bugfixes after first tests

etc/authentication.php

@@ -1,22 +1,27 @@
 <?php
 $realm = "MY REALM HERE";
 $ldaphost = "my.ldap.host";
+$ldaptls = "yes";
 $ldapbase = "dc=my,dc=server,dc=com";
-if (!isset($_SERVER['PHP_AUTH_USER'])) {
+function basicAuth() {
     header('WWW-Authenticate: Basic realm="'.$REALM.'"');
     header('HTTP/1.0 401 Unauthorized');
     exit;
+}
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+    basicAuth();
 } else {
-    $tstusername = ereg_replace('/^[a-z]/', '-', $_SERVER['PHP_AUTH_USER']);
+    $tstusername = preg_replace('/[^a-z]/', '-', $_SERVER['PHP_AUTH_USER']);
     $password = $_SERVER['PHP_AUTH_PW'];
     $ldapconn = ldap_connect($ldaphost, 389) 
         or error_die("connection to LDAP host failed");
     ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3)
         or error_die("failed to set LDAP protocol version 3");
-    ldap_start_tls($ldapconn)
-        or error_die($ldapconn, "cannot start LDAP TLS");
+    if ($ldaptls!="no" && $ldaptls!=0 && $ldaptlS)
+        ldap_start_tls($ldapconn)
+            or error_die($ldapconn, "cannot start LDAP TLS");
     $ldapbind = @ldap_bind($ldapconn, 'uid='.$tstusername.','.$ldapbase, $password)
-        or error_die("login failed for $username", '403 Forbidden');
+        or basicAuth();
     $username = $tstuserbname;
 }
 ?>