1388203 - Reuse HTTP authentication for login - PATCH_V2

Black.myst black.myst at free.fr
Thu Dec 21 17:45:32 CET 2006


Hello,

There was a bug in my patch :-(
When a session expire, the login page displayed...


I fix it by adding code to log-in the user after session expiration. 
Like this:
--------------------------------------------------------------
else if ($_action!='login' && $_SESSION['user_id'])
   {
   if (!rcmail_authenticate_session() ||
       (!empty($CONFIG['session_lifetime']) && isset($SESS_CHANGED) && 
$SESS_CHANGED + $CONFIG['session_lifetime']*60 < mktime()))     {
     $message = show_message('sessionerror', 'error');
     rcmail_kill_session();

     // ******** my new code : ********
     if ($CONFIG['http_authent'] && isset($_SERVER["PHP_AUTH_USER"]) && 
isset($_SERVER["PHP_AUTH_PW"]))
       { // With HTTP_authent, we can relog the user
       rcmail_login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"],
               rcmail_autoselect_host());
       }
     }
     // ******** end of my code *************
   }
--------------------------------------------------------------


I joined the new version of my patch.

Black Myst

Black.myst a écrit :
> Hello,
> 
> I try to find a issue for bug 1388203 
> (http://trac.roundcube.net/trac.cgi/ticket/1388203)
> 
> 
> Diff explanation :
>   - config/main.inc.php.dist : Add new configuration boolean 
> 'http_authent'.
>    False : use the standard login page. (default)
>    True : use $_SERVER["PHP_AUTH_USER"] to log user.
> 
>   - skins/default/includes/taskbar.html : Add a <roundcube:if> to remove 
> logout button when used http_authent
> 
>   - program/include/main.inc : Fixe <roundcube:include> to parse 
> <roundcube:if> in included file. (Else my <roundcube:if> in taskbar.html 
> not work!)
> 
>   - index.php : Add code to allow http authent.
> 
>   - program/steps/error.inc : Add "Allow cookies" in browser requirement 
> page. (I display this page (409) if the user disable cookies with 
> http_authent)
> 
> 
> Black Myst
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1388203_v2.diff
Type: text/x-patch
Size: 3907 bytes
Desc: not available
URL: <http://lists.roundcube.net/pipermail/dev/attachments/20061221/5feb248e/attachment.bin>


More information about the Dev mailing list