X-Git-Url: https://git.llucax.com/mecon/intranet.git/blobdiff_plain/e59d3170b36e5b9ccc19afcb1565faf4dcb40463..631e99d6b2c669a7a160ea80e5355a54de839116:/sistema/www/login.php?ds=sidebyside

diff --git a/sistema/www/login.php b/sistema/www/login.php
index ca3c860..b2c8272 100644
--- a/sistema/www/login.php
+++ b/sistema/www/login.php
@@ -14,36 +14,43 @@
     //error connecting - return false
       echo "Error conectando!\n";
     }
-    list( $uid, $domain ) = split( "@", $userid );
+    @ list( $uid, $domain ) = split( "@", $userid );
+    if(is_null($uid) || is_null($domain))
+      $error = true;
 
-    $r = @ldap_bind($ds, "uid=$uid,ou=Personas,o=$domain,o=gov.ar", $_POST['password']);
+    $r = @ ldap_bind($ds, "uid=$uid,ou=Personas,o=$domain,o=gov.ar", $_POST['password']);
     if ($r) {
-      $sr = @ldap_search($ds, "ou=Personas,o=$domain,o=gov.ar", "uid=$uid");
-      $info = @ldap_get_entries($ds, $sr);
+      $sr   = @ ldap_search($ds, "ou=Personas,o=$domain,o=gov.ar", "uid=$uid");
+      $info = @ ldap_get_entries($ds, $sr);
     }
+    else
+      $error = true;
     ldap_close($ds);
-
-    if (!isset($sr)) {
+    if (! @ $sr) {
     //error reading / authenticating  - return false
       $error = true;
     }
     else
     {
-      $_SESSION['usuario'] = $_POST['usuario'];
-      $_SESSION['documento'] =  $info[0]['uidnumber'][0];
-      
-      // Agregado MANAZAR
-      $MECON_DNI=  $info[0]['uidnumber'][0];
-      $MECON_NOMBRE=   $info[0]['sn'][0]." ".$info[0]['givenname'][0];
-      $MECON_LOGIN=  $_POST['usuario'];
-      $usuario=& new MECON_USUARIO();
-      $usuario->Insertar_Usuario($MECON_DNI,$MECON_LOGIN,$MECON_NOMBRE);
-      // Fin Agregado MANAZAR
-      
+      if(! @ $_POST['usuario'] || ! @ $info[0]['uidnumber'][0])
+        $error = true;
+      else
+      {
+        $_SESSION['usuario'] = $_POST['usuario'];
+        $_SESSION['documento'] =  $info[0]['uidnumber'][0];
+        // Agregado MANAZAR
+        $MECON_DNI=  $info[0]['uidnumber'][0];
+        $MECON_NOMBRE=   $info[0]['sn'][0]." ".$info[0]['givenname'][0];
+        $MECON_LOGIN=  $_POST['usuario'];
+        $usuario=& new MECON_USUARIO();
+        $usuario->Insertar_Usuario($MECON_DNI,$MECON_LOGIN,$MECON_NOMBRE);
+        // Fin Agregado MANAZAR
+      }
     }
   }
+  
   {
-    if(!isset($_SESSION['usuario']))
+    if(!isset($_SESSION['usuario']) )
     {
       if((isset($_GET['redirect']) && $_GET['redirect'] == 'sistemas') ||
          (isset($_POST['redirect']) && $_POST['redirect'] == 'sistemas'))
@@ -75,25 +82,19 @@
     }
   }
 
-  if(isset($_SESSION['usuario']) &&
+  if(isset($_SESSION['usuario']) && ! @ $error &&
        (isset($_POST['redirect']) || isset($_GET['redirect'])))
   {
-    if((isset($_GET['redirect']) && $_GET['redirect'] == 'sistemas') ||
-       (isset($_POST['redirect']) && $_POST['redirect'] == 'sistemas'))
-    {
-      header('location: sistemas.php');
-      exit;
-    }
+    @ $redirect = $_GET['redirect'].$_POST['redirect'];
+    $db = DB::Connect('mysql://intranet:intranet@bal747f/intranet');
+    $query = "SELECT link
+              FROM servicio
+              WHERE servicio = $redirect";
+    $link = $db->getOne($query);
+    if(PEAR::isError($link))
+      header('location: '.$redirect);
     else
-    {
-      $db = DB::Connect('mysql://intranet:intranet@bal747f/intranet');
-      $query = "SELECT link
-                FROM servicio
-	        WHERE servicio = ";
-      if(isset($_POST['redirect'])) $query .= $_POST['redirect'];
-      else                          $query .= $_GET['redirect'];
-      $link = $db->getOne($query);
       header('location: '.$link);
-    }
-  } 
+  }
+
 ?>