alpha dash dot validation for LDAP

2025-04-25 12:31:06 -05:00 · 2013-11-07 21:29:29 +01:00 · 2013-11-07 21:29:29 +01:00 · 5678e09c44
commit 5678e09c44
parent 08b54f7ad9
1 changed files with 96 additions and 55 deletions
--- a/htdocs/application/controllers/auth.php
+++ b/htdocs/application/controllers/auth.php
@ -1,4 +1,18 @@
-<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+<?php
+/**
+ * Class and Function List:
+ * Function list:
+ * - __construct()
+ * - index()
+ * - login()
+ * - logout()
+ * - alpha_dash_dot()
+ * Classes list:
+ * - Auth extends CI_Controller
+ */
+
+if (!defined('BASEPATH')) exit('No direct script access allowed');
+
 /*
 * This file is part of Auth_Ldap.

@ -15,8 +29,7 @@
    You should have received a copy of the GNU General Public License
    along with Auth_Ldap.  If not, see <http://www.gnu.org/licenses/>.
 * 
- */
-
+*/
 /**
 * @author      Greg Wojtak <gwojtak@techrockdo.com>
 * @copyright   Copyright © 2010,2011 by Greg Wojtak <gwojtak@techrockdo.com>
@ -24,10 +37,13 @@
 * @subpackage  auth demo
 * @license     GNU Lesser General Public License
 */
-class Auth extends CI_Controller {
-    function __construct() {
-        parent::__construct();

+class Auth extends CI_Controller
+{
+	
+	function __construct() 
+	{
+		parent::__construct();
 		$this->load->helper('form');
 		$this->load->library('Form_validation');
 		$this->load->library('auth_ldap');
@ -35,51 +51,76 @@ class Auth extends CI_Controller {
 		$this->load->library('table');
 	}
 	
-    function index() {
+	function index() 
+	{
 		$this->db_session->keep_flashdata('tried_to');
 		$this->login();
 	}
 	
-    function login($errorMsg = NULL){
+	function login($errorMsg = NULL) 
+	{
 		$this->db_session->keep_flashdata('tried_to');
-        if(!$this->auth_ldap->is_authenticated()) {
+		
+		if (!$this->auth_ldap->is_authenticated()) 
+		{
+
 			// Set up rules for form validation
 			$rules = $this->form_validation;
-            $rules->set_rules('username', 'Username', 'required|alpha_dash');
+			$rules->set_rules('username', 'Username', 'required|callback_alpha_dash_dot');
 			$rules->set_rules('password', 'Password', 'required');

 			// Do the login...
-            if($rules->run() && $this->auth_ldap->login(
-                    $rules->set_value('username'),
-                    $rules->set_value('password'))) {
+			
+			if ($rules->run() && $this->auth_ldap->login($rules->set_value('username') , $rules->set_value('password'))) 
+			{
+
 				// Login WIN!
-                if($this->db_session->flashdata('tried_to')) {
+				
+				if ($this->db_session->flashdata('tried_to')) 
+				{
 					redirect($this->db_session->flashdata('tried_to'));
-                }else {
+				}
+				else
+				{
 					redirect('/');
 				}
-            }else {
+			}
+			else
+			{
+
 				// Login FAIL
 				$this->db_session->set_flashdata('login_error', 'Incorrect username or password.');
 				$this->load->view('auth/login_form');
 			}
-        }else {
+		}
+		else
+		{
+
 			// Already logged in...
 			redirect('/');
 		}
 	}
 	
-    function logout() {
-        if($this->db_session->userdata('logged_in')) {
+	function logout() 
+	{
+		
+		if ($this->db_session->userdata('logged_in')) 
+		{
 			$data['name'] = $this->db_session->userdata('cn');
 			$data['username'] = $this->db_session->userdata('username');
 			$data['logged_in'] = TRUE;
 			$this->auth_ldap->logout();
-        } else {
+		}
+		else
+		{
 			$data['logged_in'] = FALSE;
 		}
 		redirect('/');
 	}
+	public 
+	function alpha_dash_dot($str) 
+	{
+		return (!preg_match("/^([-a-z0-9_-\.])+$/i", $str)) ? FALSE : TRUE;
+	}
 }
-
 ?>