用于检查用户是否在数据库中然后授权到LDAP的PHP脚本

时间:2012-08-22 17:38:40

标签: php active-directory ldap mysqli prepared-statement

我正在尝试检查用户名是否在我的某个数据库中。

$mysqli->prepare("SELECT username FROM table WHERE username = ?") ...

如果用户名在我的数据库中,我想拥有它们,然后尝试授权给我的LDAP服务器。

if($stmt->num_rows === 0){ ...

以下代码无需测试用户是否在数据库中的所有mysqli。现在,如果我尝试登录,我遇到了:

  

致命错误:调用未定义的方法mysqli_stmt :: get_result()in   第22行的C:\ xampp \ htdocs \ webapp \ login.php

<?php
    require_once('config.php'); //db connection

    //error_reporting(0); 
    if (isset($_POST['submitted'])) { 

        $username =$_POST['username'];
        $password=$_POST['password'];

        $ldap = ldap_connect("localserv1.local.com", 389) or exit ("Error connecting to LDAP server.");

        //Settings for AD
        ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
        ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);

            //Prep statment to check if user is in tblAdmins
            if ($stmt = $mysqli->prepare("SELECT username FROM table WHERE username = ?"))
            {
                  $stmt->bind_param('s', $username);
                  $stmt->execute();
                  $stmt->store_result();
                  $result = $stmt->get_result();

                  // Check if the username is in the db
                  if($stmt->num_rows === 0){
                    //The user is not in the DB
                    echo('<p class="error">You are not authorized to view this application.</p><div class="clear"></div>');
                  }elseif ($bind = ldap_bind($ldap, 'local\\'.$username, $password)) {          
                    //Log them in!
                    session_register("username");
                    session_register("password");
                    header("Location: https://" . $_SERVER['HTTP_HOST'] . substr($_SERVER['REQUEST_URI'], 0, -9) . "index.php" );
                    exit;       
                   }else {
                        // Invalid LDAP user/pass
                        echo('<p class="error">Invalid username or password.</p><div class="clear"></div>');        
                    }
            }else {
                //Error
                printf("Prep statment failed: %s\n", $mysqli->error);
            }
    }
    ?>

1 个答案:

答案 0 :(得分:1)

get_result的PHP手册页上的comment表明可能需要“mysqlnd驱动程序”才能使该功能正常工作。

由于您实际上并未使用$result变量,因此您可以完全删除该行,以便更轻松地解决。