X-Git-Url: https://git.llucax.com/mecon/intranet.git/blobdiff_plain/8a77d0b3c6347150fe4ac26aeb17b738e91351dc..2865355d3fe97e43da89dec0166f782719809ebc:/sistema/www/login.php?ds=sidebyside

diff --git a/sistema/www/login.php b/sistema/www/login.php
index f78827c..b2c8272 100644
--- a/sistema/www/login.php
+++ b/sistema/www/login.php
@@ -14,36 +14,43 @@
     //error connecting - return false
       echo "Error conectando!\n";
     }
-    list( $uid, $domain ) = split( "@", $userid );
+    @ list( $uid, $domain ) = split( "@", $userid );
+    if(is_null($uid) || is_null($domain))
+      $error = true;
 
-    $r = @ldap_bind($ds, "uid=$uid,ou=Personas,o=$domain,o=gov.ar", $_POST['password']);
+    $r = @ ldap_bind($ds, "uid=$uid,ou=Personas,o=$domain,o=gov.ar", $_POST['password']);
     if ($r) {
-      $sr = @ldap_search($ds, "ou=Personas,o=$domain,o=gov.ar", "uid=$uid");
-      $info = @ldap_get_entries($ds, $sr);
+      $sr   = @ ldap_search($ds, "ou=Personas,o=$domain,o=gov.ar", "uid=$uid");
+      $info = @ ldap_get_entries($ds, $sr);
     }
+    else
+      $error = true;
     ldap_close($ds);
-
-    if (!isset($sr)) {
+    if (! @ $sr) {
     //error reading / authenticating  - return false
       $error = true;
     }
     else
     {
-      $_SESSION['usuario'] = $_POST['usuario'];
-      $_SESSION['documento'] =  $info[0]['uidnumber'][0];
-      
-      // Agregado MANAZAR
-      $MECON_DNI=  $info[0]['uidnumber'][0];
-      $MECON_NOMBRE=   $info[0]['sn'][0]." ".$info[0]['givenname'][0];
-      $MECON_LOGIN=  $_POST['usuario'];
-      $usuario=& new MECON_USUARIO();
-      $usuario->Insertar_Usuario($MECON_DNI,$MECON_LOGIN,$MECON_NOMBRE);
-      // Fin Agregado MANAZAR
-      
+      if(! @ $_POST['usuario'] || ! @ $info[0]['uidnumber'][0])
+        $error = true;
+      else
+      {
+        $_SESSION['usuario'] = $_POST['usuario'];
+        $_SESSION['documento'] =  $info[0]['uidnumber'][0];
+        // Agregado MANAZAR
+        $MECON_DNI=  $info[0]['uidnumber'][0];
+        $MECON_NOMBRE=   $info[0]['sn'][0]." ".$info[0]['givenname'][0];
+        $MECON_LOGIN=  $_POST['usuario'];
+        $usuario=& new MECON_USUARIO();
+        $usuario->Insertar_Usuario($MECON_DNI,$MECON_LOGIN,$MECON_NOMBRE);
+        // Fin Agregado MANAZAR
+      }
     }
   }
+  
   {
-    if(!isset($_SESSION['usuario']))
+    if(!isset($_SESSION['usuario']) )
     {
       if((isset($_GET['redirect']) && $_GET['redirect'] == 'sistemas') ||
          (isset($_POST['redirect']) && $_POST['redirect'] == 'sistemas'))
@@ -75,7 +82,7 @@
     }
   }
 
-  if(isset($_SESSION['usuario']) &&
+  if(isset($_SESSION['usuario']) && ! @ $error &&
        (isset($_POST['redirect']) || isset($_GET['redirect'])))
   {
     @ $redirect = $_GET['redirect'].$_POST['redirect'];
@@ -88,5 +95,6 @@
       header('location: '.$redirect);
     else
       header('location: '.$link);
-  } 
+  }
+
 ?>