From 1e8c9c9094d245009ab154e0d54487da0b7c833d Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 7 May 2006 18:12:24 +0200 Subject: optionally use HTTP credentials to log in If no credentials where given (either by form or former cookie) it is checked if credentials from a former HTTP based authentication are available. Those will be tried for login then. This only works with PHP running as Apache module. darcs-hash:20060507161224-7ad00-7ba0a6e871cf5319038e83672a2ff05ef23c124b.gz --- inc/auth.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/inc/auth.php b/inc/auth.php index 7c739d4ef..264a1a5fa 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -53,6 +53,12 @@ // do the login either by cookie or provided credentials if($conf['useacl']){ + // if no credentials were given try to use HTTP auth (for SSO) + if(!$_REQUEST['u'] && !$_COOKIE[DOKU_COOKIE] && $_SERVER['PHP_AUTH_USER']){ + $_REQUEST['u'] = $_SERVER['PHP_AUTH_USER']; + $_REQUEST['p'] = $_SERVER['PHP_AUTH_PW']; + } + // external trust mechanism in place? if(!is_null($auth) && $auth->canDo('external')){ $auth->trustExternal($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r']); -- cgit v1.2.3