Redmine.pm.diff - Redmine

Defect #879 » Redmine.pm.diff

Diff with original version (0.6.4) - Liwiusz Ociepa, 2008-03-17 16:04

     use DBI;
     use Digest::SHA1;
     use Net::LDAP;
     use Apache2::Module;
     use Apache2::Access;
-...
         my $dbh = connect_database($r);
         my $sth = $dbh->prepare(
     	"SELECT * FROM projects WHERE projects.identifier=? and projects.is_public=true;"
             "SELECT * FROM projects WHERE projects.identifier=? and projects.is_public=true;"
         );
         $sth->execute($project_id);
-...
       my $pass_digest = Digest::SHA1::sha1_hex($redmine_pass);
       my $sth = $dbh->prepare(
           "SELECT hashed_password FROM members, projects, users WHERE projects.id=members.project_id AND users.id=members.user_id AND users.status=1 AND login=? AND identifier=?;"
           "SELECT hashed_password,coalesce(auth_source_id,0) FROM members, projects, users WHERE projects.id=members.project_id AND users.id=members.user_id AND users.status=1 AND login=? AND identifier=?;"
       );
       $sth->execute($redmine_user, $project_id);
       my $ret;
       while (my @row = $sth->fetchrow_array) {
           if ($row[0] eq $pass_digest) {
     	  $ret = 1;
     	  last;
           if ($row[1] eq 0) {
               if ($row[0] eq $pass_digest) {
                   $ret = 1;
                   last;
+              }
           } else {
               my $sthldap = $dbh->prepare(
                   "SELECT host,port,account,account_password,base_dn,attr_login from auth_sources WHERE id = ?;"
               );
               $sthldap->execute($row[1]);
               while (my @rowldap = $sthldap->fetchrow_array) {
                   my $ldap = Net::LDAP->new($rowldap[0], port => $rowldap[1]);
                   my $res = $rowldap[2] ? $ldap->bind($rowldap[2], password => $rowldap[3]) : $ldap->bind();
                   unless ($res->code) {
                       my $res = $ldap->search(
                           base => $rowldap[4],
                           filter => "(".$rowldap[5]."=".$redmine_user.")",
                           attrs => ['dn']
                       );
                       unless ($res->code) {
                           foreach my $entry ($res->entries) {
                               my $mesg = $ldap->bind($entry->dn, password => $redmine_pass);
                               $ret = 1 and last unless $mesg->code;
+                          }
+                      }
+                  }
                   $res = $ldap->unbind();
                   $ldap->disconnect();
+              }
               $sthldap->finish();
+          }
+      }
       $sth->finish();
       $dbh->disconnect();
       $ret;

(2-2/6)

Project

General

Profile

Redmine

Defect #879 » Redmine.pm.diff