mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-22 14:41:29 +01:00
b5c28fba48
NTLM SSO removes Windows users on a PC, which is a member of a Windows domain and who are logged into that domain, from the need to explicitly log into eGW. They simply point IE to the eGW URL (eg. http://domain.com/egroupware/) and start working. They can of cause explicitly log out and log in as an other user. For more information look at the README at http://www.egroupware.org/viewvc/trunk/phpgwapi/ntml/README 2. different authentication for SyncML and/or GroupDAV You can now use eg. an external auth provider for the login via the WebGUI (eg. ADS) and the passwords stored in SQL for SyncML.
61 lines
2.1 KiB
PHP
61 lines
2.1 KiB
PHP
<?php
|
|
/**
|
|
* eGroupWare - NTLM or other http auth access without login page
|
|
*
|
|
* @link http://www.egroupware.org
|
|
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
|
* @package api
|
|
* @subpackage authentication
|
|
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
|
|
* @copyright (c) 2008 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
|
|
* @version $Id$
|
|
*/
|
|
|
|
/**
|
|
* check if the given user has access
|
|
*
|
|
* Create a session or if the user has no account return authenticate header and 401 Unauthorized
|
|
*
|
|
* @param array &$account
|
|
* @return int session-id
|
|
*/
|
|
function check_access(&$account)
|
|
{
|
|
//error_log("AUTH_TYPE={$_SERVER['AUTH_TYPE']}, REMOTE_USER={$_SERVER['REMOTE_USER']}, HTTP_USER_AGENT={$_SERVER['HTTP_USER_AGENT']}, http_auth_types={$GLOBALS['egw_info']['server']['http_auth_types']}");
|
|
|
|
if (isset($_SERVER['REMOTE_USER']) && $_SERVER['REMOTE_USER'] && isset($_SERVER['AUTH_TYPE']) &&
|
|
isset($GLOBALS['egw_info']['server']['http_auth_types']) && $GLOBALS['egw_info']['server']['http_auth_types'] &&
|
|
in_array(strtoupper($_SERVER['AUTH_TYPE']),explode(',',strtoupper($GLOBALS['egw_info']['server']['http_auth_types']))))
|
|
{
|
|
if (strpos($account=$_SERVER['REMOTE_USER'],'\\') !== false)
|
|
{
|
|
list(,$account) = explode('\\',$account,2);
|
|
}
|
|
$sessionid = $GLOBALS['egw']->session->create($account,null,'ntlm',false,false); // false=no auth check
|
|
//error_log("create('$account',null,'ntlm',false,false)=$sessionid ({$GLOBALS['egw']->session->reason})");
|
|
}
|
|
if (!$sessionid)
|
|
{
|
|
header('Location: ../../login.php'.(isset($_REQUEST['phpgw_forward']) ? '?'.$_REQUEST['phpgw_forward'] : ''));
|
|
exit;
|
|
}
|
|
return $sessionid;
|
|
}
|
|
|
|
$GLOBALS['egw_info']['flags'] = array(
|
|
'noheader' => True,
|
|
'currentapp' => 'home',
|
|
'autocreate_session_callback' => 'check_access',
|
|
);
|
|
// if you move this file somewhere else, you need to adapt the path to the header!
|
|
include(dirname(__FILE__).'/../../header.inc.php');
|
|
|
|
if ($_REQUEST['phpgw_forward'])
|
|
{
|
|
$forward = '../../'.(isset($_GET['phpgw_forward']) ? urldecode($_GET['phpgw_forward']) : @$_POST['phpgw_forward']);
|
|
}
|
|
else
|
|
{
|
|
$forward = '../../index.php';
|
|
}
|
|
header('Location: '.$forward); |