From 528ddc7cac15cc9f17ebc90b5adab6908c11de45 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Wed, 14 Jan 2009 16:36:01 +0100
Subject: make HTTP SSO possible for IIS or rewriting

DokuWiki silently attemps to resuse received HTTP auth credentials for
user logins. Unfortunately these are only passed to PHP when using
mod_php. IIS provides a HTTP_AUTHORIZATION header which now will
be decoded and used as well.

This header can also be faked via mod_rewrite:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* - [E

darcs-hash:20090114153601-7ad00-6c75e8568eda6753834981642eed638b9eb01694.gz
---
 inc/auth.php | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'inc/auth.php')

diff --git a/inc/auth.php b/inc/auth.php
index aa5439a0d..20f0407c0 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -61,6 +61,12 @@
       $_REQUEST['http_credentials'] = false;
       if (!$conf['rememberme']) $_REQUEST['r'] = false;
 
+      // streamline HTTP auth credentials (IIS/rewrite -> mod_php)
+      isset($_SERVER['HTTP_AUTHORIZATION']){
+        list($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']) =
+          explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
+      }
+
       // if no credentials were given try to use HTTP auth (for SSO)
       if(empty($_REQUEST['u']) && empty($_COOKIE[DOKU_COOKIE]) && !empty($_SERVER['PHP_AUTH_USER'])){
         $_REQUEST['u'] = $_SERVER['PHP_AUTH_USER'];
-- 
cgit v1.2.3