diff options
Diffstat (limited to 'plugins/http_authentication/http_authentication.php')
| -rw-r--r-- | plugins/http_authentication/http_authentication.php | 86 |
1 files changed, 51 insertions, 35 deletions
diff --git a/plugins/http_authentication/http_authentication.php b/plugins/http_authentication/http_authentication.php index 6c873713e..a14b5cbcc 100644 --- a/plugins/http_authentication/http_authentication.php +++ b/plugins/http_authentication/http_authentication.php @@ -17,51 +17,67 @@ */ class http_authentication extends rcube_plugin { - public $task = 'login|logout'; - function init() - { - $this->add_hook('startup', array($this, 'startup')); - $this->add_hook('authenticate', array($this, 'authenticate')); - $this->add_hook('logout_after', array($this, 'logout')); - } + function init() + { + $this->add_hook('startup', array($this, 'startup')); + $this->add_hook('authenticate', array($this, 'authenticate')); + $this->add_hook('logout_after', array($this, 'logout')); + } - function startup($args) - { - // change action to login - if (empty($args['action']) && empty($_SESSION['user_id']) - && !empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) - $args['action'] = 'login'; + function startup($args) + { + if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) { + $rcmail = rcmail::get_instance(); + $rcmail->add_shutdown_function(array('http_authentication', 'shutdown')); - return $args; - } + // handle login action + if (empty($args['action']) && empty($_SESSION['user_id'])) { + $args['action'] = 'login'; + } + // Set user password in session (see shutdown() method for more info) + else if (!empty($_SESSION['user_id']) && empty($_SESION['password'])) { + $_SESSION['password'] = $rcmail->encrypt($_SERVER['PHP_AUTH_PW']); + } + } - function authenticate($args) - { - // Allow entering other user data in login form, - // e.g. after log out (#1487953) - if (!empty($args['user'])) { return $args; } - if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) { - $args['user'] = $_SERVER['PHP_AUTH_USER']; - $args['pass'] = $_SERVER['PHP_AUTH_PW']; - } + function authenticate($args) + { + // Allow entering other user data in login form, + // e.g. after log out (#1487953) + if (!empty($args['user'])) { + return $args; + } - $args['cookiecheck'] = false; - $args['valid'] = true; + if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) { + $args['user'] = $_SERVER['PHP_AUTH_USER']; + $args['pass'] = $_SERVER['PHP_AUTH_PW']; + } - return $args; - } - - function logout($args) - { - // redirect to configured URL in order to clear HTTP auth credentials - if (!empty($_SERVER['PHP_AUTH_USER']) && $args['user'] == $_SERVER['PHP_AUTH_USER'] && ($url = rcmail::get_instance()->config->get('logout_url'))) { - header("Location: $url", true, 307); + $args['cookiecheck'] = false; + $args['valid'] = true; + + return $args; } - } + function logout($args) + { + // redirect to configured URL in order to clear HTTP auth credentials + if (!empty($_SERVER['PHP_AUTH_USER']) && $args['user'] == $_SERVER['PHP_AUTH_USER']) { + if ($url = rcmail::get_instance()->config->get('logout_url')) { + header("Location: $url", true, 307); + } + } + } + + function shutdown() + { + // There's no need to store password (even if encrypted) in session + // We'll set it back on startup (#1486553) + rcmail::get_instance()->session->remove('password'); + } } |