Fix for http auth - $_POST['passwd'] not set in this case

This commit is contained in:
Miles Lott 2003-12-11 13:14:47 +00:00
parent 1df412f9c4
commit cbd6475c42

View File

@ -14,7 +14,7 @@
/* $Id$ */ /* $Id$ */
$phpgw_info = array(); $phpgw_info = array();
$submit = false; // set to some initial value $submit = False; // set to some initial value
$GLOBALS['phpgw_info']['flags'] = array( $GLOBALS['phpgw_info']['flags'] = array(
'disable_template_class' => True, 'disable_template_class' => True,
@ -124,6 +124,12 @@
$submit = True; $submit = True;
$login = $_SERVER['PHP_AUTH_USER']; $login = $_SERVER['PHP_AUTH_USER'];
$passwd = $_SERVER['PHP_AUTH_PW']; $passwd = $_SERVER['PHP_AUTH_PW'];
$passwd_type = 'text';
}
else
{
$passwd = $_POST['passwd'];
$passwd_type = $_POST['passwd_type'];
} }
# Apache + mod_ssl style SSL certificate authentication # Apache + mod_ssl style SSL certificate authentication
@ -147,7 +153,8 @@
# login will be set here if the user logged out and uses a different username with # login will be set here if the user logged out and uses a different username with
# the same SSL-certificate. # the same SSL-certificate.
if (!isset($_POST['login'])&&isset($sslattributes['Email'])) { if(!isset($_POST['login'])&&isset($sslattributes['Email']))
{
$login = $sslattributes['Email']; $login = $sslattributes['Email'];
# not checked against the database, but delivered to authentication module # not checked against the database, but delivered to authentication module
$passwd = $_SERVER['SSL_CLIENT_S_DN']; $passwd = $_SERVER['SSL_CLIENT_S_DN'];
@ -158,11 +165,11 @@
unset($sslattributes); unset($sslattributes);
} }
if (isset($_POST['passwd_type']) || $_POST['submit_x'] || $_POST['submit_y'] || $submit) if(isset($passwd_type) || $_POST['submit_x'] || $_POST['submit_y'] || $submit)
// isset($_POST['passwd']) && $_POST['passwd']) // enable konqueror to login via Return // isset($_POST['passwd']) && $_POST['passwd']) // enable konqueror to login via Return
{ {
if (getenv(REQUEST_METHOD) != 'POST' && $_SERVER['REQUEST_METHOD'] != 'POST' if(getenv(REQUEST_METHOD) != 'POST' && $_SERVER['REQUEST_METHOD'] != 'POST' &&
&& !isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['SSL_CLIENT_S_DN'])) !isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['SSL_CLIENT_S_DN']))
{ {
$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','code=5')); $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','code=5'));
} }
@ -181,7 +188,7 @@
{ {
$login .= '@'.$GLOBALS['phpgw_info']['server']['default_domain']; $login .= '@'.$GLOBALS['phpgw_info']['server']['default_domain'];
} }
$GLOBALS['sessionid'] = $GLOBALS['phpgw']->session->create($login,$_POST['passwd'],$_POST['passwd_type'],'u'); $GLOBALS['sessionid'] = $GLOBALS['phpgw']->session->create($login,$passwd,$passwd_type,'u');
if(!isset($GLOBALS['sessionid']) || ! $GLOBALS['sessionid']) if(!isset($GLOBALS['sessionid']) || ! $GLOBALS['sessionid'])
{ {
@ -295,7 +302,6 @@
$GLOBALS['phpgw_info']['server']['template_set'] = $GLOBALS['phpgw_info']['login_template_set']; $GLOBALS['phpgw_info']['server']['template_set'] = $GLOBALS['phpgw_info']['login_template_set'];
$tmpl->set_var('charset',$GLOBALS['phpgw']->translation->charset()); $tmpl->set_var('charset',$GLOBALS['phpgw']->translation->charset());
$tmpl->set_var('login_url', $GLOBALS['phpgw_info']['server']['webserver_url'] . '/login.php' . $extra_vars); $tmpl->set_var('login_url', $GLOBALS['phpgw_info']['server']['webserver_url'] . '/login.php' . $extra_vars);
$tmpl->set_var('registration_url',$GLOBALS['phpgw_info']['server']['webserver_url'] . '/registration/'); $tmpl->set_var('registration_url',$GLOBALS['phpgw_info']['server']['webserver_url'] . '/registration/');