modules/webserver_auth/webserver_auth.module

<?php
// $Id$

/**
 * Implementation of hook_menu().
 */
function webserver_auth_menu() {
  $items = array();
  $items['admin/settings/webserver_auth'] = array(
    'title' => t('Webserver authentication'),
    'description' => t('Configure a domain for generating email addresses. Optional.'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('webserver_auth_settings'),
    'access arguments' => array('administer site configuration'),
  );
  return $items;
}

/**
 * Implementation of hook_init().
 */
function webserver_auth_init() {
  global $user;

  $authname = '';

  // Make sure we get the remote user whichever way it is available.
  if (isset($_SERVER['REDIRECT_REMOTE_USER'])) {
    $authname = $_SERVER['REDIRECT_REMOTE_USER'];
  }
  elseif (isset($_SERVER['REMOTE_USER'])) {
    $authname = $_SERVER['REMOTE_USER'];
  }

  // Perform some cleanup so plaintext passwords aren't available under
  // mod_auth_kerb.
  unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);

  // Retrieve user credentials
  $result = db_query("SELECT uid FROM {authmap} WHERE authname = '%s' AND module = 'webserver_auth'", $authname);
  $expected = db_fetch_array($result);

  if (isset($user) && $user->uid === $expected['uid']) {
    // Do nothing: user is already logged into Drupal with session data matching
    // HTTP authentication.
  }
  else {
    if (!empty($authname)) {
      // User is logged into webserver via HTTP authentication.
      // Try to log into Drupal. 
      $user = user_external_load($authname);

      if (!$user) {
        // If unsuccessful, register the user. This will trigger
        // webserver_auth_user() and any other _user() hooks.
        user_external_login_register($authname, 'webserver_auth');
      }
    }
  }
}

/**
 * Implementation of hook_user().
 */
function webserver_auth_user($op, &$edit, &$account, $category = NULL) {
  if ($op == 'insert' && $category = 'account') {
    $account->name = trim($account->name);
    // Pretty up the username for NTLM authentication (i.e. Windows)
    if (variable_get('webserver_auth_strip_prefix', TRUE)) {
      // Get 'bar' from 'foo1\foo2\bar'
      $account->name = array_pop(explode("\\", $account->name));
    }
    if (variable_get('webserver_auth_strip_domain', TRUE)) {
      // Get 'foo' from 'foo@bar'
      $account->name = array_shift(explode('@', $account->name));
    }
    db_query("UPDATE {users} SET name = '%s' WHERE uid = %d", $account->name, $account->uid);
    // Generate an e-mail address automagically
    if ($domain = variable_get('webserver_auth_email_domain', '')) {
      if ($account->name) {
        db_query("UPDATE {users} SET mail = '%s@%s' WHERE uid = %d", $account->name, $domain, $account->uid);
      }
    }
    // run some custom code to modify the user object at creation time
    if ($code = variable_get('webserver_auth_insert', '')) {
      eval('?>'. $code);
    }
  }
  elseif ($op == 'logout') {
    global $base_url;
    // kick user out of a secure session so they aren't automatically logged back in
    $base_url = str_replace('https://', 'http://', $base_url);
  }
}

/**
 * Implementation of hook_settings().
 */
function webserver_auth_settings() {
  $form['webserver_auth_email_domain'] = array(
    '#type' => 'textfield',
    '#title' => t('Email domain'),
    '#default_value' => variable_get('webserver_auth_email_domain', ''),
    '#size' => 30,
    '#maxlength' => 55,
    '#description' => t('Append this domain name to each new user in order generate his email address.'),
  );
  $form['advanced'] = array(
    '#type' => 'fieldset',
    '#title' => t('Advanced settings'),
    '#collapsible' => TRUE,
    '#collapsed' => TRUE,
    'webserver_auth_strip_prefix' => array(
      '#type' => 'checkbox',
      '#title' => t('Strip prefix'),
      '#default_value' => variable_get('webserver_auth_strip_prefix', TRUE),
      '#description' => t("Strip NTLM-style prefixes (e.g. 'foo1\foo2') from the login name ('foo1\foo2\bar') to generate the username ('bar')."),
    ),
    'webserver_auth_strip_domain' => array(
      '#type' => 'checkbox',
      '#title' => t('Strip domain'),
      '#default_value' => variable_get('webserver_auth_strip_domain', TRUE),
      '#description' => t("Strip a domain name (e.g. '@EXAMPLE.COM') from the login name ('newuser@EXAMPLE.COM') to generate the username ('newuser')."),
    ),
    'webserver_auth_insert' => array(
      '#type' => 'textarea',
      '#title' => 'User account modification',
      '#default_value' => variable_get('webserver_auth_insert', ''),
      '#description' => t("Modify user accounts at the time of creation. Use PHP code (enclosed in <code>&lt;?php</code> and <code>?&gt;</code>). The variable <code>\$account</code> is available as in <a href=\"http://api.drupal.org/api/function/hook_user/6\">hook_user('insert',...)</a>. Changes to the user object must be explicitly saved to the database to be made permanent."),
    ),
  );
  return system_settings_form($form);
}
1	weitzman	1.1	<?php
2	weitzman	1.22.2.1	// $Id$
3	weitzman	1.19
4	weitzman	1.22.2.1	/**
5			* Implementation of hook_menu().
6			*/
7	weitzman	1.21	function webserver_auth_menu() {
8			$items = array();
9			$items['admin/settings/webserver_auth'] = array(
10			'title' => t('Webserver authentication'),
11			'description' => t('Configure a domain for generating email addresses. Optional.'),
12			'page callback' => 'drupal_get_form',
13			'page arguments' => array('webserver_auth_settings'),
14			'access arguments' => array('administer site configuration'),
15			);
16	weitzman	1.19	return $items;
17			}
18	weitzman	1.1
19	weitzman	1.22.2.1	/**
20			* Implementation of hook_init().
21			*/
22	weitzman	1.5	function webserver_auth_init() {
23	weitzman	1.21	global $user;
24
25			$authname = '';
26
27			// Make sure we get the remote user whichever way it is available.
28			if (isset($_SERVER['REDIRECT_REMOTE_USER'])) {
29			$authname = $_SERVER['REDIRECT_REMOTE_USER'];
30			}
31			elseif (isset($_SERVER['REMOTE_USER'])) {
32			$authname = $_SERVER['REMOTE_USER'];
33			}
34	weitzman	1.10
35	weitzman	1.21	// Perform some cleanup so plaintext passwords aren't available under
36			// mod_auth_kerb.
37			unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
38	weitzman	1.20
39	weitzman	1.21	// Retrieve user credentials
40			$result = db_query("SELECT uid FROM {authmap} WHERE authname = '%s' AND module = 'webserver_auth'", $authname);
41			$expected = db_fetch_array($result);
42
43			if (isset($user) && $user->uid === $expected['uid']) {
44			// Do nothing: user is already logged into Drupal with session data matching
45			// HTTP authentication.
46	weitzman	1.1	}
47			else {
48	weitzman	1.21	if (!empty($authname)) {
49			// User is logged into webserver via HTTP authentication.
50			// Try to log into Drupal.
51			$user = user_external_load($authname);
52
53			if (!$user) {
54			// If unsuccessful, register the user. This will trigger
55			// webserver_auth_user() and any other _user() hooks.
56			user_external_login_register($authname, 'webserver_auth');
57	weitzman	1.12	}
58	weitzman	1.21	}
59			}
60			}
61	weitzman	1.10
62	weitzman	1.21	/**
63			* Implementation of hook_user().
64			*/
65			function webserver_auth_user($op, &$edit, &$account, $category = NULL) {
66	weitzman	1.22.2.1	if ($op == 'insert' && $category = 'account') {
67			$account->name = trim($account->name);
68			// Pretty up the username for NTLM authentication (i.e. Windows)
69			if (variable_get('webserver_auth_strip_prefix', TRUE)) {
70			// Get 'bar' from 'foo1\foo2\bar'
71			$account->name = array_pop(explode("\\", $account->name));
72			}
73			if (variable_get('webserver_auth_strip_domain', TRUE)) {
74			// Get 'foo' from 'foo@bar'
75			$account->name = array_shift(explode('@', $account->name));
76			}
77			db_query("UPDATE {users} SET name = '%s' WHERE uid = %d", $account->name, $account->uid);
78			// Generate an e-mail address automagically
79			if ($domain = variable_get('webserver_auth_email_domain', '')) {
80			if ($account->name) {
81			db_query("UPDATE {users} SET mail = '%s@%s' WHERE uid = %d", $account->name, $domain, $account->uid);
82	weitzman	1.18	}
83	weitzman	1.1	}
84	weitzman	1.22.2.1	// run some custom code to modify the user object at creation time
85			if ($code = variable_get('webserver_auth_insert', '')) {
86			eval('?>'. $code);
87			}
88	weitzman	1.1	}
89	weitzman	1.21	elseif ($op == 'logout') {
90			global $base_url;
91			// kick user out of a secure session so they aren't automatically logged back in
92			$base_url = str_replace('https://', 'http://', $base_url);
93	weitzman	1.3	}
94			}
95
96	weitzman	1.22.2.1	/**
97			* Implementation of hook_settings().
98			*/
99	weitzman	1.5	function webserver_auth_settings() {
100	weitzman	1.21	$form['webserver_auth_email_domain'] = array(
101	weitzman	1.13	'#type' => 'textfield',
102	weitzman	1.21	'#title' => t('Email domain'),
103			'#default_value' => variable_get('webserver_auth_email_domain', ''),
104	weitzman	1.13	'#size' => 30,
105			'#maxlength' => 55,
106	weitzman	1.21	'#description' => t('Append this domain name to each new user in order generate his email address.'),
107			);
108			$form['advanced'] = array(
109			'#type' => 'fieldset',
110			'#title' => t('Advanced settings'),
111			'#collapsible' => TRUE,
112			'#collapsed' => TRUE,
113			'webserver_auth_strip_prefix' => array(
114			'#type' => 'checkbox',
115			'#title' => t('Strip prefix'),
116			'#default_value' => variable_get('webserver_auth_strip_prefix', TRUE),
117			'#description' => t("Strip NTLM-style prefixes (e.g. 'foo1\foo2') from the login name ('foo1\foo2\bar') to generate the username ('bar')."),
118			),
119			'webserver_auth_strip_domain' => array(
120			'#type' => 'checkbox',
121			'#title' => t('Strip domain'),
122			'#default_value' => variable_get('webserver_auth_strip_domain', TRUE),
123			'#description' => t("Strip a domain name (e.g. '@EXAMPLE.COM') from the login name ('newuser@EXAMPLE.COM') to generate the username ('newuser')."),
124			),
125			'webserver_auth_insert' => array(
126			'#type' => 'textarea',
127			'#title' => 'User account modification',
128			'#default_value' => variable_get('webserver_auth_insert', ''),
129	weitzman	1.22.2.1	'#description' => t("Modify user accounts at the time of creation. Use PHP code (enclosed in <code><?php</code> and <code>?></code>). The variable <code>\$account</code> is available as in <a href=\"http://api.drupal.org/api/function/hook_user/6\">hook_user('insert',...)</a>. Changes to the user object must be explicitly saved to the database to be made permanent."),
130	weitzman	1.21	),
131			);
132			return system_settings_form($form);
133	weitzman	1.22.2.1	}