/*
	SSL + copy editing patch for wpLDAP-1.02

	This patch is for the wpLDAP module, version 1.02, by Ashay Manjour
	http://ashay.org/?page_id=133

        Patch written by Richard Bullington-McGuire
        email: rbulling@pkrinternet.com
        http://www.pkrinternet.com/

        Copyright (C) 2007 PKR Internet, LLC

	Features:
	
	* Allows for an SSL option to force communication over ldaps

	* Does some copy editing to make the plugin more consistent with 
	  other WordPress option screens

	* Reorganizes the preferences slightly to make the most important 
	  options at the top of the list

	This patch was tested versus these components:
	
	* wpLDAP 1.02
	* WordPress 2.1.3
	* openldap-2.0.27
	* php-4.3.2.


        This program is free software; you can redistribute it and/or
        modify it under the terms of the GNU General Public
        License as published by the Free Software Foundation.

        This library is distributed in the hope that it will be useful,
        but WITHOUT ANY WARRANTY; without even the implied warranty of
        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
        General Public License for more details.

	You should have received a copy of the GNU General Public License 
	along with this program. If not, see http://www.gnu.org/licenses/


	This patch lives at:

	http://www.pkrinternet.com/~rbulling/private/wpLDAP-1.02-ssl.patch
*/

diff -ur ipLDAP.orig/wpLDAP.php wpLDAP/wpLDAP.php
--- wpLDAP.orig/wpLDAP.php	2007-05-23 10:49:42.000000000 -0400
+++ wpLDAP/wpLDAP.php	2007-06-11 14:02:24.000000000 -0400
@@ -2,7 +2,7 @@
 /*
 Plugin Name: WordPress LDAP Authentication
 Plugin URI: http://onlymetallica.com/ashay/blog/?page_id=133
-Description: LDAP Authentication for Word Press. Tested on Wordpress 2.1
+Description: LDAP Authentication for WordPress. Tested on Wordpress 2.1
 Version: 1.00
 Author: Ashay Manjure
 Author URI: http://ashay.org
@@ -18,7 +18,7 @@
 function wpldap_addmenu() 
 {
 	if(function_exists('add_options_page'))	{
-		add_options_page('LDAP Authentication Options', 'wpLDAP Options', 9, basename(__FILE__), 'ldapOptionsPanel');
+		add_options_page('LDAP Authentication Options', 'LDAP', 9, basename(__FILE__), 'ldapOptionsPanel');
 	}
 }
 
@@ -41,6 +41,7 @@
 		update_option('ldapControllers',$_POST['ldapControllers']);
 		update_option('ldapBaseDn', $_POST['ldapBaseDn']);
 		update_option('ldapAccountSuffix', $_POST['ldapAccountSuffix']);
+		update_option('ldapEnableSsl', $_POST['ldapEnableSsl']);
 		update_option('ldapEnable', $_POST['ldapEnable']);
 		update_option('ldapCreate', $_POST['ldapCreate']);
 		
@@ -51,6 +52,7 @@
 	$ldapBaseDn = get_option("ldapBaseDn");
 	$ldapAccountSuffix = get_option("ldapAccountSuffix");
 	$ldapEnable = get_option("ldapEnable");
+	$ldapEnableSsl = get_option("ldapEnableSsl");
 	$ldapCreate = get_option("ldapCreate");
 
 	if($ldapEnable)	{
@@ -58,6 +60,11 @@
 	} else {
 		$fChecked = "checked";
 	}
+	if($ldapEnableSsl)	{
+		$tSsl= "checked";
+	} else {
+		$fSsl= "checked";
+	}
 	
 	if($ldapCreate)	{
 		$tCreate = "checked";
@@ -67,50 +74,64 @@
 		
 	echo <<<LdapForm
 	<div class="wrap">
-	<h2>wpLDAP Options</h2>
+	<h2>LDAP Authentication Options</h2>
 	<form method="post" id="ldap_auth_options">
 		<fieldset class="options">
+		<p class="submit"><input type="submit" name="ldapOptionsSave" value="Update Options &raquo;" /></p>
+		<br/>
 		<div class="row">
-			<span class="description">Domain Controllers (LDAP Server)</span>
+			<span class="description">Enable LDAP?</span>
 			<span class="element">
-				<input type='text' name='ldapControllers' value='$ldapControllers' /><br />
+				<input type='radio' name='ldapEnable' value='1' $tChecked/> Yes &nbsp;
+				<input type='radio' name='ldapEnable' value='0' $fChecked/> No
+			</span>
+		</div>
+		<br/>
+		<div class="row">
+			<span class="description">Domain Controllers (LDAP Servers)</span>
+			<span class="element">
+				<input type='text' name='ldapControllers' value='$ldapControllers' size='40'/><br />
 				<em>The name or IP address of the LDAP server(s). Separate multiple entries by a comma (,).</em>
 			</span>
 		</div>
-        <br/>
+		<br/>
 		<div class="row">
-			<span class="description">Base DN</span>
+			<span class="description">Enable SSL?</span>
 			<span class="element">
-				<input type='text' name='ldapBaseDn' value='$ldapBaseDn' /><br />
-				<em>The base DN for carrying out LDAP searches.</em>
+				<input type='radio' name='ldapEnableSsl' value='1' $tSsl/> Yes &nbsp;
+				<input type='radio' name='ldapEnableSsl' value='0' $fSsl/> No
 			</span>
+				<br />
+				<em>Use SSL (connect with ldaps:// URL) when talking to LDAP server(s)?</em>
 		</div>
-        <br/>
+		<br/>
 		<div class="row">
-			<span class="description">Account Suffix</span>
+			<span class="description">Base DN</span>
 			<span class="element">
-				<input type='text' name='ldapAccountSuffix' value='$ldapAccountSuffix' /><br />
-				<em>Suffix needed to be appended to the username. e.g. @domain.com</em>
+				<input type='text' name='ldapBaseDn' value='$ldapBaseDn' size='40'/><br />
+				<em>The base DN for carrying out LDAP searches.</em>
 			</span>
 		</div>
 		<br/>
 		<div class="row">
-			<span class="description">Enable LDAP?</span>
+			<span class="description">Account Suffix</span>
 			<span class="element">
-				<input type='radio' name='ldapEnable' value='1' $tChecked/> Yes &nbsp;
-				<input type='radio' name='ldapEnable' value='0' $fChecked/> No
+				<input type='text' name='ldapAccountSuffix' value='$ldapAccountSuffix' size='40' /><br />
+				<em>Suffix needed to be appended to the username. e.g. @domain.com</em>
 			</span>
 		</div>
 		<br/>
 		<div class="row">
-			<span class="description">If the user does not exist in the system, create a <b>new</b> WordPress user from LDAP (when they sign in)?</span>
+			<span class="description">Create <b>new</b> WordPress users?</span>
 			<span class="element">
 				<input type='radio' name='ldapCreate' value='1' $tCreate/> Yes &nbsp;
 				<input type='radio' name='ldapCreate' value='0' $fCreate/> No
 			</span>
+			<br/>
+			<em>If a user exists in LDAP, but not in WordPress, create a new WordPress account at first sign in.</em>
 		</div>
 		
-		<p class="submit"><input type="submit" name="ldapOptionsSave" value="Save" /></p>
+		<p class="submit"><input type="submit" name="ldapOptionsSave" value="Update Options &raquo;" /></p>
 		</fieldset>
 	</form>
 	</div>
@@ -135,6 +156,7 @@
     	$ldapBaseDn = get_option("ldapBaseDn");
     	$ldapAccountSuffix = get_option("ldapAccountSuffix");
     	$ldapEnable = get_option("ldapEnable");
+    	$ldapEnableSsl = get_option("ldapEnableSsl");
     	$ldapCreate = get_option("ldapCreate");
     	$ldapCookieMarker = get_option("ldapCookieMarker");
     	
@@ -154,19 +176,15 @@
     	if (($ldapEnable) && ($username != "admin")) 
     	{
     	   /* Set up the options for the adLDAP Class */
-		
-		if(!empty($ldapAccountSuffix)){	
-	   	       $adOptions = 
-	   	           array( "account_suffix" => $ldapAccountSuffix, 
-	   	                   "base_dn" => $ldapBaseDn, 
-	   	                   "domain_controllers" => explode(",", $ldapControllers)
+		$adOptions = array(  "base_dn" => $ldapBaseDn, 
+	   	                     "domain_controllers" => explode(",", $ldapControllers)
 	   	                 ); 
-	       } else { 
-	   	       $adOptions = 
-	   	               array(  "base_dn" => $ldapBaseDn, 
-	   	                       "domain_controllers" => explode(",", $ldapControllers)
-	   	                      ); 
-	       }	   
+		if(!empty($ldapAccountSuffix)){	
+			$adOptions["account_suffix"] = $ldapAccountSuffix;
+		}
+		if($ldapEnableSsl){	
+			$adOptions["use_ssl"] = "true";
+		}
 			
 	    	// If already_md5 is TRUE, then we're getting the user/password from the cookie. As we don't want to store LDAP passwords in any
     		// form, we've already replaced the password with the hashed username and LDAP_COOKIE_MARKER