diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2009-01-14 16:36:01 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2009-01-14 16:36:01 +0100 |
| commit | 528ddc7cac15cc9f17ebc90b5adab6908c11de45 (patch) | |
| tree | bd9bd4854c0e428646001a3cf48481d878ce6eba | |
| parent | c7408a6326fe814aaf38f4b58fbe4ed55c025339 (diff) | |
| download | rpg-528ddc7cac15cc9f17ebc90b5adab6908c11de45.tar.gz rpg-528ddc7cac15cc9f17ebc90b5adab6908c11de45.tar.bz2 | |
make HTTP SSO possible for IIS or rewriting
DokuWiki silently attemps to resuse received HTTP auth credentials for
user logins. Unfortunately these are only passed to PHP when using
mod_php. IIS provides a HTTP_AUTHORIZATION header which now will
be decoded and used as well.
This header can also be faked via mod_rewrite:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* - [E
darcs-hash:20090114153601-7ad00-6c75e8568eda6753834981642eed638b9eb01694.gz
| -rw-r--r-- | inc/auth.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/inc/auth.php b/inc/auth.php index aa5439a0d..20f0407c0 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -61,6 +61,12 @@ $_REQUEST['http_credentials'] = false; if (!$conf['rememberme']) $_REQUEST['r'] = false; + // streamline HTTP auth credentials (IIS/rewrite -> mod_php) + isset($_SERVER['HTTP_AUTHORIZATION']){ + list($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']) = + explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); + } + // if no credentials were given try to use HTTP auth (for SSO) if(empty($_REQUEST['u']) && empty($_COOKIE[DOKU_COOKIE]) && !empty($_SERVER['PHP_AUTH_USER'])){ $_REQUEST['u'] = $_SERVER['PHP_AUTH_USER']; |