Skip to content
Snippets Groups Projects
Commit 67f5ef90 authored by Florian Azizian's avatar Florian Azizian
Browse files

FIX #1772 add pdo for ldap connection

parent 42fdf1a9
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
maarch_entreprise/trunk/log.php
+ 22
9
View file @ 67f5ef90
...@@ -132,17 +132,30 @@ if (! empty($_SESSION['error'])) { ...@@ -132,17 +132,30 @@ if (! empty($_SESSION['error'])) {
if ($ad -> authenticate($loginToAd, $password)) { if ($ad -> authenticate($loginToAd, $password)) {
//TODO: protect sql injection with PDO //TODO: protect sql injection with PDO
$db = new dbquery(); if ($_SESSION['config']['usePDO'] == 'true') {
$db->connect(); require_once 'core/class/class_db_pdo.php';
$login = end(explode('\\', $login)); // Instantiate database.
$database = new Database();
$database->query("SELECT * FROM users WHERE user_id LIKE :login");
$database->bind(':login', $login);
$database->execute();
$result = $database->single();
} else {
$db = new dbquery();
$db->connect();
$login = end(explode('\\', $login));
$query = 'select * from ' . USERS_TABLE
. " where user_id like '"
. $this->protect_string_db($login) . "' ";
$query = 'select * from ' . USERS_TABLE $db->query($query);
. " where user_id like '" $result= $db->fetch_object();
. $this->protect_string_db($login) . "' "; }
$db->query($query); if ($result) {
if ($db->fetch_object()) {
$_SESSION['error'] = ''; $_SESSION['error'] = '';
$pass = md5($password); $pass = md5($password);
$res = $sec->login($login, $pass, 'ldap'); $res = $sec->login($login, $pass, 'ldap');
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment