Project

General

Profile

Revision b42754b9

Added by Assos Assos almost 7 years ago

Weekly update of contrib modules

View differences:

drupal7/sites/all/modules/ldap/ldap_authentication/ldap_authentication.inc
49 49

  
50 50
    $form['links']['#markup'] = theme('ldap_authentication_user_login_block_links', $vars);
51 51
  }
52
  ldap_servers_disable_http_check($form);
53 52

  
54 53
  // Add help information for entering in username/password
55 54
  $auth_conf = ldap_authentication_get_valid_conf();
......
391 390
  if (!$drupal_account_exists) {
392 391

  
393 392
    // VI.C.1 Do not provision Drupal account if another account has same email.
394
    if ($account_with_same_email = user_load_by_mail($ldap_user['mail'])) {
393
    if (($auth_conf->ldapUser->acctCreation == LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_DISABLED) && ($account_with_same_email = user_load_by_mail($ldap_user['mail']))) {
395 394
      $error = TRUE;
396 395
      /**
397 396
       * username does not exist but email does.  Since user_external_login_register does not deal with
drupal7/sites/all/modules/ldap/ldap_authentication/ldap_authentication.info
14 14
files[] = ldap_authentication.admin.inc
15 15
files[] = tests/ldap_authentication.test
16 16

  
17
; Information added by Drupal.org packaging script on 2017-05-30
18
version = "7.x-2.2"
17
test_dependencies[] = ldap_sso:ldap_sso
18

  
19
; Information added by Drupal.org packaging script on 2017-08-27
20
version = "7.x-2.3"
19 21
core = "7.x"
20 22
project = "ldap"
21
datestamp = "1496167150"
23
datestamp = "1503841448"
22 24

  
drupal7/sites/all/modules/ldap/ldap_authorization/ldap_authorization.info
17 17
files[] = tests/Og2Tests.test
18 18
configure = admin/config/people/ldap/authorization
19 19

  
20
; Information added by Drupal.org packaging script on 2017-05-30
21
version = "7.x-2.2"
20
test_dependencies[] = ldap_sso:ldap_sso
21

  
22
; Information added by Drupal.org packaging script on 2017-08-27
23
version = "7.x-2.3"
22 24
core = "7.x"
23 25
project = "ldap"
24
datestamp = "1496167150"
26
datestamp = "1503841448"
25 27

  
drupal7/sites/all/modules/ldap/ldap_authorization/ldap_authorization_drupal_role/ldap_authorization_drupal_role.info
9 9
files[] = ldap_authorization_drupal_role.module
10 10
files[] = ldap_authorization_drupal_role.inc
11 11

  
12
; Information added by Drupal.org packaging script on 2017-05-30
13
version = "7.x-2.2"
12
; Information added by Drupal.org packaging script on 2017-08-27
13
version = "7.x-2.3"
14 14
core = "7.x"
15 15
project = "ldap"
16
datestamp = "1496167150"
16
datestamp = "1503841448"
17 17

  
drupal7/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/ldap_authorization_og.info
13 13

  
14 14
core = "7.x"
15 15

  
16
; Information added by Drupal.org packaging script on 2017-05-30
17
version = "7.x-2.2"
16
; Information added by Drupal.org packaging script on 2017-08-27
17
version = "7.x-2.3"
18 18
core = "7.x"
19 19
project = "ldap"
20
datestamp = "1496167150"
20
datestamp = "1503841448"
21 21

  
drupal7/sites/all/modules/ldap/ldap_feeds/ldap_feeds.info
12 12
core = 7.x
13 13
php = 5.2
14 14

  
15
; Information added by Drupal.org packaging script on 2017-05-30
16
version = "7.x-2.2"
15
; Information added by Drupal.org packaging script on 2017-08-27
16
version = "7.x-2.3"
17 17
core = "7.x"
18 18
project = "ldap"
19
datestamp = "1496167150"
19
datestamp = "1503841448"
20 20

  
drupal7/sites/all/modules/ldap/ldap_help/ldap_help.info
5 5

  
6 6
dependencies[] = ldap_servers
7 7
dependencies[] = ldap_test
8
; Information added by Drupal.org packaging script on 2017-05-30
9
version = "7.x-2.2"
8
; Information added by Drupal.org packaging script on 2017-08-27
9
version = "7.x-2.3"
10 10
core = "7.x"
11 11
project = "ldap"
12
datestamp = "1496167150"
12
datestamp = "1503841448"
13 13

  
drupal7/sites/all/modules/ldap/ldap_query/ldap_query.info
17 17

  
18 18
configure = admin/config/people/ldap/query
19 19

  
20
; Information added by Drupal.org packaging script on 2017-05-30
21
version = "7.x-2.2"
20
; Information added by Drupal.org packaging script on 2017-08-27
21
version = "7.x-2.3"
22 22
core = "7.x"
23 23
project = "ldap"
24
datestamp = "1496167150"
24
datestamp = "1503841448"
25 25

  
drupal7/sites/all/modules/ldap/ldap_servers/ldap_servers.info
17 17
files[] = tests/ldap_servers.test
18 18
configure = admin/config/people/ldap/servers
19 19

  
20
; Information added by Drupal.org packaging script on 2017-05-30
21
version = "7.x-2.2"
20
; Information added by Drupal.org packaging script on 2017-08-27
21
version = "7.x-2.3"
22 22
core = "7.x"
23 23
project = "ldap"
24
datestamp = "1496167150"
24
datestamp = "1503841448"
25 25

  
drupal7/sites/all/modules/ldap/ldap_servers/ldap_servers.install
878 878
    }
879 879
}
880 880

  
881
/**
882
 * Removes HTTPS checking.
883
 */
884
function ldap_servers_update_7208() {
885
  variable_del('ldap_servers_require_ssl_for_credentials');
886
  return t('HTTPS validation was removed, if you need mixed mode consider another module such as securelogin for this. Mixed mode is strongly discouraged.');
887

  
888
}
889

  
881 890
function ldap_servers_install_update_schema($schema, &$change_log) {
882 891
  foreach ($schema as $table_name => $table_schema) {
883 892
    foreach ($table_schema['fields'] as $field_name => $field_schema) {
......
887 896
      }
888 897
    }
889 898
  }
890
}
899
}
drupal7/sites/all/modules/ldap/ldap_servers/ldap_servers.module
256 256
      'variables' => array('ldap_server' => NULL, 'actions' => FALSE, 'type' => 'detail'),
257 257
      'render element' => 'element',
258 258
      'file' => 'ldap_servers.theme.inc'
259
    ),
260
     'ldap_servers_https_required' => array(
261
      'variables' => array('site_name' => NULL, 'site_mail' => FALSE, 'site_contact_link' => FALSE),
262
      'render element' => 'element',
263
      'file' => 'ldap_servers.theme.inc'
264 259
    ),
265 260
    'ldap_server_token_table' => array(
266 261
      'variables' => array('tokens' => array()),
......
802 797
  return $value;
803 798
}
804 799

  
805

  
806
/**
807
 * disable a logon form if ldap preferences exclude http logon forms
808
 *
809
 * @param drupal logon form array $form
810
 */
811
function ldap_servers_disable_http_check(&$form) {
812

  
813
  if (variable_get('ldap_servers_require_ssl_for_credentials', 0) == 1 && !drupal_is_https()) {
814

  
815
    $tokens = array(
816
      'site_name' => variable_get('site_name', 'this site'),
817
      'site_mail' =>  variable_get('site_mail', ''),
818
      );
819

  
820
    drupal_set_message(t(theme('ldap_servers_https_required', $tokens)), 'error');
821
    $form['#disabled'] = TRUE;
822
  }
823
}
824

  
825 800
function ldap_servers_ldap_extension_summary($op = 'data') {
826 801
  ldap_servers_module_load_include('inc', 'ldap_servers', 'ldap_servers.status');
827 802
  return _ldap_servers_ldap_extension_summary($op);
......
864 839
   case 'admin/help#ldap_servers':
865 840
      $servers_help .= '<h3>' . t('Configuration - Settings') . '</h3>';
866 841
      $servers_help .= '<dl>';
867
      $servers_help .= '<dt>' . t('REQUIRE HTTPS ON CREDENTIAL PAGES') . '</dt>';
868
      $servers_help .= '<dd>' . t('If checked, modules using LDAP will not allow credentials to be entered on or submitted to HTTP pages, only HTTPS. This option should be used with an approach to get all logon forms to be HTTPS.') . '</dd>';
869 842
      $servers_help .= '<dt>' . t('ENCRYPTION') . '</dt>';
870 843
      $servers_help .= '<dd>' . t('With encryption enabled, passwords will be stored in encrypted form. This is two way encryption because the actual password needs to used to bind to LDAP. So it offers minimal defense if someone gets in the filespace. It mainly helps avoid the accidental discovery of a clear text password.') . '</dd>';
871 844
      $servers_help .= '<dt>' . t('LOG DETAILED LDAP ACTIONS') . '</dt>';
drupal7/sites/all/modules/ldap/ldap_servers/ldap_servers.settings.inc
13 13
    drupal_set_message(t('PHP LDAP Extension is not loaded.'), "warning");
14 14
  }
15 15

  
16
  $https_approaches = array();
17
  $https_approaches[] = t('Use secure pages or secure login module to redirect to SSL (https)');
18
  $https_approaches[] = t('Run entire site with SSL (https)');
19
  $https_approaches[] = t('Remove logon block and redirect all /user page to https via webserver redirect');
20

  
21 16
  $form['#title'] = "Configure LDAP Preferences";
22
  $form['ssl'] = array('#type' => 'fieldset', '#title' => t('Require HTTPS on Credential Pages'));
23
  $form['ssl']['ldap_servers_require_ssl_for_credentials'] = array(
24
    '#type' => 'checkbox',
25
    '#title' => t('If checked, modules using LDAP will not allow credentials to
26
      be entered on or submitted to HTTP pages, only HTTPS. This option should be used with an
27
      approach to get all logon forms to be https, such as:') .
28
      theme('item_list', array('items' => $https_approaches)),
29
    '#default_value' => variable_get('ldap_servers_require_ssl_for_credentials', 0),
30
  );
17

  
31 18

  
32 19
  $options = ldap_servers_encrypt_types('encrypt');
33 20

  
drupal7/sites/all/modules/ldap/ldap_servers/ldap_servers.theme.inc
93 93
  return $output;
94 94
}
95 95

  
96
function theme_ldap_servers_https_required($vars) {
97

  
98
  if (!isset($vars['site_contact_link']) || empty($vars['site_contact_link'])) {
99
    $vars['site_contact_link'] = 'site admin';
100
  }
101
  return t("You are accessing site_name using an unencrypted connection. For your security,
102
     site_name only supports account logins using a secure protocol such as HTTPS. You can switch
103
     to HTTPS by trying to view this page again after changing the URL in your browser's
104
     location bar to begin with \"https\" instead of \"http\". Please contact
105
      site_contact_link for help if this error continues.", $vars);
106

  
107
}
108

  
109 96
function theme_ldap_server_token_table($variables) {
110 97
  $header = array(
111 98
    array('data' => 'Token', 'sort' => 'asc'),
drupal7/sites/all/modules/ldap/ldap_sso/MSTMG.notes.txt
1

  
2

  
3
Microsoft Forefront Threat Management Gateway
4
http://technet.microsoft.com/en-us/library/cc441438.aspx
5

  
6
Overview of authentication in Forefront TMG
7
http://technet.microsoft.com/en-us/library/cc441695.aspx
8

  
9

  
10
About authentication in Web publishing
11
http://technet.microsoft.com/en-us/library/cc441671.aspx
12
-- third component of TMG authentication for web publishing is: "Delegation of authentication ot web servers behind FTMG".  This is where LDAP modules need to be integrated.  This aspect is configured in the "publishing rule" such that a single listener can have multiple types of delegation.
13

  
14
1) The Web server must be configured to use the authentication scheme that matches the delegation method used by Forefront TMG. Delegation of client credentials is configured on the publishing rule. In the Publishing Rule wizard, configure this on the Authentication Delegation page. In the publishing rule properties, the authentication settings are on the Authentication Delegation tab.
15

  
16
2) Delegation options are (sorted in order of what I think are desireable)
17
- NTLM/Kerberos (Negotiate).  Tries for Kerberos ticket and goes for credentials via NTLM.
18
- NTLM. "In NTLM delegation, Forefront TMG delegates the credentials by using the NTLM challenge/response authentication protocol. If authentication fails, Forefront TMG replaces the delegation with the authentication type used by the Web listener. If the server requires a different type of credentials, Forefront TMG triggers an alert."
19
- No delegation, and client cannot authenticate directly.  Not useful.  Just for avoiding false passing of credentials when not needed.
20
- No delegation, but client may authenticate directly.  User credentials passed to drupal.  Not desireable.
21
- Basic.  cleartext passing of credentials to drupal.  Not desireable.
22
- SecurID
23
- Kerberos constrained delegation
drupal7/sites/all/modules/ldap/ldap_sso/README.txt
1

  
2
=======================================
3
LDAP Single Sign-On
4
=======================================
5

  
6

  
7
To use the single sign-on feature, your web server must provide an authentication
8
mechanism for LDAP. The only authentication mechanism used in development
9
was mod_auth_sspi for Apache/Windows, but so long as the web server's LDAP
10
authentication mechanism is configured to provide the $_SERVER variable
11
$_SERVER['REMOTE_USER'] or $_SERVER['REDIRECT_REMOTE_USER'] corresponding
12
directly to a user's LDAP user name, this should work all the same. This
13
will require some sort of LDAP authentication mechanism; mod_auth_sspi is
14
available here: http://mod-auth-sspi.sourceforge.net/, while mod_ntlm is
15
available here: http://modntlm.sourceforge.net/, and mod_auth_ntlm_winbind is
16
available here: http://samba.org/ftp/unpacked/lorikeet/mod_auth_ntlm_winbind/.
17
If a Linux distribution is being used, Apache authentication modules are likely
18
available within the distro's package manager.
19

  
20
Unless an administrator wishes to require that all visitors be authenticated,
21
NTLM and/or basic authentication should be set up only on the path
22
user/login/sso, which will authentify the visitor but not deny access to view
23
the site if the visitor is not authenticated. An administrator may wish to
24
require LDAP authentication to view any portion of the site; this can be
25
achieved by changing the location directive below to "/". An administrator may
26
also wish to automatically log in visitors to Drupal; this can be achieved by
27
checking "Turn on automated single sign-on" in the modules' configuration page.
28

  
29
An example of an Apache configuration for a named virtualhost configuration
30
using mod_auth_sspi on Windows is as follows:
31

  
32

  
33
httpd.conf:
34
_______________________________________________________________________________
35
_______________________________________________________________________________
36

  
37

  
38

  
39

  
40
# Virtual hosts
41
Include conf/extra/httpd-vhosts.conf
42

  
43
# Pass NTLM authentication to Apache
44
LoadModule sspi_auth_module modules/mod_auth_sspi.so
45

  
46
<IfModule !mod_auth_sspi.c>
47
  LoadModule sspi_auth_module modules/mod_auth_sspi.so
48
</IfModule>
49

  
50

  
51

  
52
_______________________________________________________________________________
53
_______________________________________________________________________________
54

  
55

  
56

  
57

  
58
httpd-vhosts.conf:
59
_______________________________________________________________________________
60
_______________________________________________________________________________
61

  
62

  
63

  
64

  
65
NameVirtualHost example.com
66

  
67
<VirtualHost example.com>
68
  DocumentRoot "D:/www/example.com/htdocs"
69
  ServerName example.com
70

  
71
  <directory "D:/www/example.com/htdocs">
72
    Options Indexes FollowSymLinks MultiViews
73
    AllowOverride All
74
    Order Allow,Deny
75
    Allow from all
76
  </directory>
77

  
78
  <Location /user/login/sso>
79
    AuthType SSPI
80
    AuthName "Example.com - Login using your LDAP user name and password"
81
    SSPIAuth On
82
    SSPIAuthoritative On
83
    ### The domain used to authenticate with LDAP; this should match the domain
84
    ### configured in the LDAP integration configuration within Drupal
85
    SSPIDomain ad.example.com
86
    SSPIOmitDomain On
87
    SSPIOfferBasic On
88
    Require valid-user
89
    #SSPIBasicPreferred On
90
    #SSPIofferSSPI off
91
  </Location>
92
</VirtualHost>
93

  
94
_______________________________________________________________________________
95
_______________________________________________________________________________
96

  
97

  
98
After enabling and configuring an LDAP authentication module within Apache,
99
visit user/login/sso in the Drupal installation on example.com. With or without
100
the ldap sso feature enabled, the browser should prompt for a user name and
101
password if using Internet Explorer 8 or a non-Microsoft browser. Internet
102
Explorer 7 by default will pass NTLM authentication credentials to local
103
websites, and IE8 and Firefox can be configured to do this as well.
104

  
105
If prompted for credentials on that path, enter a valid LDAP user name,
106
omitting the domain if "SSPIOmitDomain On" is configured, as well as a password.
107
If the credentials are correct, or if NTLM credentials are passed automatically
108
by the browser and successfully authenticated, a Drupal 404 "Page not found"
109
message will be displayed if the module is not enabled; an "access is denied"
110
message will be displayed if the module is enabled and the browser is already
111
logged in; and if the ldap_sso module is fully configured and there is no
112
existing session, the browser will display the message "You have been
113
successfully authenticated" after redirecting to the sites' home page if you
114
have checked "Notify user of successful authentication".
drupal7/sites/all/modules/ldap/ldap_sso/ldap_sso.info
1
name = LDAP SSO
2
description = Implements Single Sign On (SSO) LDAP Authentication
3
package = Lightweight Directory Access Protocol
4
dependencies[] = ldap_servers
5
dependencies[] = ldap_authentication
6
core = 7.x
7
configure = admin/config/people/ldap/authentication
8

  
9
; Information added by Drupal.org packaging script on 2017-05-30
10
version = "7.x-2.2"
11
core = "7.x"
12
project = "ldap"
13
datestamp = "1496167150"
14

  
drupal7/sites/all/modules/ldap/ldap_sso/ldap_sso.module
1
<?php
2

  
3
/**
4
 * @file
5
 * This module injects itself into Drupal's Authentication stack.
6
 */
7

  
8
/**
9
 * Implements hook_menu().
10
 */
11
function ldap_sso_menu() {
12
  $items = array();
13

  
14
  $items['user/login/sso'] = array(
15
    'title' => 'Log In',
16
    'page callback' => 'ldap_sso_user_login_sso',
17
    'access callback' => '_ldap_authentication_user_access',
18
    'type' => MENU_NORMAL_ITEM,
19
  );
20

  
21
  return $items;
22
}
23

  
24

  
25
/**
26
 * Implements hook_user_logout().
27
 *
28
 * The user just logged out.
29
 */
30
function ldap_sso_user_logout($account) {
31
  $auth_conf = ldap_authentication_get_valid_conf();
32
  if ($auth_conf->seamlessLogin == 1) {
33
    $cookie_string = 'do not auto login';
34
    $cookie_timeout = (int) $auth_conf->cookieExpire;
35
    setcookie('seamless_login', $cookie_string, (($cookie_timeout == -1) ? 0 : $cookie_timeout + time()), base_path(), "");
36
    ldap_servers_set_globals('_SESSION', 'seamless_login', $cookie_string);
37
  }
38
}
39

  
40
/**
41
 * Implements hook_boot().
42
 *
43
 * Perform setup tasks. This entry point is used because hook_user_load no
44
 * longer runs on anonymous users, and hook_boot is guaranteed to run,
45
 * regardless of cache.
46
 */
47
function ldap_sso_boot() {
48

  
49
  if (!drupal_is_cli() && ($GLOBALS['user']->uid == 0)) {
50

  
51
    if (ldap_sso_path_excluded_from_sso()) {
52
      return;
53
    }
54
    module_load_include('module', 'ldap_servers');
55

  
56
    if (!(isset($_COOKIE['seamless_login'])) || $_COOKIE['seamless_login'] == 'auto login') {
57
      if ((arg(0) == 'user' && !(is_numeric(arg(1)))) || arg(0) == 'logout') {
58
        return;
59
      }
60
      else {
61
        if (isset($_COOKIE['seamless_login_attempted'])) {
62
          $login_attempted = $_COOKIE['seamless_login_attempted'];
63
        }
64
        else {
65
          $login_attempted = FALSE;
66
        }
67

  
68
        require_once DRUPAL_ROOT . '/includes/common.inc';
69
        require_once DRUPAL_ROOT . '/' . variable_get('path_inc', 'includes/path.inc');
70
        $ldap_authentication_conf = variable_get('ldap_authentication_conf', array());
71

  
72
        if (isset($ldap_authentication_conf['seamlessLogin']) && $ldap_authentication_conf['seamlessLogin'] == 1 && ($login_attempted != 'true')) {
73
          if ($ldap_authentication_conf['cookieExpire'] == 0) {
74
            setcookie("seamless_login_attempted", 'true', 0, base_path(), "");
75
          }
76
          else {
77
            setcookie('seamless_login_attempted', 'true', time() + (int) $ldap_authentication_conf['cookieExpire'], base_path(), "");
78
          }
79
          ldap_servers_set_globals('_SESSION', 'seamless_login_attempted', $login_attempted);
80

  
81
          drupal_bootstrap(DRUPAL_BOOTSTRAP_LANGUAGE);
82
          // Seems redundant, but need to check this again after additional
83
          // bootstrap.
84
          if (ldap_sso_path_excluded_from_sso()) {
85
            return;
86
          }
87
          // Add the query key to the drupal_goto() options array only if there
88
          // is a destination set. This prevents infinite redirect loops.
89
          $options = array();
90
          $destination = drupal_get_destination();
91
          if (!empty($destination['destination'])) {
92
            $options['query'] = $destination;
93
          }
94
          drupal_goto('user/login/sso', $options);
95
        }
96
        else {
97
          return;
98
        }
99
      }
100
    }
101
  }
102
}
103

  
104
/**
105
 * Default excluded paths.
106
 */
107
function ldap_sso_default_excluded_paths() {
108
  return array(
109
    'admin/config/search/clean-urls/check',
110
  );
111
}
112

  
113
/**
114
 * Paths excluded from SSO.
115
 */
116
function ldap_sso_path_excluded_from_sso($path = FALSE) {
117
  module_load_include('module', 'ldap_servers');
118
  $result = FALSE;
119
  if ($path) {
120
    // Don't derive.
121
  }
122
  elseif (ldap_servers_get_globals('_SERVER', 'PHP_SELF') == '/index.php') {
123
    $path = $_GET['q'];
124
  }
125
  else {
126
    // Cron.php, etc.
127
    $path = ltrim(ldap_servers_get_globals('_SERVER', 'PHP_SELF'), '/');
128
  }
129

  
130
  if (in_array($path, ldap_sso_default_excluded_paths())) {
131
    return TRUE;
132
  }
133

  
134
  $ldap_authentication_conf = variable_get('ldap_authentication_conf', array());
135

  
136
  if (isset($ldap_authentication_conf['ssoExcludedHosts']) && is_array($ldap_authentication_conf['ssoExcludedHosts'])) {
137
    $host = ldap_servers_get_globals('_SERVER', 'SERVER_NAME');
138
    foreach ($ldap_authentication_conf['ssoExcludedHosts'] as $host_to_check) {
139
      if ($host_to_check == $host) {
140
        return TRUE;
141
      }
142
    }
143
  }
144

  
145
  if (isset($ldap_authentication_conf['ssoExcludedPaths'])) {
146
    $patterns = implode("\r\n", $ldap_authentication_conf['ssoExcludedPaths']);
147
    if ($patterns) {
148
      if (function_exists('drupal_get_path_alias')) {
149
        $path = drupal_get_path_alias($path);
150
      }
151
      $path = (function_exists('drupal_strtolower')) ? drupal_strtolower($path) : strtolower($path);
152

  
153
      $to_replace = array(
154
        // Newlines.
155
        '/(\r\n?|\n)/',
156
        // Asterisks.
157
        '/\\\\\*/',
158
        // <front>.
159
        '/(^|\|)\\\\<front\\\\>($|\|)/',
160
      );
161
      $replacements = array(
162
        '|',
163
        '.*',
164
        '\1' . preg_quote(variable_get('site_frontpage', 'node'), '/') . '\2',
165
      );
166
      $patterns_quoted = preg_quote($patterns, '/');
167
      $regex = '/^(' . preg_replace($to_replace, $replacements, $patterns_quoted) . ')$/';
168
      $result = (bool) preg_match($regex, $path);
169
    }
170
  }
171

  
172
  return $result;
173

  
174
}
175

  
176

  
177
/**
178
 * A proxy function for the actual authentication routine.
179
 *
180
 * This is in place so various implementations of grabbing NTLM credentials can
181
 * be used and selected from an administration page. This is the real gatekeeper
182
 * since this assumes that any NTLM authentication from the underlying web
183
 * server is good enough, and only checks that there are values in place for the
184
 * user name, and anything else that is set for a particular implementation. In
185
 * the case that there are no credentials set by the underlying web server, the
186
 * user is redirected to the normal user login form.
187
 */
188
function ldap_sso_user_login_sso() {
189

  
190
  $detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
191
  $auth_conf = ldap_authentication_get_valid_conf();
192

  
193
  if ($detailed_watchdog_log) {
194
    $watchdog_tokens = array(
195
      '!implementation' => $auth_conf->ldapImplementation,
196
      '!enabled' => $auth_conf->ssoEnabled,
197
      '!server_remote_user' => @$_SERVER['REMOTE_USER'],
198
      '!server_redirect_remote_user' => @$_SERVER['REDIRECT_REMOTE_USER'],
199
      '!ssoRemoteUserStripDomainName' => $auth_conf->ssoRemoteUserStripDomainName,
200
      '!seamlessLogin' => $auth_conf->seamlessLogin,
201
    );
202

  
203
    watchdog(
204
      'ldap_sso',
205
      'ldap_sso_user_login_sso.step1: implementation: !implementation, enabled: !enabled, server_remote_user: !server_remote_user, server_redirect_remote_user: !server_redirect_remote_user, ssoRemoteUserStripDomainName: !ssoRemoteUserStripDomainName,seamlessLogin: !seamlessLogin',
206
      $watchdog_tokens,
207
      WATCHDOG_DEBUG
208
    );
209
  }
210

  
211
  // Step 1.  Derive $remote_user, $realm, and $domain from $_SERVER variable.
212
  $remote_user = NULL;
213
  $realm = NULL;
214
  $domain = NULL;
215

  
216
  switch ($auth_conf->ldapImplementation) {
217
    case 'mod_auth_sspi':
218
      $remote_user = FALSE;
219
      if ($remote_user = ldap_servers_get_globals('_SERVER', 'REMOTE_USER')) {
220
      }
221
      else {
222
        $remote_user = ldap_servers_get_globals('_SERVER', 'REDIRECT_REMOTE_USER');
223
      }
224
      break;
225

  
226
    case 'mod_auth_kerb':
227
      if ($remote_user = ldap_servers_get_globals('_SERVER', 'REMOTE_USER')) {
228
      }
229
      else {
230
        $remote_user = ldap_servers_get_globals('_SERVER', 'REDIRECT_REMOTE_USER');
231
      }
232

  
233
      if ($remote_user && preg_match('/^([A-Za-z0-9_\-\.]+)@([A-Za-z0-9_\-.]+)$/', $remote_user, $matches)) {
234
        $remote_user = $matches[1];
235
        // This can be used later if realms is ever supported properly.
236
        $realm = $matches[2];
237
      }
238
      break;
239
  }
240

  
241
  if ($detailed_watchdog_log) {
242
    $watchdog_tokens['!remote_user'] = $remote_user;
243
    $watchdog_tokens['!realm'] = $realm;
244
    watchdog('ldap_authentication', 'ldap_sso_user_login_sso.implementation: username=!remote_user, (realm=!realm) found',
245
              $watchdog_tokens, WATCHDOG_DEBUG);
246
  }
247

  
248
  if ($remote_user) {
249
    if ($auth_conf->ssoRemoteUserStripDomainName) {
250
      // Might be in form <remote_user>@<domain> or <domain>\<remote_user>.
251
      $domain = NULL;
252
      $exploded = preg_split('/[\@\\\\]/', $remote_user);
253
      if (count($exploded) == 2) {
254
        if (strpos($remote_user, '@') !== FALSE) {
255
          $remote_user = $exploded[0];
256
          $domain = $exploded[1];
257
        }
258
        else {
259
          $domain = $exploded[0];
260
          $remote_user = $exploded[1];
261
        }
262
        if ($detailed_watchdog_log) {
263
          $watchdog_tokens['!remote_user'] = $remote_user;
264
          $watchdog_tokens['!domain'] = $domain;
265
          watchdog('ldap_authentication', 'ldap_sso_user_login_sso.stripdomain: remote_user=!remote_user, domain=!domain', $watchdog_tokens, WATCHDOG_DEBUG);
266
        }
267
      }
268
    }
269

  
270
    if ($detailed_watchdog_log) {
271
      $watchdog_tokens['!remote_user'] = $remote_user;
272
      $watchdog_tokens['!realm'] = $realm;
273
      $watchdog_tokens['!domain'] = $domain;
274
      watchdog('ldap_authentication', 'ldap_sso_user_login_sso.remote_user: username=!remote_user, (realm=!realm, domain=!domain) found', $watchdog_tokens, WATCHDOG_DEBUG);
275
    }
276
    $fake_form_state = array(
277
      'values' => array(
278
        'name' => check_plain($remote_user),
279
        'pass' => user_password(20),
280
      ),
281
      'sso_login' => TRUE,
282
    );
283

  
284
    // Make sure we're populating the global user object so that we can log this
285
    // user in.
286
    global $user;
287
    $user = ldap_authentication_user_login_authenticate_validate(array(), $fake_form_state, TRUE);
288

  
289

  
290
    if ($detailed_watchdog_log) {
291
      $watchdog_tokens['!uid'] = is_object($user) ? $user->uid : NULL;
292
      watchdog('ldap_authentication', 'ldap_sso_user_login_sso.remote_user: uid of user=!uid', $watchdog_tokens, WATCHDOG_DEBUG);
293
    }
294

  
295
    if ($user && $user->uid > 0) {
296
      // Reload the account to ensure we have a fully populated user object.
297
      $user = user_load($user->uid);
298

  
299
      if ($auth_conf->seamlessLogin == 1) {
300
        if ($detailed_watchdog_log) {
301
          watchdog('ldap_authentication', 'ldap_sso_user_login_sso.remote_user.user_success.seamlessLogin', $watchdog_tokens, WATCHDOG_DEBUG);
302
        }
303
        setcookie("seamless_login", 'auto login', time() + $auth_conf->cookieExpire, base_path(), "");
304
        ldap_servers_set_globals('_SESSION', 'seamless_login', 'auto login');
305
        setcookie("seamless_login_attempted", '', time() - 3600, base_path(), "");
306
        ldap_servers_delete_globals('_SESSION', 'seamless_login_attempted');
307
        // Make sure we tell Drupal to create the session cookie for this
308
        // authenticated user.
309
      }
310
      user_login_finalize();
311
      if ($auth_conf->ssoNotifyAuthentication) {
312
        drupal_set_message(theme('ldap_authentication_login_message',
313
          array('message' => t('You have been successfully authenticated'))));
314
      }
315
      if ($detailed_watchdog_log) {
316
        watchdog('ldap_authentication', 'ldap_sso_user_login_sso.remote_user.user_success.drupal_goto front', $watchdog_tokens, WATCHDOG_DEBUG);
317
      }
318
      drupal_goto('<front>');
319
    }
320
    else {
321
      if ($auth_conf->seamlessLogin == 1) {
322
        if ($detailed_watchdog_log) {
323
          watchdog('ldap_authentication', 'ldap_sso_user_login_sso.remote_user.user_fail.seamlessLogin', $watchdog_tokens, WATCHDOG_DEBUG);
324
        }
325
        setcookie("seamless_login", 'do not auto login', time() + $auth_conf->cookieExpire, base_path(), "");
326
        ldap_servers_set_globals('_SESSION', 'seamless_login', 'do not auto login');
327
      }
328
      drupal_set_message(theme('ldap_authentication_message_not_found', array(
329
        'message' => t('Sorry, your LDAP credentials were not found, or the LDAP server is not available. You may log in with other credentials on the !user_login_form.',
330
          array('!user_login_form' => l(t('user login form'), 'user/login'))))
331
        ), 'error');
332
      if ($detailed_watchdog_log) {
333
        watchdog('ldap_authentication', 'ldap_sso_user_login_sso.remote_user.user_fail.drupal_goto user/logint', $watchdog_tokens, WATCHDOG_DEBUG);
334
      }
335
      drupal_goto('user/login');
336
    }
337
  }
338
  else {
339
    if ($detailed_watchdog_log) {
340
      watchdog('ldap_authentication', '$_SERVER[\'REMOTE_USER\'] not found', array(), WATCHDOG_DEBUG);
341
    }
342
    if ($auth_conf->seamlessLogin == 1) {
343
      setcookie("seamless_login", 'do not auto login', time() + $auth_conf->cookieExpire, base_path(), "");
344
      ldap_servers_set_globals('_SESSION', 'seamless_login', 'do not auto login');
345
      if ($detailed_watchdog_log) {
346
        watchdog('ldap_authentication', 'ldap_sso_user_login_sso.no_remote_user.seamlessLogin', $watchdog_tokens, WATCHDOG_DEBUG);
347
      }
348
    }
349
    drupal_set_message(theme('ldap_authentication_message_not_authenticated', array(
350
      'message' => t('You were not authenticated by the server. You may log in with your credentials below.'),
351
      )), 'error');
352
    if ($detailed_watchdog_log) {
353
      watchdog('ldap_authentication', 'ldap_sso_user_login_sso.no_remote_user.drupal_goto user/login', $watchdog_tokens, WATCHDOG_DEBUG);
354
    }
355
    drupal_goto('user/login');
356
  }
357
}
358

  
359

  
360
/**
361
 * Used to mock $_SERVER, $_SESSION, etc globals for simpletests.
362
 *
363
 * @param string $global_type
364
 *   _SERVER, _ENV, _COOKIE, _GET, _POST, _REQUEST.
365
 * @param string $key
366
 *   Such as 'SERVER_ADDR', 'SERVER_PROTOCOL', etc.
367
 * @param bool $only_mock_values
368
 *   Don't get actual values when mock values don't exist.
369
 *
370
 * @return mixed
371
 *   ldap_simpletest_globals variable for global and key or $_SERVER[][],
372
 *   $_ENV[][], etv value if not in a simpletest or mock variable not available.
373
 */
374
function ldap_servers_get_globals($global_type, $key, $only_mock_values = FALSE) {
375
  $simpletest_globals = variable_get('ldap_simpletest_globals', array());
376
  $simpletest = variable_get('ldap_simpletest', FALSE);
377

  
378
  if ($simpletest && (isset($simpletest_globals[$global_type][$key]) || $only_mock_values)) {
379
    return ($simpletest_globals[$global_type][$key]) ? $simpletest_globals[$global_type][$key] : NULL;
380
  }
381
  else {
382
    return (isset($GLOBALS[$global_type][$key]) && !$only_mock_values) ? $GLOBALS[$global_type][$key] : NULL;
383
  }
384

  
385
}
386

  
387
/**
388
 * Set globals.
389
 *
390
 * @param string $global_type
391
 *   _SERVER, _ENV, _COOKIE, _GET, _POST, _REQUEST.
392
 * @param string $key
393
 *   Such as 'SERVER_ADDR', 'SERVER_PROTOCOL', etc.
394
 * @param string $value
395
 *   The value to be set.
396
 */
397
function ldap_servers_set_globals($global_type, $key, $value) {
398
  $simpletest_globals = variable_get('ldap_simpletest_globals', array());
399
  $simpletest = variable_get('ldap_simpletest', FALSE);
400
  if ($simpletest) {
401
    $simpletest_globals[$global_type][$key] = $value;
402
    variable_set('ldap_simpletest_globals', $simpletest_globals);
403
  }
404
  else {
405
    $GLOBALS[$global_type][$key] = $value;
406
  }
407

  
408
}
409

  
410
/**
411
 * Delete globals.
412
 *
413
 * @param string $global_type
414
 *   _SERVER, _ENV, _COOKIE, _GET, _POST, _REQUEST.
415
 * @param string $key
416
 *   Such as 'SERVER_ADDR', 'SERVER_PROTOCOL', etc.
417
 * @param bool $only_mock_values
418
 *   Don't get actual values when mock values don't exist.
419
 */
420
function ldap_servers_delete_globals($global_type, $key, $only_mock_values = FALSE) {
421
  $simpletest_globals = variable_get('ldap_simpletest_globals', array());
422
  $simpletest = variable_get('ldap_simpletest', FALSE);
423
  if ($simpletest && isset($simpletest_globals[$global_type][$key])) {
424
    unset($simpletest_globals[$global_type][$key]);
425
    variable_set('ldap_simpletest_globals', $simpletest_globals);
426
  }
427
  elseif (!$only_mock_values && isset($GLOBALS[$global_type][$key])) {
428
    unset($GLOBALS[$global_type][$key]);
429
  }
430

  
431
}
drupal7/sites/all/modules/ldap/ldap_test/ldap_test.info
18 18
files[] = LdapTestFunctions.class.php
19 19
files[] = LdapUserTestCase.class.php
20 20

  
21
; Information added by Drupal.org packaging script on 2017-05-30
22
version = "7.x-2.2"
21
; Information added by Drupal.org packaging script on 2017-08-27
22
version = "7.x-2.3"
23 23
core = "7.x"
24 24
project = "ldap"
25
datestamp = "1496167150"
25
datestamp = "1503841448"
26 26

  
drupal7/sites/all/modules/ldap/ldap_user/LdapUserConf.class.php
69 69
   */
70 70
  public $userConflictResolve = LDAP_USER_CONFLICT_RESOLVE_DEFAULT;
71 71

  
72
  /**
73
   * Whether to allow/disallow provisioning accounts that have the same email.
74
   * Depending on whether the "sharedemail" module is enabled, this variable
75
   * will (by default) be set accordingly.  It can be overridden by an admin.
76
   *
77
   * @var int
78
   *    LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_DISABLED (0)
79
   *    LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_ENABLED (1)
80
   */
81
  public $accountsWithSameEmail = LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_DISABLED;
82

  
72 83
  /**
73 84
   * drupal account creation model
74 85
   *
......
181 192
    'orphanedDrupalAcctBehavior',
182 193
    'orphanedCheckQty',
183 194
    'userConflictResolve',
195
    'accountsWithSameEmail',
184 196
    'manualAccountConflict',
185 197
    'acctCreation',
186 198
    'ldapUserSynchMappings',
......
231 243
    }
232 244
    else {
233 245
      $this->inDatabase = FALSE;
246
      // By default this variable should be 0 if the "sharedemail" module
247
      // is not enabled, or 1 if the module is.
248
      $this->accountsWithSameEmail = (int)module_exists('sharedemail');
234 249
    }
235 250
    // determine account creation configuration
236 251
    $user_register = variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
......
1078 1093
            );
1079 1094
            return FALSE;
1080 1095
          }
1081
          if ($account_with_same_email = user_load_by_mail($user_edit['mail'])) {
1096
          if(($this->accountsWithSameEmail == LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_DISABLED) && ($account_with_same_email = user_load_by_mail($user_edit['mail']))) {
1082 1097
            $watchdog_tokens['%email'] = $user_edit['mail'];
1083 1098
            $watchdog_tokens['%duplicate_name'] = $account_with_same_email->name;
1084 1099
            watchdog('ldap_user', 'LDAP user %drupal_username has email address
drupal7/sites/all/modules/ldap/ldap_user/LdapUserConfAdmin.class.php
33 33
  public $userConflictResolveDefault = LDAP_USER_CONFLICT_RESOLVE_DEFAULT;
34 34
  public $userConflictOptions;
35 35

  
36
  public $accountsWithSameEmailDescription;
37
  public $accountsWithSameEmailOptions;
38

  
36 39
  public $acctCreationDescription = '';
37 40
  public $acctCreationDefault = LDAP_USER_ACCT_CREATION_LDAP_BEHAVIOR_DEFAULT;
38 41
  public $acctCreationOptions;
......
163 166
      '#description' => t( $this->userConflictResolveDescription),
164 167
    );
165 168

  
169
    $form['basic_to_drupal']['accountsWithSameEmail'] = array(
170
      '#type' => 'radios',
171
      '#title' => t('Existing Account with Same Email Address'),
172
      '#default_value' => $this->accountsWithSameEmail,
173
      '#options' => $this->accountsWithSameEmailOptions,
174
      '#description' => t($this->accountsWithSameEmailDescription),
175
      '#disabled' => (module_exists('sharedemail') === FALSE),
176
    );
177

  
166 178
    $form['basic_to_drupal']['acctCreation'] = array(
167 179
      '#type' => 'radios',
168 180
      '#title' => t('Application of Drupal Account settings to LDAP Authenticated Users'),
......
382 394
      $this->addServerMappingFields($form, $direction);
383 395
    }
384 396

  
385
    foreach (array('orphanedCheckQty', 'orphanedDrupalAcctBehavior', 'acctCreation', 'userConflictResolve', 'drupalAcctProvisionTriggers', 'mappings__' . LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) as $input_name) {
397
    foreach (array('orphanedCheckQty', 'orphanedDrupalAcctBehavior', 'acctCreation', 'userConflictResolve', 'accountsWithSameEmail', 'drupalAcctProvisionTriggers', 'mappings__' . LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) as $input_name) {
386 398
      $form['basic_to_drupal'][$input_name]['#states']['invisible'] =
387 399
        array(
388 400
          ':input[name=drupalAcctProvisionServer]' => array('value' => 'none'),
......
596 608

  
597 609
    $this->manualAccountConflict = $values['manualAccountConflict'];
598 610
    $this->userConflictResolve  = ($values['userConflictResolve']) ? (int)$values['userConflictResolve'] : NULL;
611
    $this->accountsWithSameEmail = ($values['accountsWithSameEmail']) ? (int)$values['accountsWithSameEmail'] : NULL;
599 612
    $this->acctCreation  = ($values['acctCreation']) ? (int)$values['acctCreation'] : NULL;
600 613
    $this->disableAdminPasswordField = $values['disableAdminPasswordField'];
601 614
   // $this->wsKey  = ($values['wsKey']) ? $values['wsKey'] : NULL;
......
741 754
          ||
742 755
          (isset($mapping['configurable_to_ldap']) && $mapping['configurable_to_ldap']  && $direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY)
743 756
          ) {
744
          $user_attr_options[$target_id] = substr($mapping['name'], 0, 25);
757
          $user_attr_options[$target_id] = substr($target_id, 1, -1);
745 758
        }
746 759
      }
747 760
    }
748
    $user_attr_options['user_tokens'] = '-- user tokens --';
761

  
762
    if ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
763
      $user_attr_options['user_tokens'] = '-- user tokens --';
764
    }
749 765

  
750 766
    $row = 0;
751 767

  
......
1016 1032
      LDAP_USER_CONFLICT_RESOLVE => t('Associate Drupal account with the LDAP entry.  This option
1017 1033
      is useful for creating accounts and assigning roles before an LDAP user authenticates.'),
1018 1034
      );
1019

  
1035
    $values['accountsWithSameEmailDescription'] = t('Allows provisioning a Drupal user account from LDAP regardless of whether another Drupal user account has the same email address. This setting depends on the "sharedemail" contrib module being enabled. ');
1036
    if (!module_exists('sharedemail')) {
1037
      $values['accountsWithSameEmailDescription'] .= t('The module is not currently enabled; you must install/enable it if you want to use this setting.');
1038
    }
1039
    $values['accountsWithSameEmailOptions'] = array(
1040
      LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_DISABLED => t('Prevent provisioning a user account if an existing account has the same email address.'),
1041
      LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_ENABLED => t('Allow provisioning a user account that has the same email address as another user account.'),
1042
      );
1020 1043
    $values['acctCreationOptions'] = array(
1021 1044
      LDAP_USER_ACCT_CREATION_LDAP_BEHAVIOR => t('Account creation settings at
1022 1045
        /admin/config/people/accounts/settings do not affect "LDAP Associated" Drupal accounts.'),
drupal7/sites/all/modules/ldap/ldap_user/ldap_user.cron.inc
167 167
               *     user_cancel_reassign, user_cancel_delete
168 168
               */
169 169
              if ($ldap_user_conf->orphanedDrupalAcctBehavior == 'ldap_user_orphan_email') {
170
                 $email_list[] = $account->name . "," . $account->mail . "," . $base_url . "/user/$uid/edit";
170
                 $email_list[] = $account->name . "," . $account->mail . "," . $base_url . "/user/" . $account->uid . "/edit";
171 171
              }
172 172
              else {
173 173
                 _user_cancel(array(), $account, $ldap_user_conf->orphanedDrupalAcctBehavior);
drupal7/sites/all/modules/ldap/ldap_user/ldap_user.info
23 23
stylesheets[all][] = ldap_user.css
24 24
configure = admin/config/people/ldap/user
25 25

  
26
; Information added by Drupal.org packaging script on 2017-05-30
27
version = "7.x-2.2"
26
test_dependencies[] = ldap_sso:ldap_sso
27

  
28
; Information added by Drupal.org packaging script on 2017-08-27
29
version = "7.x-2.3"
28 30
core = "7.x"
29 31
project = "ldap"
30
datestamp = "1496167150"
32
datestamp = "1503841448"
31 33

  
drupal7/sites/all/modules/ldap/ldap_user/ldap_user.install
522 522
  return $fields_added;
523 523

  
524 524
}
525

  
526
/**
527
 * Set an appropriate default value for accountsWithSameEmail.
528
 */
529
function ldap_user_update_7206() {
530
  $message = NULL;
531
  $ldap_user_conf = ldap_user_conf('admin', TRUE);
532
  // If the configuration variable is not set, set a reasonable default and
533
  // advise the administrator.
534
  if (module_exists('sharedemail')) {
535
    $message = t('The module "sharedemail" was detected. LDAP User configuration has been set so that user accounts can be provisioned regardless of whether an existing user account has the same email address.');
536
    $ldap_user_conf->accountsWithSameEmail = LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_ENABLED;
537
  }
538
  else {
539
    // The "sharedemail" module is not enabled; do not enable this setting.
540
    // Do not mention anything in the hook_update_N output.
541
    $ldap_user_conf->accountsWithSameEmail = LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_DISABLED;
542
  }
543
  $ldap_user_conf->save();
544

  
545
  return $message;
546
}
drupal7/sites/all/modules/ldap/ldap_user/ldap_user.module
35 35
define('LDAP_USER_CONFLICT_RESOLVE', 2);
36 36
define('LDAP_USER_CONFLICT_RESOLVE_DEFAULT', 2);
37 37

  
38
// options for what to do if another Drupal account has the same email address
39
define('LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_DISABLED', 0);
40
define('LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_ENABLED', 1);
41

  
38 42
// options for dealing with manual account creation that conflict with ldap entries
39 43
define('LDAP_USER_MANUAL_ACCT_CONFLICT_REJECT', 1);
40 44
define('LDAP_USER_MANUAL_ACCT_CONFLICT_LDAP_ASSOCIATE', 2);
drupal7/sites/all/modules/ldap/ldap_views/ldap_views.info
21 21
files[] = handlers/ldap_views_handler_filter_attribute.inc
22 22
files[] = handlers/ldap_views_handler_sort.inc
23 23
files[] = handlers/ldap_views_handler_sort_attribute.inc
24
; Information added by Drupal.org packaging script on 2017-05-30
25
version = "7.x-2.2"
24
; Information added by Drupal.org packaging script on 2017-08-27
25
version = "7.x-2.3"
26 26
core = "7.x"
27 27
project = "ldap"
28
datestamp = "1496167150"
28
datestamp = "1503841448"
29 29

  
drupal7/sites/all/modules/ldap/ldap_views/plugins/ldap_views_plugin_query_ldap.inc
204 204
   * $view->result should contain an array of objects.
205 205
   */
206 206
  function execute(&$view) {
207
    $start       = microtime();
207
    $start       = microtime(TRUE);
208 208
    $entries     = array();
209 209
    $num_entries = 0;
210 210

  
......
258 258

  
259 259
    foreach ($entries as $key => &$entry) {
260 260
      if (isset($entry['jpegphoto'])) {
261
        $entry['jpegphoto'][0] = "<img src='data:image/jpeg;base64," . base64_encode($entry['jpegphoto'][0]) . "' alt='photo' />";
261
        $entry['jpegphoto'][0] = '<img src="data:image/jpeg;base64,' . base64_encode($entry['jpegphoto'][0]) . '" alt="photo" />';
262
      }
263
      if (isset($entry['thumbnailphoto'])) {
264
        $entry['thumbnailphoto'][0] = '<img src="data:image/jpeg;base64,' . base64_encode($entry['thumbnailphoto'][0]) . '" alt="photo" />';
262 265
      }
263 266
      foreach ($view->field as $field) {
264 267
        if (! isset($field_alias[$field->field_alias])) {
......
338 341

  
339 342
    $view->result       = $result;
340 343
    $view->total_rows   = $num_entries;
341
    $view->execute_time = microtime() - $start;
344
    $view->execute_time = microtime(TRUE) - $start;
342 345
    $view->query->pager->total_items  = $num_entries;
343 346
    $view->query->pager->update_page_info();
344 347

  

Also available in: Unified diff