Preventing PHP Warnings on LDAP Functions

StackOverflow https://stackoverflow.com/questions/18283586

Domanda

Currently I am using the ldap_* functions to handle authentication for one of my web applications. I have logic that is able to check if the login is valid which works fine, however when a user enters an invalid username/password combination ldap_bind() produces a warning which I would like to avoid if possible. At the moment I am suppressing this error with the @ operator but I am curious if there is a better way to block warnings from ldap_* without turning off warnings in PHP completely or suppressing them.

The warning is

A PHP Error was encountered

Severity: Warning

Message: ldap_bind() [function.ldap-bind]: Unable to bind to server: Invalid credentials

Filename: libraries/userauth.php

Line Number: 75

My current code is as follows:

$uid = "uid=".$username;
$ldapUser = $uid.",ou=***,dc=***,dc=***";
$ds = ldap_connect( $this->ldapURL ); 
$lb = @ldap_bind( $ds, $ldapUser, $password );
$sr = ldap_search( $ds, $this->ldapBaseDN, $uid );
$info = ldap_get_entries( $ds, $sr );

Is there any way to prevent this warning without turning of PHP warnings altogether or suppressing it?

È stato utile?

Soluzione

This behaviour is by design, you cannot prevent ldap_bind from triggering a warning on invalid credentials. You still have some options, though:

  1. Suppress the warning with @ as you are already doing
  2. Turn all errors into Exceptions, then catch them and handle appropriately
  3. Ignore warnings by modifying the error reporting level (very, very bad idea)

In my own ldap library I use the @ suppressor, but I have heard that it is quite slow compared to converting an error into Exception, so my suggestion is to go with option 2. If you don't care about super-high performance, then option 1 is a perfectly valid approach.

Altri suggerimenti

Another very very, VERY bad idea is to use proc_open('php', ...), include the badass PHP code into the standard input, and evaluate the standard output. For example, In my case this was the only way to escape the ldap_bind exceptions when the authentication failed:

$stdout = null;

$proc = proc_open(
    'php', 
    array(array('pipe', 'r'), array('pipe', 'w'), array('pipe', 'w')),
    $pipes
);
if (is_resource($proc)) {
    fwrite($pipes[0], "<?php 
        echo ldap_bind(
            ldap_connect('$ip_ldap_server'), 
            '$ldapUser', 
            '$password' 
        ); 
    ");
    fclose($pipes[0]);

    $stdout = stream_get_contents($pipes[1]);
    fclose($pipes[1]);
    fclose($pipes[2]);
    proc_close($proc);
}

if ($stdout == 1) {
    // authentication is succesfull;
    ...
} else {
    // authentication failed;
    ...
}

Very ugly code...

EDIT

So... the reason I was using this code was set_error_handler(), but finally I found this. The @ is your best bet.

You can also do it that way :

try {
    $lb = ldap_bind( $ds, $ldapUser, $password );
} catch (\Exception $e) {
    return $e->getMessage();
}
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top