']; @@ -415,7 +421,7 @@ function auth_is_cookie_valid( $p_cookie_string ) { global $g_cache_current_user_id; - + # fail if DB isn't accessible if ( !db_is_connected() ) { return false; @@ -430,7 +436,7 @@ if ( null !== $g_cache_current_user_id ) { return true; } - + # look up cookie in the database to see if it is valid $t_user_table = config_get( 'mantis_user_table' ); @@ -444,7 +450,7 @@ # return true if a matching cookie was found return ( 1 == db_num_rows( $result ) ); } - + ######################################### # SECURITY NOTE: cache globals are initialized here to prevent them # being spoofed if register_globals is turned on