diff options
| author | Gina Haeussge <osd@foosel.net> | 2008-10-12 15:10:42 +0200 |
|---|---|---|
| committer | Gina Haeussge <osd@foosel.net> | 2008-10-12 15:10:42 +0200 |
| commit | b2c0d8748928d956d6dc5168ce3df0f8f4784592 (patch) | |
| tree | e682dbcf897c9c4b423347fac7284b14c35a7c8f | |
| parent | d530a62a501f6dfec02b4c3378cc82ae7d25ce9d (diff) | |
| download | rpg-b2c0d8748928d956d6dc5168ce3df0f8f4784592.tar.gz rpg-b2c0d8748928d956d6dc5168ce3df0f8f4784592.tar.bz2 | |
Fail silently if trying to login through supplied HTTP credentials (FS#1228)
darcs-hash:20081012131042-2b4f5-029f4f0ffa6c89e23653584c8bb41db78834cc73.gz
| -rw-r--r-- | inc/auth.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/inc/auth.php b/inc/auth.php index 6c9ac9817..1eef0db91 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -58,11 +58,13 @@ if (!isset($_REQUEST['u'])) $_REQUEST['u'] = ''; if (!isset($_REQUEST['p'])) $_REQUEST['p'] = ''; if (!isset($_REQUEST['r'])) $_REQUEST['r'] = ''; + $_REQUEST['http_credentials'] = false; // if no credentials were given try to use HTTP auth (for SSO) if(empty($_REQUEST['u']) && empty($_COOKIE[DOKU_COOKIE]) && !empty($_SERVER['PHP_AUTH_USER'])){ $_REQUEST['u'] = $_SERVER['PHP_AUTH_USER']; $_REQUEST['p'] = $_SERVER['PHP_AUTH_PW']; + $_REQUEST['http_credentials'] = true; } if($_REQUEST['authtok']){ @@ -72,7 +74,7 @@ // external trust mechanism in place $auth->trustExternal($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r']); }else{ - auth_login($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r']); + auth_login($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r'],$_REQUEST['http_credentials']); } } |