Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F2528127
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Flag For Later
Award Token
Size
3 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/plugins/http_authentication/http_authentication.php b/plugins/http_authentication/http_authentication.php
index 57227cb03..2631537a0 100644
--- a/plugins/http_authentication/http_authentication.php
+++ b/plugins/http_authentication/http_authentication.php
@@ -1,92 +1,92 @@
<?php
/**
* HTTP Basic Authentication
*
* Make use of an existing HTTP authentication and perform login with the existing user credentials
*
* Configuration:
* // redirect the client to this URL after logout. This page is then responsible to clear HTTP auth
* $rcmail_config['logout_url'] = 'http://server.tld/logout.html';
*
* See logout.html (in this directory) for an example how HTTP auth can be cleared.
*
* For other configuration options, see config.inc.php.dist!
*
* @version @package_version@
* @license GNU GPLv3+
* @author Thomas Bruederli
*/
class http_authentication extends rcube_plugin
{
function init()
{
$this->add_hook('startup', array($this, 'startup'));
$this->add_hook('authenticate', array($this, 'authenticate'));
$this->add_hook('logout_after', array($this, 'logout'));
}
function startup($args)
{
if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
$rcmail = rcmail::get_instance();
$rcmail->add_shutdown_function(array('http_authentication', 'shutdown'));
// handle login action
if (empty($args['action']) && empty($_SESSION['user_id'])) {
$args['action'] = 'login';
}
// Set user password in session (see shutdown() method for more info)
else if (!empty($_SESSION['user_id']) && empty($_SESSION['password'])) {
$_SESSION['password'] = $rcmail->encrypt($_SERVER['PHP_AUTH_PW']);
}
}
return $args;
}
function authenticate($args)
{
// Load plugin's config file
$this->load_config();
$host = rcmail::get_instance()->config->get('http_authentication_host');
- if (is_string($host) && trim($host) !== '')
+ if (is_string($host) && trim($host) !== '' && empty($args['host']))
$args['host'] = rcube_utils::idn_to_ascii(rcube_utils::parse_host($host));
// Allow entering other user data in login form,
// e.g. after log out (#1487953)
if (!empty($args['user'])) {
return $args;
}
if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
$args['user'] = $_SERVER['PHP_AUTH_USER'];
$args['pass'] = $_SERVER['PHP_AUTH_PW'];
}
$args['cookiecheck'] = false;
$args['valid'] = true;
return $args;
}
function logout($args)
{
// redirect to configured URL in order to clear HTTP auth credentials
if (!empty($_SERVER['PHP_AUTH_USER']) && $args['user'] == $_SERVER['PHP_AUTH_USER']) {
if ($url = rcmail::get_instance()->config->get('logout_url')) {
header("Location: $url", true, 307);
}
}
}
function shutdown()
{
// There's no need to store password (even if encrypted) in session
// We'll set it back on startup (#1486553)
rcmail::get_instance()->session->remove('password');
}
}
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sun, Feb 1, 2:57 AM (1 d, 21 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
426556
Default Alt Text
(3 KB)
Attached To
Mode
R3 roundcubemail
Attached
Detach File
Event Timeline
Log In to Comment