From e99c3f2b7875a2f5cce349e6e1fff9d06b83a99a Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Sun, 17 Dec 2017 18:22:49 +0100
Subject: [PATCH] Use exception for user login

---
 htdocs/auth.php                 | 19 ++++++++-----------
 htdocs/lib/class.ldapserver.php | 17 ++---------------
 2 files changed, 10 insertions(+), 26 deletions(-)

diff --git a/htdocs/auth.php b/htdocs/auth.php
index 9dc96a2..22cf0f3 100644
--- a/htdocs/auth.php
+++ b/htdocs/auth.php
@@ -16,17 +16,14 @@ if (isset($_SESSION['login'])) {
 }
 
 if (!empty($_POST['login'])) {
-    if ($server = new LdapServer(Html::clean($_POST['login']),  LDAP_BASE, LDAP_ADMIN_DN, LDAP_ADMIN_PASS, LDAP_URI)) {
-        if ($server->login(Html::clean($_POST['password']))) {
-            $_SESSION['login'] = $server->getLogin();
-            $_SESSION['dn'] = $server->getDn();
-            header("location: superadmin.php\n\n");
-            exit(0);
-        } else {
-            print "<div class='alert alert-danger' role='alert'>&Eacute;chec de l\'authentification, utilisateur ou mot de passe incorrect.<br />Si vous avez oubli&eacute; votre mot de passe, contactez <a href='mailto:" .$conf['admin']['mail']. "'>" .$conf['admin']['mail']. "</a></div>";
-        }
-    } else {
-        print "<div class=\"alert alert-danger\" role=\"alert\">Erreur de connexion LDAP !</div>";
+    try {
+        $server = new LdapServer(Html::clean($_POST['login']),  LDAP_BASE, LDAP_ADMIN_DN, LDAP_ADMIN_PASS, LDAP_URI);
+        $server->login(Html::clean($_POST['password']));
+        $_SESSION['login'] = $server->getLogin();
+        header("location: superadmin.php\n\n");
+        exit(0);
+    } catch (Exception $e) {
+        print '<div class="alert alert-danger" role="alert">'.$e->getMessage().'</div>';
     }
 }
 ?>
diff --git a/htdocs/lib/class.ldapserver.php b/htdocs/lib/class.ldapserver.php
index bfac5eb..874e125 100644
--- a/htdocs/lib/class.ldapserver.php
+++ b/htdocs/lib/class.ldapserver.php
@@ -54,21 +54,8 @@ class LdapServer {
     public function login($password) {
         $sr=ldap_search($this->conn, self::getBaseDN($this), "(&(uid=".$this->login.")(isAdmin=TRUE))");
         $info = ldap_get_entries($this->conn, $sr);
-        if ($info['count']) {
-            if (@ldap_bind($this->conn, $info[0]['dn'], $password)) {
-                unset($password);
-                $this->base = $info[0]['dn'];
-#                EvoLog::log("Login success for " . $this->login);
-                return true;
-            } else {
-                $this->__destruct();
-#                EvoLog::log("Password failed : " . $this->login);
-                return false;
-            }
-        } else {
-            $this->__destruct();
-#            EvoLog::log("Login failed : " . $this->login);
-            return false;
+        if (!$info['count'] || !@ldap_bind($this->conn, $info[0]['dn'], $password)) {
+            throw new Exception("&Eacute;chec de l'authentification, utilisateur ou mot de passe incorrect.");
         }
     }