Better error display for invalid logins

Instead of showing an ugly error, failed logins now show the login page and a simple error about invalid username or password.
2025-04-25 12:31:06 -05:00 · 2012-10-01 11:41:44 -04:00 · 2012-10-01 11:41:44 -04:00 · a3ed11ab28
commit a3ed11ab28
parent aab3832e02
4 changed files with 29 additions and 3 deletions
--- a/htdocs/application/controllers/auth.php
+++ b/htdocs/application/controllers/auth.php
@ -60,8 +60,8 @@ class Auth extends CI_Controller {
                }
            }else {
                // Login FAIL
-                $this->load->view('auth/login_form', array('login_fail_msg'
-                                        => 'Error with LDAP authentication.'));
+                $this->db_session->set_flashdata('login_error', 'Incorrect username or password.');
+                $this->load->view('auth/login_form');
            }
        }else {
                // Already logged in...
--- a/htdocs/application/libraries/auth_ldap.php
+++ b/htdocs/application/libraries/auth_ldap.php
@ -92,7 +92,8 @@ class Auth_Ldap {
        $user_info = $this->_authenticate($username,$password);
        if(empty($user_info['role'])) {
            log_message('info', $username." has no role to play.");
-            show_error($username.' succssfully authenticated, but is not allowed because the username was not found in an allowed access group.');
+            //show_error($username.' succssfully authenticated, but is not allowed because the username was not found in an allowed access group.');
+            return FALSE;
        }
        // Record the login
        $this->_audit("Successful login: ".$user_info['cn']."(".$username.") from ".$this->ci->input->ip_address());
@ -190,6 +191,13 @@ class Auth_Ldap {
        $search = ldap_search($this->ldapconn, $this->basedn, $filter, 
                array('dn', $this->login_attribute, 'cn'));
        $entries = ldap_get_entries($this->ldapconn, $search);
+        
+        if(!isset($entries[0])){
+            //User either does not exist or has no permissions
+            $this->_audit("Failed login attempt: ".$username." from ".$_SERVER['REMOTE_ADDR']);
+            return FALSE;
+        }
+        
        $binddn = $entries[0]['dn'];
            
        // Now actually try to bind as the user
--- a/htdocs/application/views/auth/login_form.php
+++ b/htdocs/application/views/auth/login_form.php
@ -1,4 +1,12 @@
 <?php $this->load->view('defaults/header'); ?>
+    <?php
+        $message = $this->db_session->flashdata('login_error');
+        if ($message){
+            echo '<div class="login_error">';
+            echo $message;
+            echo '</div>';
+        }
+    ?>
    <div class="login">
      <?php echo form_fieldset(); ?>
      <?php echo validation_errors();?>
--- a/htdocs/static/styles/main.css
+++ b/htdocs/static/styles/main.css
@ -487,4 +487,14 @@ h4 {
 .login {
    margin-left: 35%;
    margin-right: auto;
+}
+
+.login_error {
+    border: 1px solid;
+    margin-left: 25%;
+    margin-right: 30%;
+    padding:15px 10px 15px 50px;
+    text-align: center;
+    background-color: #FFBABA;
+    color: #D8000C;
 }