CODEWITHSUNDEEP
phpcodeignitererror-handlingldap
DrewRobertson93
DrewRobertson93

Reputation: 149

Codigniter Error Handling with LDAP

I'm trying to figure out a way to manage the errors that are thrown back by codeigniter in the event that someone mis-types their LDAP handle for our intranet login.

Our login is fairly standard.

Login: firstname.lastname (all lowercase separated by a period)

Pass: minimum 10 characters long, 1 uppercase letter required

Everything works fine, and this is really a minor issue, but if someone screws up their password or their login name, I get the standard ugly codeigniter error

A PHP Error was encountered

Severity: Warning

Message: ldap_bind(): Unable to bind to server: Invalid credentials

Filename: controllers/Login.php

Line Number: 28

Backtrace:

File: /home/edit/internal/application/controllers/Login.php Line: 28 Function: ldap_bind

File: /home/edit/internal/public_html/index.php Line: 315 Function: require_once

How can I make this proper in that I can send the appropriate error message (something along the lines of: You have entered incorrect login details. Remember, this is the same information used to log in to your workstation.)

And throw that back in place of the ugly codeigniter error.

Below is the code currently used...

Please note that the DOMAINHERE(s) are replacements for my actual domain.

if( $this->input->post( 'login' ) ){

        if ($this->form_validation->run())
        {
            $ldap = ldap_connect( 'DOMAINHERE' ); // Your domain or domain server

            if( ! $ldap )
            {
                // Put something here
            }
            ldap_set_option( $ldap, LDAP_OPT_PROTOCOL_VERSION, 3 ); // Recommended for AD

            $ldapRDN = $this->input->post('username').'@DOMAINHERE.com';
            $ldapPWD = $this->input->post('password');

            // Now try to authenticate with credentials provided by user
            if ( ! ldap_bind( $ldap, $ldapRDN, $ldapPWD) )
            {
                echo "LDAP Bind Failed.";
                $data['error'] = TRUE;

            }
            else
            {
                if ( $this -> user_model -> user_exists( $this -> input -> post( 'username' ) ) ) {

                    $this -> user_model -> process_login();
                    $this->session->set_userdata('loggedin', TRUE);
                    redirect( 'welcome' );

                } else {

                    $add_user = $this -> user_model -> set_user_to_db();
                    if ( $add_user ) {

                        $this -> session -> set_userdata( 'loggedin', TRUE);
                        redirect( 'welcome' );

                    } else {

                        $this -> session -> set_userdata( 'alert', 'Was unable to add user to the database, please try again later' );
                        $this -> session -> set_userdata( 'alert_type', 'error' );
                        redirect( 'login' );

                    }

                }

            }
        }

    }

EDIT: My goal is not to suppress the warnings, which do in fact get turned off during deployment, but to capture the instance of the error firing so I have something to check against.

Upvotes: 1

Views: 663

Answers (1)

Scuzzy
Scuzzy

Reputation: 12332

Edit: I do not know Codeigniter, but I've used the ldap functions, and I know they don't return useful results on failure.

Ideally you should have warnings disabled on your production environment so you shouldn't see PHP warnings, however to discern that the warning was raised by your LDAP you may have to get creative. This code shows two places where errors are raised, it sets the error level to hide the Warnings and then has a mechanism to test if the warning was raided by the ldap functions.

user_error('Raise an error');
// Suppress Warnings
$previousErrorReportingLevel = error_reporting();
error_reporting( error_reporting() & ~E_WARNING );
$previousError = error_get_last();
if(isset($_POST['username'],$_POST['password']) === true and $ldap_connection = ldap_connect("DOMAINHERE") and $ldap_bind = ldap_bind($ldap_connection,$_POST['username'],$_POST['password']))
{
  var_dump($ldap_connection);
  var_dump($ldap_bind);
}
else
{
  $lastError = error_get_last();
  // You can either look for a specific message
  if( $lastError['message'] === 'ldap_bind(): Unable to bind to server: Invalid credentials' )
  {
    echo("Login Credential Error");
  }
  // or look that the last error is different from the previously recorded error
  elseif( $lastError !== $previousError )
  {
    echo("LDAP Connection error");
  }
}
// Restore Error Reporting Level
error_reporting( $previousErrorReportingLevel );
user_error('Raise an error');

Upvotes: 2

Related Questions