From b5eb793290faa2527c9bc81c3cfe8f19ac960615 Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@surfnet.nl>
Date: Thu, 11 Dec 2008 18:46:38 +0000
Subject: [PATCH] handle empty password as error (prevent some LDAP
 implementations to handle it as anonymous bind)

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1062 44740490-163a-0410-bde0-09ae8108e29a
---
 www/auth/login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/auth/login.php b/www/auth/login.php
index df69a8787..d10af1a60 100644
--- a/www/auth/login.php
+++ b/www/auth/login.php
@@ -96,7 +96,7 @@ if (isset($_POST['username'])) {
 		/*
 		 * Do LDAP bind using DN.
 		 */
-		if (!$ldap->bind($dn, $password)) {
+		if (($pwd == "") or (!$ldap->bind($dn, $pwd))) {
 			SimpleSAML_Logger::info('AUTH - ldap: '. $username . ' failed to authenticate. DN=' . $dn);
 			throw new Exception('error_wrongpassword');
 		}
-- 
GitLab