1388203 - Reuse HTTP authentication for login- PATCH_V2

Brennan Stehling brennan at offwhite.net
Thu Dec 21 18:03:12 CET 2006


This looks very useful.  Does it also work with Digest Authenticat?

Brennan

On Thu, 21 Dec 2006 17:45:32 +0100, "Black.myst" <black.myst at free.fr> wrote:
> Hello,
> 
> There was a bug in my patch :-(
> When a session expire, the login page displayed...
> 
> 
> I fix it by adding code to log-in the user after session expiration. 
> Like this:
> --------------------------------------------------------------
> else if ($_action!='login' && $_SESSION['user_id'])
>    {
>    if (!rcmail_authenticate_session() ||
>        (!empty($CONFIG['session_lifetime']) && isset($SESS_CHANGED) && 
> $SESS_CHANGED + $CONFIG['session_lifetime']*60 < mktime()))     {
>      $message = show_message('sessionerror', 'error');
>      rcmail_kill_session();
> 
>      // ******** my new code : ********
>      if ($CONFIG['http_authent'] && isset($_SERVER["PHP_AUTH_USER"]) && 
> isset($_SERVER["PHP_AUTH_PW"]))
>        { // With HTTP_authent, we can relog the user
>        rcmail_login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"],
>                rcmail_autoselect_host());
>        }
>      }
>      // ******** end of my code *************
>    }
> --------------------------------------------------------------
> 
> 
> I joined the new version of my patch.
> 
> Black Myst
> 
> Black.myst a écrit :
>> Hello,
>> 
>> I try to find a issue for bug 1388203 
>> (http://trac.roundcube.net/trac.cgi/ticket/1388203)
>> 
>> 
>> Diff explanation :
>>   - config/main.inc.php.dist : Add new configuration boolean 
>> 'http_authent'.
>>    False : use the standard login page. (default)
>>    True : use $_SERVER["PHP_AUTH_USER"] to log user.
>> 
>>   - skins/default/includes/taskbar.html : Add a <roundcube:if> to remove
> 
>> logout button when used http_authent
>> 
>>   - program/include/main.inc : Fixe <roundcube:include> to parse 
>> <roundcube:if> in included file. (Else my <roundcube:if> in taskbar.html
> 
>> not work!)
>> 
>>   - index.php : Add code to allow http authent.
>> 
>>   - program/steps/error.inc : Add "Allow cookies" in browser requirement
> 
>> page. (I display this page (409) if the user disable cookies with 
>> http_authent)
>> 
>> 
>> Black Myst
>> 
-- 
Brennan Stehling
Offwhite.net LLC
brennan at offwhite.net





More information about the Dev mailing list