Reputation: 8349
Preventing PHP Warnings on LDAP Functions
Currently I am using the ldap_* functions to handle authentication for one of my web applications. I have logic that is able to check if the login is valid which works fine, however when a user enters an invalid username/password combination ldap_bind() produces a warning which I would like to avoid if possible. At the moment I am suppressing this error with the @ operator but I am curious if there is a better way to block warnings from ldap_* without turning off warnings in PHP completely or suppressing them.
The warning is
A PHP Error was encountered
Severity: Warning
Message: ldap_bind() [function.ldap-bind]: Unable to bind to server: Invalid credentials
Filename: libraries/userauth.php
Line Number: 75
My current code is as follows:
$uid = "uid=".$username;
$ldapUser = $uid.",ou=***,dc=***,dc=***";
$ds = ldap_connect( $this->ldapURL );
$lb = @ldap_bind( $ds, $ldapUser, $password );
$sr = ldap_search( $ds, $this->ldapBaseDN, $uid );
$info = ldap_get_entries( $ds, $sr );
Is there any way to prevent this warning without turning of PHP warnings altogether or suppressing it?
Upvotes: 5
Views: 10390
Answers (3)
Reputation: 37
You can also do it that way :
try {
$lb = ldap_bind( $ds, $ldapUser, $password );
} catch (\Exception $e) {
return $e->getMessage();
}
Upvotes: 0
Reputation: 1153
Another very very, VERY bad idea is to use proc_open('php', ...), include the badass PHP code into the standard input, and evaluate the standard output. For example, In my case this was the only way to escape the ldap_bind exceptions when the authentication failed:
$stdout = null;
$proc = proc_open(
'php',
array(array('pipe', 'r'), array('pipe', 'w'), array('pipe', 'w')),
$pipes
);
if (is_resource($proc)) {
fwrite($pipes[0], "<?php
echo ldap_bind(
ldap_connect('$ip_ldap_server'),
'$ldapUser',
'$password'
);
");
fclose($pipes[0]);
$stdout = stream_get_contents($pipes[1]);
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($proc);
}
if ($stdout == 1) {
// authentication is succesfull;
...
} else {
// authentication failed;
...
}
Very ugly code...
EDIT
So... the reason I was using this code was set_error_handler(), but finally I found this. The @ is your best bet.
Upvotes: 1
Reputation: 12129
This behaviour is by design, you cannot prevent ldap_bind from triggering a warning on invalid credentials. You still have some options, though:
- Suppress the warning with
@as you are already doing - Turn all errors into Exceptions, then catch them and handle appropriately
- Ignore warnings by modifying the error reporting level (very, very bad idea)
In my own ldap library I use the @ suppressor, but I have heard that it is quite slow compared to converting an error into Exception, so my suggestion is to go with option 2. If you don't care about super-high performance, then option 1 is a perfectly valid approach.
Upvotes: 11
Related Questions
- ldap_bind fails with Warning but continues with if statment
- Suppress login details in error log for Fatal error: Call to undefined function: ldap_connect()
- how to protect against LDAP Injection
- Disable PHP Warnings for only PART OF the code
- Warning: ldap_modify(): Modify: Server is unwilling to perform
- php ldap bind warning
- LDAP error codes
- Ignore PHP Warnings
- How to view stderr of PHP's ldap_* functions (with LDAP_OPT_DEBUG_LEVEL=7) from mod_php
- Sanitize LDAP_bind query