githubFork/roundcubemail.git

Aleksander Machniak

2015-11-22 9f1f754daf4b57a0d0d3aea95d2321716d218cf5

commit \| author \| age
48e9c1	1	<?php
T	2
	3	/**
	4	* HTTP Basic Authentication
	5	*
	6	* Make use of an existing HTTP authentication and perform login with the existing user credentials
	7	*
	8	* Configuration:
	9	* // redirect the client to this URL after logout. This page is then responsible to clear HTTP auth
bcedf0	10	* $config['logout_url'] = 'http://server.tld/logout.html';
48e9c1	11	*
T	12	* See logout.html (in this directory) for an example how HTTP auth can be cleared.
	13	*
aec286	14	* For other configuration options, see config.inc.php.dist!
JW	15	*
48e9c1	16	* @version @package_version@
T	17	* @license GNU GPLv3+
	18	* @author Thomas Bruederli
	19	*/
	20	class http_authentication extends rcube_plugin
	21	{
5e3d10	22	private $redirect_query;
48e9c1	23
d9921e	24	function init()
AM	25	{
	26	$this->add_hook('startup', array($this, 'startup'));
	27	$this->add_hook('authenticate', array($this, 'authenticate'));
	28	$this->add_hook('logout_after', array($this, 'logout'));
5e3d10	29	$this->add_hook('login_after', array($this, 'login'));
d9921e	30	}
48e9c1	31
d9921e	32	function startup($args)
AM	33	{
35533c	34	if (!empty($_SERVER['PHP_AUTH_USER'])) {
d9921e	35	$rcmail = rcmail::get_instance();
AM	36	$rcmail->add_shutdown_function(array('http_authentication', 'shutdown'));
48e9c1	37
d9921e	38	// handle login action
5e3d10	39	if (empty($_SESSION['user_id'])) {
N	40	$args['action'] = 'login';
	41	$this->redirect_query = $_SERVER['QUERY_STRING'];
d9921e	42	}
AM	43	// Set user password in session (see shutdown() method for more info)
35533c	44	else if (!empty($_SESSION['user_id']) && empty($_SESSION['password'])
GB	45	&& !empty($_SERVER['PHP_AUTH_PW'])) {
d9921e	46	$_SESSION['password'] = $rcmail->encrypt($_SERVER['PHP_AUTH_PW']);
AM	47	}
	48	}
48e9c1	49
T	50	return $args;
	51	}
	52
d9921e	53	function authenticate($args)
AM	54	{
aec286	55	// Load plugin's config file
JW	56	$this->load_config();
	57
	58	$host = rcmail::get_instance()->config->get('http_authentication_host');
d9a8d2	59	if (is_string($host) && trim($host) !== '' && empty($args['host']))
61be82	60	$args['host'] = rcube_utils::idn_to_ascii(rcube_utils::parse_host($host));
aec286	61
d9921e	62	// Allow entering other user data in login form,
AM	63	// e.g. after log out (#1487953)
	64	if (!empty($args['user'])) {
	65	return $args;
	66	}
	67
35533c	68	if (!empty($_SERVER['PHP_AUTH_USER'])) {
d9921e	69	$args['user'] = $_SERVER['PHP_AUTH_USER'];
35533c	70	if (!empty($_SERVER['PHP_AUTH_PW']))
GB	71	$args['pass'] = $_SERVER['PHP_AUTH_PW'];
d9921e	72	}
AM	73
	74	$args['cookiecheck'] = false;
	75	$args['valid'] = true;
	76
	77	return $args;
48e9c1	78	}
T	79
d9921e	80	function logout($args)
AM	81	{
	82	// redirect to configured URL in order to clear HTTP auth credentials
	83	if (!empty($_SERVER['PHP_AUTH_USER']) && $args['user'] == $_SERVER['PHP_AUTH_USER']) {
	84	if ($url = rcmail::get_instance()->config->get('logout_url')) {
	85	header("Location: $url", true, 307);
	86	}
	87	}
48e9c1	88	}
T	89
d9921e	90	function shutdown()
AM	91	{
	92	// There's no need to store password (even if encrypted) in session
	93	// We'll set it back on startup (#1486553)
	94	rcmail::get_instance()->session->remove('password');
	95	}
9f1f75	96
5e3d10	97	function login($args)
N	98	{
	99	// Redirect to the previous QUERY_STRING
	100	if($this->redirect_query){
	101	header('Location: ./?' . $this->redirect_query);
	102	exit;
	103	}
	104	return $args;
	105	}
48e9c1	106	}
T	107