Index: auth.php =================================================================== RCS file: /cvsroot/moodle/moodle/auth/ldap/auth.php,v retrieving revision 1.99.2.2 diff -u -r1.99.2.2 auth.php --- auth.php 26 Jul 2011 09:29:33 -0000 1.99.2.2 +++ auth.php 9 Aug 2011 14:22:01 -0000 @@ -33,6 +33,11 @@ define ('UF_DONT_EXPIRE_PASSWD', 0x00010000); } +// LDAP_OPT_DIAGNOSTIC_MESSAGE gets the extended error output from the ldap_get_option function +if (!defined('LDAP_OPT_DIAGNOSTIC_MESSAGE')) { + define('LDAP_OPT_DIAGNOSTIC_MESSAGE', 0x0032); +} + // The Posix uid and gid of the 'nobody' account and 'nogroup' group. if (!defined('AUTH_UID_NOBODY')) { define('AUTH_UID_NOBODY', -2); @@ -124,6 +129,7 @@ * @return bool Authentication success or failure. */ function user_login($username, $password) { + global $CFG, $DB, $OUTPUT; if (! function_exists('ldap_bind')) { print_error('auth_ldapnotinstalled', 'auth_ldap'); return false; @@ -181,10 +187,45 @@ // Try to bind with current username and password $ldap_login = @ldap_bind($ldapconnection, $ldap_user_dn, $extpassword); - $this->ldap_close(); + $userid = $DB->get_field('user', 'id', array('username'=>$username)); + if ($ldap_login) { + if(is_numeric($userid)){ + set_user_preference('auth_forcepasswordchange', false, $userid); + } + $this->ldap_close(); return true; } + else if (ldap_get_option($ldapconnection, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error)){ + + //explode the error message so we are only looking at the error codes + + $extended_error = explode(', ', $extended_error); + + if(strpos($extended_error[2],'773') || strpos($extended_error[2],'532')){ + + if(is_numeric($userid)){ + set_user_preference('auth_forcepasswordchange', true, $userid); + } + + $this->ldap_close(); + unset($extended_error); + + if(is_numeric($userid)){ + if($DB->record_exists('user_preferences', array('value'=>1, 'userid'=>$userid, 'name'=>'auth_forcepasswordchange'))){ + return true; + } + else{ + return false; + } + }else{ + //debugging("user not created yet, let them in?"); + return true; + } + } + + } + $this->ldap_close(); return false; }