我有一个使用ldap的php登录页面,如果登录好(重定向到主页)和坏(出现错误消息)它可以正常工作,但如果我写任何没有密码的用户名,它也会将我重定向到主页。我怎么能纠正它?
此外,我不确定session_start的使用是否正确。
以下是代码:
<?php
if(isset($_POST['username']) && isset($_POST['password'])){?>
<?
$adServer = "ldap://server.domain.local";
$ldap = ldap_connect($adServer);
$username = $_POST['username'];
$password = $_POST['password'];
$ldaprdn = 'Domain' . "\\" . $username;
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
$bind = @ldap_bind($ldap, $ldaprdn, $password);
if ($bind) {
$filter="(sAMAccountName=$username)";
$result = ldap_search($ldap,"ou=country,dc=domain,dc=local",$filter);
ldap_sort($ldap,$result,"sn");
$info = ldap_get_entries($ldap, $result);
session_start();
$_SESSION['username'] = $username;
header("Location: /main.php");
@ldap_close($ldap);
} else {
/**$msg = "Invalid email address / password";
echo $msg;*/
echo "<center><h2>Failed authentication for <span style='color: #000;'>" . $username . "</span><br /><br />
<a href='login.php'>Try again</a></center>";
}
}else{
?>
<?php } ?>
提前致谢!!