[Xerte] Bug in XOT 1.7 ldap authentication

[C.J.Fryer at lse.ac.uk]

Hello
 
I think I've found a bug in the LDAP Authentication code in Xerte Online
Toolkits version 1.7.  When I try to log in with my LDAP credentials, I
get a blank screen.  If I turn on error_reporting in config.php, I see
the following errors in the log:

"PHP Warning:  Missing argument 9 for authenticate_to_host(), called in
\xertenew\website_code\php\login_library.php on line 448 and defined in
\xertenew\website_code\php\login_library.php on line 270"

"PHP Warning:  Missing argument 10 for authenticate_to_host(), called in
\xertenew\website_code\php\login_library.php on line 448 and defined in
\xertenew\website_code\php\login_library.php on line 270"

In our database, sitedetails.ldap_host contains a $$$-separated list of
directory servers, rather than anything in a table called "ldap".  So
this places us in a particular branch within function valid_login().

Line 448 of website_code\php\login_library.php is:

$login_check =
authenticate_to_host($host[$x],$port[$x],$bind_pwd[$x],$basedn[$x],$bind
_dn[$x],$username,$password,$xerte_toolkits_site)

But the function authenticate_to_host on line 270 expects 10 arguments,
and they are in a different order:

function
authenticate_to_host($host,$port,$bind_pwd,$bind_dn,$basedn,$ldap_filter
,$ldap_filter_attr,$eureka_username,$password,$eureka_site)

I am not sure whether it would be better to modify valid_login() so it
passes the correct arguments, or authenticate_to_host() itself, so the
arguments are handled differently.

Chris



Please access the attached hyperlink for an important electronic communications disclaimer: http://lse.ac.uk/emailDisclaimer