Hi,
I suppose you need to replace $strlUsername with $strUsername in this code.

Hi,

Tnx i replace $strlUsername with $strUsernameand and modify (in bold) other lines
################################################################################

LDAP AUTHENTICATION MODIFICATION #

################################################################################

//include the class

include ("ldap/adLDAP.php");
//create the LDAP connection

$adldap = new adLDAP();

$ldap_auth = 0;

$ldap_group ="Domain User"; # Specified group for group authentication
// Authenticate

if (($adldap -> authenticate($strUsername,$strPassword))){

if ($adldap -> user_ingroup($strUsername,$ldap_group)){ # Group Authentication Only

$ldap_auth = 1;
// Check if user exists

$sql = "Select from `utenti` Where ".AddFieldWrappers($cUserNameField)." = \"$strUsername\"";

$rs = mysql_query($sql,$conn) or die("USER QUERY FAILED.");
// Update DB for new users

if (mysql_num_rows($rs) < 1) {

$info=$adldap->user_info($strUsername,array("givenname","sn"));

$strldapfirstname = $info[0][givenname][0]; #sets firstname value from AD

$strldaplastname = $info[0][sn][0]; #sets lastname value from AD

$sql = "INSERT INTO utenti ( ".AddFieldWrappers($cUserNameField).", firstname, lastname, level)";

$sql .= " SELECT ";

$sql .= "\"$strUsername\" AS Expr1, "; #adds username to database

$sql .= "\"$strldapfirstname\" AS Expr2, "; #adds firstname to database

$sql .= "\"$strldaplastname\" AS Expr3, "; #adds lastname to database

$sql .= "1 AS Expr4;"; #adds level to database

$result = mysql_query($sql,$conn);

}
// Generate Query

$strSQL = "select from `utenti` where ".AddFieldWrappers($cUserNameField)."=\"".$strUsername."\"";

} #Group Authentication Only

}
// Catch failed logins

*if ($ldap_auth == 0) $strSQL = "select from `utenti` where ".AddFieldWrappers($cUserNameField)."=\"xxxxx\"";**
################################################################################

END OF MODIFICATION #

################################################################################

error
Errore di tipo 2

Errore di descrizione ldap_bind() [function.ldap-bind]: Unable to bind to server: Invalid credentials

URL 172.16.1.19/login.php?

Errore di file C:\ticket\ldap\adLDAP.php

Errore di linea 409

Query SQL select * from `utenti` where 1=0

I guess LDAP username or password are incorrect.

I guess LDAP username or password are incorrect.

ldpap.php is ok, it's work with examples file downloaded from http://adldap.sourceforge.net/download.php

but when i modify login.php i'have this error
Errore di tipo 2

Errore di descrizione ldap_bind() [function.ldap-bind]: Unable to bind to server: Invalid credentials

URL 172.16.1.19/login.php?

Errore di file C:\ticket\ldap\adLDAP.php

Errore di linea 409

Query SQL select from `utenti` where 1=0
this is the file login.php
<?php

ini_set("display_errors","1");

ini_set("display_startup_errors","1");

set_magic_quotes_runtime(0);

include("include/dbcommon.php");

header("Expires: Thu, 01 Jan 1970 00:00:01 GMT");

header("Pragma: no-cache");

header("Cache-Control: no-cache");
if(@$_POST["a"]=="logout" || @$_GET["a"]=="logout")

{

session_unset();

setcookie("username","",time()-365144060);

setcookie("password","",time()-365144060);

header("Location: login.php");

exit();

}
include('include/xtempl.php');

$xt = new Xtempl();
// Before Process event

if(function_exists("BeforeProcessLogin"))

BeforeProcessLogin($conn);
$myurl=@$_SESSION["MyURL"];

unset($_SESSION["MyURL"]);
$defaulturl="";

$defaulturl="menu.php";
$message="";
$pUsername=postvalue("username");

$pPassword=postvalue("password");
$rememberbox_checked="";

$rememberbox_attrs = "name=\"remember_password\" value=\"1\"";

if(@$_COOKIE["username"] || @$_COOKIE["password"])

$rememberbox_checked=" checked";
if (@$_POST["btnSubmit"] == "Login")

{

if(@$_POST["remember_password"] == 1)

{

setcookie("username",$pUsername,time()+365144060);

setcookie("password",$pPassword,time()+365144060);

$rememberbox_checked=" checked";

}

else

{

setcookie("username","",time()-365144060);

setcookie("password","",time()-365144060);

$rememberbox_checked="";

}

// username and password are stored in the database

$strUsername = (string)$pUsername;

$strPassword = (string)$pPassword;

$sUsername=$strUsername;

$sPassword=$strPassword;
$rstemp=db_query("select from `utenti` where 1=0",$conn);
if(FieldNeedQuotes($rstemp,$cUserNameField))

$strUsername="'".db_addslashes($strUsername)."'";

else

$strUsername=(0+$strUsername);

if(FieldNeedQuotes($rstemp,$cPasswordField))

$strPassword="'".db_addslashes($strPassword)."'";

else

$strPassword=(0+$strPassword);

$strSQL = "select * from `utenti` where ".AddFieldWrappers($cUserNameField).

"=".$strUsername." and ".AddFieldWrappers($cPasswordField).

"=".$strPassword;

$retval=true;

$logged=false;
################################################################################

LDAP AUTHENTICATION MODIFICATION #

################################################################################

//include the class

include ("ldap/adLDAP.php");
//create the LDAP connection

$adldap = new adLDAP();

$ldap_auth = 0;

$ldap_group ="Domain Users"; # Specified group for group authentication
// Authenticate

if (($adldap -> authenticate($strUsername,$strPassword))){

if ($adldap -> user_ingroup($strUsername,$ldap_group)){ # Group Authentication Only

$ldap_auth = 1;
// Check if user exists

$strSQL = "Select from ".AddTableWrappers($cLoginTable)." Where ".AddFieldWrappers($cUserNameField)." = \"$strUsername\"";

$rs = mysql_query($sql,$conn) or die("USER QUERY FAILED.");
// Update DB for new users

if (mysql_num_rows($rs) < 1) {

$info=$adldap->user_info($strUsername,array("givenname","sn"));

$strldapfirstname = $info[0][givenname][0]; #sets firstname value from AD

$strldaplastname = $info[0][sn][0]; #sets lastname value from AD

$sql = "INSERT INTO ".AddTableWrappers($cLoginTable)." ( ".AddFieldWrappers($cUserNameField).", utente, password, email)";

$sql .= " SELECT ";

$sql .= "\"$strUsername\" AS Expr1, "; #adds username to database

$sql .= "\"$strldapfirstname\" AS Expr2, "; #adds firstname to database

$sql .= "\"$strldaplastname\" AS Expr3, "; #adds lastname to database

$sql .= "1 AS Expr4;"; #adds level to database

$result = mysql_query($sql,$conn);

}
// Generate Query

$strSQL = "select from ".AddTableWrappers($cLoginTable)." where ".AddFieldWrappers($cUserNameField)."=\"".$strUsername."\"";

} #Group Authentication Only

}
// Catch failed logins

if ($ldap_auth == 0) $strSQL = "select * from ".AddTableWrappers($cLoginTable)." where ".AddFieldWrappers($cUserNameField)."=\"xxxxx\"";
################################################################################

END OF MODIFICATION #

################################################################################

if(function_exists("BeforeLogin"))

$retval=BeforeLogin($pUsername,$pPassword,$message);

if($retval)

{

$rs=db_query($strSQL,$conn);

$data=db_fetch_array($rs);

if($data)

if(@$data[$cUserNameField]==$sUsername && @$data[$cPasswordField]==$sPassword)

$logged=true;

}

if($logged)

{

$_SESSION["UserID"] = $pUsername;

$_SESSION["AccessLevel"] = ACCESS_LEVEL_USER;
$_SESSION["GroupID"] = $data["utente"];
$_SESSION["OwnerID"] = $data["utente"];

$_SESSION["_ticket_OwnerID"] = $data["utente"];

$_SESSION["_ticket_ict_OwnerID"] = $data["email"];
if(function_exists("AfterSuccessfulLogin"))

AfterSuccessfulLogin($pUsername,$pPassword,$data);

if($myurl)

header("Location: ".$myurl);

else

header("Location: ".$defaulturl);

return;

}

else

{

if(function_exists("AfterUnsuccessfulLogin"))

AfterUnsuccessfulLogin($pUsername,$pPassword,$message);

if($message=="")

$message = "Login non valido";

}

}
$xt->assign("rememberbox_attrs",$rememberbox_attrs.$rememberbox_checked);
// if guest have any permissions

if (guestHasPermissions())

{

$xt->assign("guestlink_block",true);

}else{

$xt->assign("guestlink_block",false);

}
$_SESSION["MyURL"]=$myurl;

if($myurl)

$xt->assign("guestlink_attrs","href=\"".$myurl."\"");

else

$xt->assign("guestlink_attrs","href=\"".$defaulturl."\"");
if(@$_POST["username"] || @$_GET["username"])

$xt->assign("username_attrs","value=\"".htmlspecialchars($pUsername)."\"");

else

$xt->assign("username_attrs","value=\"".htmlspecialchars(refine(@$_COOKIE["username"]))."\"");
$password_attrs="onkeydown=\"e=event; if(!e) e = window.event; if (e.keyCode != 13) return; e.cancel = true; e.cancelBubble=true; document.forms[0].submit(); return false;\"";

if(@$_POST["password"])

$password_attrs.=" value=\"".htmlspecialchars($pPassword)."\"";

else

$password_attrs.=" value=\"".htmlspecialchars(refine(@$_COOKIE["password"]))."\"";

$xt->assign("password_attrs",$password_attrs);
if(@$_GET["message"]=="expired")

$message = "La sessione è terminata. Effettua un nuovo login.";
if($message)

{

$xt->assign("message_block",true);

$xt->assign("message",$message);

}
$body=array();

$body["begin"]="<form method=post action=\"login.php\" id=form1 name=form1>

<input type=hidden name=btnSubmit value=\"Login\">";

$body["end"]="</form>

<script>

function elementVisible(jselement)

{

do

{

if (jselement.style.display.toUpperCase() == 'NONE')

return false;

jselement=jselement.parentNode;

}

while (jselement.tagName.toUpperCase() != 'BODY');

return true;

}

if(elementVisible(document.forms[0].elements['username']))

document.forms[0].elements['username'].focus();

</script>";

$xt->assignbyref("body",$body);
$templatefile="login.htm";

if(function_exists("BeforeShowLogin"))

BeforeShowLogin($xt,$templatefile);
$xt->display($templatefile);

?>
i need to modify other variables?

I think to be on right way....
i read :
http://www.asprunner.com/forums/index.php?showtopic=3551

http://www.asprunner.com/forums/index.php?...mp;hl=ldap+2008

http://www.asprunner.com/forums/index.php?...875&hl=ldap

http://www.asprunner.com/forums/index.php?showtopic=8991
this is my login.php file. Now i've only a i don't understand wich is the problem with mysql <img src='https://asprunner.com/forums/file.php?topicimage=1&fieldname=reply&id=42252&image=1&table=forumreplies' class='bbc_emoticon' alt=':angry:' />
<?php

ini_set("display_errors","1");

ini_set("display_startup_errors","1");

set_magic_quotes_runtime(0);

include("include/dbcommon.php");

header("Expires: Thu, 01 Jan 1970 00:00:01 GMT");

header("Pragma: no-cache");

header("Cache-Control: no-cache");
if(@$_POST["a"]=="logout" || @$_GET["a"]=="logout")

{

session_unset();

setcookie("username","",time()-365144060);

setcookie("password","",time()-365144060);

header("Location: login.php");

exit();

}
include('include/xtempl.php');

$xt = new Xtempl();
// Before Process event

if(function_exists("BeforeProcessLogin"))

BeforeProcessLogin($conn);
$myurl=@$_SESSION["MyURL"];

unset($_SESSION["MyURL"]);
$defaulturl="";

$defaulturl="menu.php";
$message="";
$pUsername=postvalue("username");

$pPassword=postvalue("password");
$rememberbox_checked="";

$rememberbox_attrs = "name=\"remember_password\" value=\"1\"";

if(@$_COOKIE["username"] || @$_COOKIE["password"])

$rememberbox_checked=" checked";
if (@$_POST["btnSubmit"] == "Login")

{

if(@$_POST["remember_password"] == 1)

{

setcookie("username",$pUsername,time()+365144060);

setcookie("password",$pPassword,time()+365144060);

$rememberbox_checked=" checked";

}

else

{

setcookie("username","",time()-365144060);

setcookie("password","",time()-365144060);

$rememberbox_checked="";

}

// username and password are stored in the database

$strUsername = (string)$pUsername;

$strPassword = (string)$pPassword;

$sUsername=$strUsername;

$sPassword=$strPassword;

[color=#FF0000]

$strlUsername = postvalue("username");

$strlPassword = postvalue("password");
$rstemp=db_query("select from `utenti` where 1=0",$conn);
if(FieldNeedQuotes($rstemp,$cUserNameField))

$strUsername="'".db_addslashes($strUsername)."'";

else

$strUsername=(0+$strUsername);

if(FieldNeedQuotes($rstemp,$cPasswordField))

$strPassword="'".db_addslashes($strPassword)."'";

else

$strPassword=(0+$strPassword);

$strSQL = "select from `utenti` where ".AddFieldWrappers($cUserNameField).

"=".$strUsername." and ".AddFieldWrappers($cPasswordField).

"=".$strPassword;

$retval=true;

$logged=false;
################################################################################

LDAP AUTHENTICATION MODIFICATION #

################################################################################

//include the class

include ("ldap/adLDAP.php");
//create the LDAP connection

$adldap = new adLDAP();

$ldap_auth = 0;

$ldap_group ="Domain Users"; # Specified group for group authentication
// Authenticate

if (($adldap -> authenticate($strlUsername,$strlPassword))){

if ($adldap -> user_ingroup($strlUsername,$ldap_group)){ # Group Authentication Only

$ldap_auth = 1;
// Check if user exists

$sql = "select from `utenti where ".AddFieldWrappers($cUserNameField)."=\"".$strlUsername."\"";

$rs = mysql_query($sql,$conn) or die("USER QUERY FAILED.");
// Update DB for new users

//if (mysql_num_rows($rs) < 1) {

//$info=$adldap->user_info($strUsername,array("givenname","sn"));

//$strldapfirstname = $info[0][givenname][0]; #sets firstname value from AD

//$strldaplastname = $info[0][sn][0]; #sets lastname value from AD

//$sql = "INSERT INTO ".AddTableWrappers($cLoginTable)." ( ".AddFieldWrappers($cUserNameField).", utente, password, email)";

//$sql .= " SELECT ";

//$sql .= "\"$strUsername\" AS Expr1, "; #adds username to database

//$sql .= "\"$strldapfirstname\" AS Expr2, "; #adds firstname to database

//$sql .= "\"$strldaplastname\" AS Expr3, "; #adds lastname to database

//$sql .= "1 AS Expr4;"; #adds level to database

//$result = mysql_query($sql,$conn);

//}
// Generate Query

$strSQL = "select from `utenti` where ".AddFieldWrappers($cUserNameField)."=\"".$strlUsername."\"";

} #Group Authentication Only

}
// Catch failed logins

if ($ldap_auth == 0) $strSQL = "select * from `utenti` where ".AddFieldWrappers($cUserNameField)."=\"xxxxx\"";
################################################################################

END OF MODIFICATION #

################################################################################

if(function_exists("BeforeLogin"))

$retval=BeforeLogin($pUsername,$pPassword,$message);

if($retval)

{

$rs=db_query($strSQL,$conn);

$data=db_fetch_array($rs);

if($data)

==$sPassword)

if($data && @$data[$cUserNameField]==$sUsername)

$logged=true;

}

if($logged)

{

$_SESSION["UserID"] = $pUsername;

$_SESSION["AccessLevel"] = ACCESS_LEVEL_USER;
$_SESSION["GroupID"] = $data["utente"];
$_SESSION["OwnerID"] = $data["utente"];

$_SESSION["_ticket_OwnerID"] = $data["utente"];

$_SESSION["_ticket_ict_OwnerID"] = $data["email"];
if(function_exists("AfterSuccessfulLogin"))

AfterSuccessfulLogin($pUsername,$pPassword,$data);

if($myurl)

header("Location: ".$myurl);

else

header("Location: ".$defaulturl);

return;

}

else

{

if(function_exists("AfterUnsuccessfulLogin"))

AfterUnsuccessfulLogin($pUsername,$pPassword,$message);

if($message=="")

$message = "Login non valido";

}

}
$xt->assign("rememberbox_attrs",$rememberbox_attrs.$rememberbox_checked);
// if guest have any permissions

if (guestHasPermissions())

{

$xt->assign("guestlink_block",true);

}else{

$xt->assign("guestlink_block",false);

}
$_SESSION["MyURL"]=$myurl;

if($myurl)

$xt->assign("guestlink_attrs","href=\"".$myurl."\"");

else

$xt->assign("guestlink_attrs","href=\"".$defaulturl."\"");
if(@$_POST["username"] || @$_GET["username"])

$xt->assign("username_attrs","value=\"".htmlspecialchars($pUsername)."\"");

else

$xt->assign("username_attrs","value=\"".htmlspecialchars(refine(@$_COOKIE["username"]))."\"");
$strPassword_attrs="onkeydown=\"e=event; if(!e) e = window.event; if (e.keyCode != 13) return; e.cancel = true; e.cancelBubble=true; document.forms[0].submit(); return false;\"";

if(@$_POST["password"])

$strPassword_attrs.=" value=\"".htmlspecialchars($pPassword)."\"";

else

$strPassword_attrs.=" value=\"".htmlspecialchars(refine(@$_COOKIE["password"]))."\"";

$xt->assign("password_attrs",$strPassword_attrs);
if(@$_GET["message"]=="expired")

$message = "La sessione è terminata. Effettua un nuovo login.";
if($message)

{

$xt->assign("message_block",true);

$xt->assign("message",$message);

}
$body=array();

$body["begin"]="<form method=post action=\"login.php\" id=form1 name=form1>

<input type=hidden name=btnSubmit value=\"Login\">";

$body["end"]="</form>

<script>

function elementVisible(jselement)

{

do

{

if (jselement.style.display.toUpperCase() == 'NONE')

return false;

jselement=jselement.parentNode;

}

while (jselement.tagName.toUpperCase() != 'BODY');

return true;

}

if(elementVisible(document.forms[0].elements['username']))

document.forms[0].elements['username'].focus();

</script>";

$xt->assignbyref("body",$body);
$templatefile="login.htm";

if(function_exists("BeforeShowLogin"))

BeforeShowLogin($xt,$templatefile);
$xt->display($templatefile);

?>

now i try to insert a new user from AD to mysql database. This is the final login.php page
<?php

ini_set("display_errors","1");

ini_set("display_startup_errors","1");

set_magic_quotes_runtime(0);

include("include/dbcommon.php");

header("Expires: Thu, 01 Jan 1970 00:00:01 GMT");

header("Pragma: no-cache");

header("Cache-Control: no-cache");
if(@$_POST["a"]=="logout" || @$_GET["a"]=="logout")

{

session_unset();

setcookie("username","",time()-365144060);

setcookie("password","",time()-365144060);

header("Location: login.php");

exit();

}
include('include/xtempl.php');

$xt = new Xtempl();
// Before Process event

if(function_exists("BeforeProcessLogin"))

BeforeProcessLogin($conn);
$myurl=@$_SESSION["MyURL"];

unset($_SESSION["MyURL"]);
$defaulturl="";

$defaulturl="menu.php";
$message="";
$pUsername=postvalue("username");

$pPassword=postvalue("password");
$rememberbox_checked="";

$rememberbox_attrs = "name=\"remember_password\" value=\"1\"";

if(@$_COOKIE["username"] || @$_COOKIE["password"])

$rememberbox_checked=" checked";
if (@$_POST["btnSubmit"] == "Login")

{

if(@$_POST["remember_password"] == 1)

{

setcookie("username",$pUsername,time()+365144060);

setcookie("password",$pPassword,time()+365144060);

$rememberbox_checked=" checked";

}

else

{

setcookie("username","",time()-365144060);

setcookie("password","",time()-365144060);

$rememberbox_checked="";

}

// username and password are stored in the database

$strUsername = (string)$pUsername;

$strPassword = (string)$pPassword;

$sUsername=$strUsername;

$sPassword=$strPassword;

[color=#FF0000] $strlUsername = postvalue("username");

$strlPassword = postvalue("password");
$rstemp=db_query("select from `utenti` where 1=0",$conn);
if(FieldNeedQuotes($rstemp,$cUserNameField))

$strUsername="'".db_addslashes($strUsername)."'";

else

$strUsername=(0+$strUsername);

if(FieldNeedQuotes($rstemp,$cPasswordField))

$strPassword="'".db_addslashes($strPassword)."'";

else

$strPassword=(0+$strPassword);

$strSQL = "select from `utenti` where ".AddFieldWrappers($cUserNameField).

"=".$strUsername." and ".AddFieldWrappers($cPasswordField).

"=".$strPassword;

$retval=true;

$logged=false;
################################################################################

LDAP AUTHENTICATION MODIFICATION #

################################################################################

//include the class

include ("ldap/adLDAP.php");
//create the LDAP connection

$adldap = new adLDAP();

$ldap_auth = 0;

$ldap_group ="Domain Users"; # Specified group for group authentication
// Authenticate

if (($adldap -> authenticate($strlUsername,$strlPassword))){

if ($adldap -> user_ingroup($strlUsername,$ldap_group)){ # Group Authentication Only

$ldap_auth = 1;
// Check if user exists

$sql = "select from `utenti` where ".AddFieldWrappers($cUserNameField)."=\"".$strlUsername."\"";

$rs = mysql_query($sql,$conn) or die("USER QUERY FAILED.");
// Update DB for new users

//if (mysql_num_rows($rs) < 1) {

//$info=$adldap->user_info($strUsername,array("givenname","sn"));

//$strldapfirstname = $info[0][givenname][0]; #sets firstname value from AD

//$strldaplastname = $info[0][sn][0]; #sets lastname value from AD

//$sql = "INSERT INTO ".AddTableWrappers($cLoginTable)." ( ".AddFieldWrappers($cUserNameField).", utente, password, email)";

//$sql .= " SELECT ";

//$sql .= "\"$strUsername\" AS Expr1, "; #adds username to database

//$sql .= "\"$strldapfirstname\" AS Expr2, "; #adds firstname to database

//$sql .= "\"$strldaplastname\" AS Expr3, "; #adds lastname to database

//$sql .= "1 AS Expr4;"; #adds level to database

//$result = mysql_query($sql,$conn);

//}
// Generate Query

$strSQL = "select from `utenti` where ".AddFieldWrappers($cUserNameField)."=\"".$strlUsername."\"";

} #Group Authentication Only

}
// Catch failed logins

if ($ldap_auth == 0) $strSQL = "select * from `utenti` where ".AddFieldWrappers($cUserNameField)."=\"xxxxx\"";
################################################################################

END OF MODIFICATION #

################################################################################

if(function_exists("BeforeLogin"))

$retval=BeforeLogin($pUsername,$pPassword,$message);

if($retval)

{

$rs=db_query($strSQL,$conn);

$data=db_fetch_array($rs);

if($data)

==$sPassword)

if($data && @$data[$cUserNameField]==$sUsername)

$logged=true;

}

if($logged)

{

$_SESSION["UserID"] = $pUsername;

$_SESSION["AccessLevel"] = ACCESS_LEVEL_USER;
$_SESSION["GroupID"] = $data["utente"];
$_SESSION["OwnerID"] = $data["utente"];

$_SESSION["_ticket_OwnerID"] = $data["utente"];

$_SESSION["_ticket_ict_OwnerID"] = $data["email"];
if(function_exists("AfterSuccessfulLogin"))

AfterSuccessfulLogin($pUsername,$pPassword,$data);

if($myurl)

header("Location: ".$myurl);

else

header("Location: ".$defaulturl);

return;

}

else

{

if(function_exists("AfterUnsuccessfulLogin"))

AfterUnsuccessfulLogin($pUsername,$pPassword,$message);

if($message=="")

$message = "Login non valido";

}

}
$xt->assign("rememberbox_attrs",$rememberbox_attrs.$rememberbox_checked);
// if guest have any permissions

if (guestHasPermissions())

{

$xt->assign("guestlink_block",true);

}else{

$xt->assign("guestlink_block",false);

}
$_SESSION["MyURL"]=$myurl;

if($myurl)

$xt->assign("guestlink_attrs","href=\"".$myurl."\"");

else

$xt->assign("guestlink_attrs","href=\"".$defaulturl."\"");
if(@$_POST["username"] || @$_GET["username"])

$xt->assign("username_attrs","value=\"".htmlspecialchars($pUsername)."\"");

else

$xt->assign("username_attrs","value=\"".htmlspecialchars(refine(@$_COOKIE["username"]))."\"");
$strPassword_attrs="onkeydown=\"e=event; if(!e) e = window.event; if (e.keyCode != 13) return; e.cancel = true; e.cancelBubble=true; document.forms[0].submit(); return false;\"";

if(@$_POST["password"])

$strPassword_attrs.=" value=\"".htmlspecialchars($pPassword)."\"";

else

$strPassword_attrs.=" value=\"".htmlspecialchars(refine(@$_COOKIE["password"]))."\"";

$xt->assign("password_attrs",$strPassword_attrs);
if(@$_GET["message"]=="expired")

$message = "La sessione è terminata. Effettua un nuovo login.";
if($message)

{

$xt->assign("message_block",true);

$xt->assign("message",$message);

}
$body=array();

$body["begin"]="<form method=post action=\"login.php\" id=form1 name=form1>

<input type=hidden name=btnSubmit value=\"Login\">";

$body["end"]="</form>

<script>

function elementVisible(jselement)

{

do

{

if (jselement.style.display.toUpperCase() == 'NONE')

return false;

jselement=jselement.parentNode;

}

while (jselement.tagName.toUpperCase() != 'BODY');

return true;

}

if(elementVisible(document.forms[0].elements['username']))

document.forms[0].elements['username'].focus();

</script>";

$xt->assignbyref("body",$body);
$templatefile="login.htm";

if(function_exists("BeforeShowLogin"))

BeforeShowLogin($xt,$templatefile);
$xt->display($templatefile);

?>

################################################################################

LDAP AUTHENTICATION MODIFICATION #

################################################################################

//include the class

include ("ldap/adLDAP.php");
//create the LDAP connection

$adldap = new adLDAP();

$ldap_auth = 0;

$ldap_group ="Domain Users"; # Specified group for group authentication
// Authenticate

if (($adldap -> authenticate($strlUsername,$strlPassword))){

if ($adldap -> user_ingroup($strlUsername,$ldap_group)){ # Group Authentication Only

$ldap_auth = 1;
// Check if user exists

$sql = "select from `utenti` where ".AddFieldWrappers($cUserNameField)."=\"".$strlUsername."\"";

$rs = mysql_query($sql,$conn) or die("USER QUERY FAILED.");
// Update DB for new users

if (mysql_num_rows($rs) < 1) {

$info=$adldap->user_info($strlUsername);

[color=#FF0000]$sql = "INSERT INTO `utenti` (utente) values (\"$strlUsername\") ";

$result = mysql_query($sql,$conn);

}
// Generate Query

$strSQL = "select from `utenti` where ".AddFieldWrappers($cUserNameField)."=\"".$strlUsername."\"";

} #Group Authentication Only

}
// Catch failed logins

if ($ldap_auth == 0) $strSQL = "select * from `utenti` where ".AddFieldWrappers($cUserNameField)."=\"xxxxx\"";
################################################################################

END OF MODIFICATION #

################################################################################