|
0
|
1 <?php
|
|
|
2
|
|
|
3 /**
|
|
|
4 * HTTP Basic Authentication
|
|
|
5 *
|
|
|
6 * Make use of an existing HTTP authentication and perform login with the existing user credentials
|
|
|
7 *
|
|
|
8 * Configuration:
|
|
|
9 * // redirect the client to this URL after logout. This page is then responsible to clear HTTP auth
|
|
|
10 * $config['logout_url'] = 'http://server.tld/logout.html';
|
|
|
11 *
|
|
|
12 * See logout.html (in this directory) for an example how HTTP auth can be cleared.
|
|
|
13 *
|
|
|
14 * For other configuration options, see config.inc.php.dist!
|
|
|
15 *
|
|
|
16 * @license GNU GPLv3+
|
|
|
17 * @author Thomas Bruederli
|
|
|
18 */
|
|
|
19 class http_authentication extends rcube_plugin
|
|
|
20 {
|
|
|
21 private $redirect_query;
|
|
|
22
|
|
|
23 function init()
|
|
|
24 {
|
|
|
25 $this->add_hook('startup', array($this, 'startup'));
|
|
|
26 $this->add_hook('authenticate', array($this, 'authenticate'));
|
|
|
27 $this->add_hook('logout_after', array($this, 'logout'));
|
|
|
28 $this->add_hook('login_after', array($this, 'login'));
|
|
|
29 }
|
|
|
30
|
|
|
31 function startup($args)
|
|
|
32 {
|
|
|
33 if (!empty($_SERVER['PHP_AUTH_USER'])) {
|
|
|
34 $rcmail = rcmail::get_instance();
|
|
|
35 $rcmail->add_shutdown_function(array('http_authentication', 'shutdown'));
|
|
|
36
|
|
|
37 // handle login action
|
|
|
38 if (empty($_SESSION['user_id'])) {
|
|
|
39 $args['action'] = 'login';
|
|
|
40 $this->redirect_query = $_SERVER['QUERY_STRING'];
|
|
|
41 }
|
|
|
42 // Set user password in session (see shutdown() method for more info)
|
|
|
43 else if (!empty($_SESSION['user_id']) && empty($_SESSION['password'])
|
|
|
44 && !empty($_SERVER['PHP_AUTH_PW'])) {
|
|
|
45 $_SESSION['password'] = $rcmail->encrypt($_SERVER['PHP_AUTH_PW']);
|
|
|
46 }
|
|
|
47 }
|
|
|
48
|
|
|
49 return $args;
|
|
|
50 }
|
|
|
51
|
|
|
52 function authenticate($args)
|
|
|
53 {
|
|
|
54 // Load plugin's config file
|
|
|
55 $this->load_config();
|
|
|
56
|
|
|
57 $host = rcmail::get_instance()->config->get('http_authentication_host');
|
|
|
58 if (is_string($host) && trim($host) !== '' && empty($args['host']))
|
|
|
59 $args['host'] = rcube_utils::idn_to_ascii(rcube_utils::parse_host($host));
|
|
|
60
|
|
|
61 // Allow entering other user data in login form,
|
|
|
62 // e.g. after log out (#1487953)
|
|
|
63 if (!empty($args['user'])) {
|
|
|
64 return $args;
|
|
|
65 }
|
|
|
66
|
|
|
67 if (!empty($_SERVER['PHP_AUTH_USER'])) {
|
|
|
68 $args['user'] = $_SERVER['PHP_AUTH_USER'];
|
|
|
69 if (!empty($_SERVER['PHP_AUTH_PW']))
|
|
|
70 $args['pass'] = $_SERVER['PHP_AUTH_PW'];
|
|
|
71 }
|
|
|
72
|
|
|
73 $args['cookiecheck'] = false;
|
|
|
74 $args['valid'] = true;
|
|
|
75
|
|
|
76 return $args;
|
|
|
77 }
|
|
|
78
|
|
|
79 function logout($args)
|
|
|
80 {
|
|
|
81 // redirect to configured URL in order to clear HTTP auth credentials
|
|
|
82 if (!empty($_SERVER['PHP_AUTH_USER']) && $args['user'] == $_SERVER['PHP_AUTH_USER']) {
|
|
|
83 if ($url = rcmail::get_instance()->config->get('logout_url')) {
|
|
|
84 header("Location: $url", true, 307);
|
|
|
85 }
|
|
|
86 }
|
|
|
87 }
|
|
|
88
|
|
|
89 function shutdown()
|
|
|
90 {
|
|
|
91 // There's no need to store password (even if encrypted) in session
|
|
|
92 // We'll set it back on startup (#1486553)
|
|
|
93 rcmail::get_instance()->session->remove('password');
|
|
|
94 }
|
|
|
95
|
|
|
96 function login($args)
|
|
|
97 {
|
|
|
98 // Redirect to the previous QUERY_STRING
|
|
|
99 if($this->redirect_query){
|
|
|
100 header('Location: ./?' . $this->redirect_query);
|
|
|
101 exit;
|
|
|
102 }
|
|
|
103 return $args;
|
|
|
104 }
|
|
|
105 }
|
|
|
106
|
