egroupware/phpgwapi/ntlm/index.php

<?php
/**
 * eGroupWare - NTLM or other http auth access without login page
 *
 * @link http://www.egroupware.org
 * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
 * @package api
 * @subpackage authentication
 * @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @copyright (c) 2008 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @version $Id$
 */

/**
 * check if the given user has access
 *
 * Create a session or if the user has no account return authenticate header and 401 Unauthorized
 *
 * @param array &$account
 * @return int session-id
 */
function check_access(&$account)
{
	//error_log("AUTH_TYPE={$_SERVER['AUTH_TYPE']}, REMOTE_USER={$_SERVER['REMOTE_USER']}, HTTP_USER_AGENT={$_SERVER['HTTP_USER_AGENT']}, http_auth_types={$GLOBALS['egw_info']['server']['http_auth_types']}");
	
	if (isset($_SERVER['REMOTE_USER']) && $_SERVER['REMOTE_USER'] && isset($_SERVER['AUTH_TYPE']) &&
		isset($GLOBALS['egw_info']['server']['http_auth_types']) && $GLOBALS['egw_info']['server']['http_auth_types'] &&
		in_array(strtoupper($_SERVER['AUTH_TYPE']),explode(',',strtoupper($GLOBALS['egw_info']['server']['http_auth_types']))))
	{
		if (strpos($account=$_SERVER['REMOTE_USER'],'\\') !== false)
		{
			list(,$account) = explode('\\',$account,2);
		}
		$sessionid = $GLOBALS['egw']->session->create($account,null,'ntlm',false,false);	// false=no auth check
		//error_log("create('$account',null,'ntlm',false,false)=$sessionid ({$GLOBALS['egw']->session->reason})");
	}
	if (!$sessionid)
	{
		header('Location: ../../login.php'.(isset($_REQUEST['phpgw_forward']) ? '?'.$_REQUEST['phpgw_forward'] : ''));
		exit;
	}
	return $sessionid;
}

$GLOBALS['egw_info']['flags'] = array(
	'noheader'  => True,
	'currentapp' => 'home',
	'autocreate_session_callback' => 'check_access',
);
// if you move this file somewhere else, you need to adapt the path to the header!
include(dirname(__FILE__).'/../../header.inc.php');

if ($_REQUEST['phpgw_forward'])
{
	$forward = '../../'.(isset($_GET['phpgw_forward']) ? urldecode($_GET['phpgw_forward']) : @$_POST['phpgw_forward']);
}
else
{
	$forward = '../../index.php';
}
header('Location: '.$forward);
1. NTLM Single Sign ON NTLM SSO removes Windows users on a PC, which is a member of a Windows domain and who are logged into that domain, from the need to explicitly log into eGW. They simply point IE to the eGW URL (eg. http://domain.com/egroupware/) and start working. They can of cause explicitly log out and log in as an other user. For more information look at the README at http://www.egroupware.org/viewvc/trunk/phpgwapi/ntml/README 2. different authentication for SyncML and/or GroupDAV You can now use eg. an external auth provider for the login via the WebGUI (eg. ADS) and the passwords stored in SQL for SyncML. 2008-07-16 11:29:13 +02:00			`<?php`
			`/**`
			`* eGroupWare - NTLM or other http auth access without login page`
			`*`
			`* @link http://www.egroupware.org`
			`* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License`
			`* @package api`
			`* @subpackage authentication`
			`* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>`
			`* @copyright (c) 2008 by Ralf Becker <RalfBecker-AT-outdoor-training.de>`
			`* @version $Id$`
			`*/`

			`/**`
			`* check if the given user has access`
			`*`
			`* Create a session or if the user has no account return authenticate header and 401 Unauthorized`
			`*`
			`* @param array &$account`
			`* @return int session-id`
			`*/`
			`function check_access(&$account)`
			`{`
			`//error_log("AUTH_TYPE={$_SERVER['AUTH_TYPE']}, REMOTE_USER={$_SERVER['REMOTE_USER']}, HTTP_USER_AGENT={$_SERVER['HTTP_USER_AGENT']}, http_auth_types={$GLOBALS['egw_info']['server']['http_auth_types']}");`

			`if (isset($_SERVER['REMOTE_USER']) && $_SERVER['REMOTE_USER'] && isset($_SERVER['AUTH_TYPE']) &&`
			`isset($GLOBALS['egw_info']['server']['http_auth_types']) && $GLOBALS['egw_info']['server']['http_auth_types'] &&`
			`in_array(strtoupper($_SERVER['AUTH_TYPE']),explode(',',strtoupper($GLOBALS['egw_info']['server']['http_auth_types']))))`
			`{`
			`if (strpos($account=$_SERVER['REMOTE_USER'],'\\') !== false)`
			`{`
			`list(,$account) = explode('\\',$account,2);`
			`}`
			`$sessionid = $GLOBALS['egw']->session->create($account,null,'ntlm',false,false); // false=no auth check`
			`//error_log("create('$account',null,'ntlm',false,false)=$sessionid ({$GLOBALS['egw']->session->reason})");`
			`}`
			`if (!$sessionid)`
			`{`
			`header('Location: ../../login.php'.(isset($_REQUEST['phpgw_forward']) ? '?'.$_REQUEST['phpgw_forward'] : ''));`
			`exit;`
			`}`
			`return $sessionid;`
			`}`

			`$GLOBALS['egw_info']['flags'] = array(`
			`'noheader' => True,`
			`'currentapp' => 'home',`
			`'autocreate_session_callback' => 'check_access',`
			`);`
			`// if you move this file somewhere else, you need to adapt the path to the header!`
			`include(dirname(__FILE__).'/../../header.inc.php');`

			`if ($_REQUEST['phpgw_forward'])`
			`{`
			`$forward = '../../'.(isset($_GET['phpgw_forward']) ? urldecode($_GET['phpgw_forward']) : @$_POST['phpgw_forward']);`
			`}`
			`else`
			`{`
			`$forward = '../../index.php';`
			`}`
			`header('Location: '.$forward);`