handle empty password as error (prevent some LDAP implementations to handle it as anonymous bind)

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1062 44740490-163a-0410-bde0-09ae8108e29a

handle empty password as error (prevent some LDAP implementations to handle it as anonymous bind)
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1062 44740490-163a-0410-bde0-09ae8108e29a
b5eb7932 · Hans Zandbelt · e3fbe58a · b5eb7932
Commit b5eb7932 authored 16 years ago by Hans Zandbelt
--- a/www/auth/login.php
+++ b/www/auth/login.php
@@ -96,7 +96,7 @@ if (isset($_POST['username'])) {
 		/*
 		 * Do LDAP bind using DN.
 		 */
-		if (!$ldap->bind($dn, $password)) {
+		if (($pwd == "") or (!$ldap->bind($dn, $pwd))) {
 			SimpleSAML_Logger::info('AUTH - ldap: '. $username . ' failed to authenticate. DN=' . $dn);
 			throw new Exception('error_wrongpassword');
 		}