extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-08 09:04:53 +01:00
Code Issues Packages Projects Releases Wiki Activity
9ebb6a54ca
egroupware/phpgwapi/ntlm/index.php

77 lines
2.6 KiB
PHP
Raw Normal View History

1. NTLM Single Sign ON NTLM SSO removes Windows users on a PC, which is a member of a Windows domain and who are logged into that domain, from the need to explicitly log into eGW. They simply point IE to the eGW URL (eg. http://domain.com/egroupware/) and start working. They can of cause explicitly log out and log in as an other user. For more information look at the README at http://www.egroupware.org/viewvc/trunk/phpgwapi/ntml/README 2. different authentication for SyncML and/or GroupDAV You can now use eg. an external auth provider for the login via the WebGUI (eg. ADS) and the passwords stored in SQL for SyncML.
2008-07-16 11:29:13 +02:00
<?php
/**
* eGroupWare - NTLM or other http auth access without login page
*
* @link http://www.egroupware.org
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
* @package api
* @subpackage authentication
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @copyright (c) 2008 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @version $Id$
*/
/**
* check if the given user has access
*
* Create a session or if the user has no account return authenticate header and 401 Unauthorized
*
* @param array &$account
* @return int session-id
*/
function check_access(&$account)
{
//error_log("AUTH_TYPE={$_SERVER['AUTH_TYPE']}, REMOTE_USER={$_SERVER['REMOTE_USER']}, HTTP_USER_AGENT={$_SERVER['HTTP_USER_AGENT']}, http_auth_types={$GLOBALS['egw_info']['server']['http_auth_types']}");
if (isset($_SERVER['REMOTE_USER']) && $_SERVER['REMOTE_USER'] && isset($_SERVER['AUTH_TYPE']) &&
isset($GLOBALS['egw_info']['server']['http_auth_types']) && $GLOBALS['egw_info']['server']['http_auth_types'] &&
in_array(strtoupper($_SERVER['AUTH_TYPE']),explode(',',strtoupper($GLOBALS['egw_info']['server']['http_auth_types']))))
{
if (strpos($account=$_SERVER['REMOTE_USER'],'\\') !== false)
{
list(,$account) = explode('\\',$account,2);
}
$sessionid = $GLOBALS['egw']->session->create($account,null,'ntlm',false,false); // false=no auth check
//error_log("create('$account',null,'ntlm',false,false)=$sessionid ({$GLOBALS['egw']->session->reason})");
}
if (!$sessionid)
{
explicit redirect target for NTLM auth and reverted unnecessary commit r32251
2010-09-23 19:47:55 +02:00
if (isset($_GET['forward']))
{
header('Location: '.$_GET['forward']);
}
else
{
header('Location: ../../login.php'.(isset($_REQUEST['phpgw_forward']) ? '?phpgw_forward='.$_REQUEST['phpgw_forward'] : ''));
}
1. NTLM Single Sign ON NTLM SSO removes Windows users on a PC, which is a member of a Windows domain and who are logged into that domain, from the need to explicitly log into eGW. They simply point IE to the eGW URL (eg. http://domain.com/egroupware/) and start working. They can of cause explicitly log out and log in as an other user. For more information look at the README at http://www.egroupware.org/viewvc/trunk/phpgwapi/ntml/README 2. different authentication for SyncML and/or GroupDAV You can now use eg. an external auth provider for the login via the WebGUI (eg. ADS) and the passwords stored in SQL for SyncML.
2008-07-16 11:29:13 +02:00
exit;
}
return $sessionid;
}
$GLOBALS['egw_info']['flags'] = array(
'noheader' => True,
'currentapp' => 'home',
'autocreate_session_callback' => 'check_access',
);
// if you move this file somewhere else, you need to adapt the path to the header!
include(dirname(__FILE__).'/../../header.inc.php');
explicit redirect target for NTLM auth and reverted unnecessary commit r32251
2010-09-23 19:47:55 +02:00
if (isset($_GET['forward']))
{
$forward = $_GET['forward'];
$GLOBALS['egw']->session->appsession('referer', 'login', $forward);
error_log('stored login-referer='.$forward);
}
elseif ($_REQUEST['phpgw_forward'])
1. NTLM Single Sign ON NTLM SSO removes Windows users on a PC, which is a member of a Windows domain and who are logged into that domain, from the need to explicitly log into eGW. They simply point IE to the eGW URL (eg. http://domain.com/egroupware/) and start working. They can of cause explicitly log out and log in as an other user. For more information look at the README at http://www.egroupware.org/viewvc/trunk/phpgwapi/ntml/README 2. different authentication for SyncML and/or GroupDAV You can now use eg. an external auth provider for the login via the WebGUI (eg. ADS) and the passwords stored in SQL for SyncML.
2008-07-16 11:29:13 +02:00
{
explicit redirect target for NTLM auth and reverted unnecessary commit r32251
2010-09-23 19:47:55 +02:00
$forward = '../..'.(isset($_GET['phpgw_forward']) ? urldecode($_GET['phpgw_forward']) : @$_POST['phpgw_forward']);
1. NTLM Single Sign ON NTLM SSO removes Windows users on a PC, which is a member of a Windows domain and who are logged into that domain, from the need to explicitly log into eGW. They simply point IE to the eGW URL (eg. http://domain.com/egroupware/) and start working. They can of cause explicitly log out and log in as an other user. For more information look at the README at http://www.egroupware.org/viewvc/trunk/phpgwapi/ntml/README 2. different authentication for SyncML and/or GroupDAV You can now use eg. an external auth provider for the login via the WebGUI (eg. ADS) and the passwords stored in SQL for SyncML.
2008-07-16 11:29:13 +02:00
}
else
{
$forward = '../../index.php';
}
explicit redirect target for NTLM auth and reverted unnecessary commit r32251
2010-09-23 19:47:55 +02:00
// commiting the session, before redirecting might fix racecondition in session creation
$GLOBALS['egw']->session->commit_session();
header('Location: '.$forward);
Reference in New Issue Copy Permalink