/[drupal]/contributions/modules/webserver_auth/webserver_auth.module

Diff of /contributions/modules/webserver_auth/webserver_auth.module

Parent Directory | Revision Log | View Revision Graph Revision Graph | View Patch Patch

-revision 1.11.2.2,
Fri Apr 29 19:28:02 2005 UTC
+revision 1.23,
Thu Jul 17 20:42:49 2008 UTC
 Line 1
  <?php
- // $Id: webserver_auth.module,v 1.12 2005/04/29 19:27:31 weitzman Exp $
+ // $Id: webserver_auth.module,v 1.22 2008/07/17 20:37:37 weitzman Exp $
+ function webserver_auth_menu() {
+   $items = array();
+   $items['admin/settings/webserver_auth'] = array(
+     'title' => t('Webserver authentication'),
+     'description' => t('Configure a domain for generating email addresses. Optional.'),
+     'page callback' => 'drupal_get_form',
+     'page arguments' => array('webserver_auth_settings'),
+     'access arguments' => array('administer site configuration'),
+   );
+   return $items;
+ }
  function webserver_auth_init() {
-   global $user, $account;
+   global $user;
-   if ($user->uid) {
+   $authname = '';
-     //do nothing because user is already logged into Drupal
+   // Make sure we get the remote user whichever way it is available.
+   if (isset($_SERVER['REDIRECT_REMOTE_USER'])) {
+     $authname = $_SERVER['REDIRECT_REMOTE_USER'];
+   }
+   elseif (isset($_SERVER['REMOTE_USER'])) {
+     $authname = $_SERVER['REMOTE_USER'];
    }
-   else {
-     if ($name = $_SERVER["REMOTE_USER"]) {
-       // user is logged into webserver.
-       $account->name = $name;
-       //modules get to change the user bits before saving. use a global $account to do so.
-       // only loaded modules will see this hook
-       module_invoke_all("webserver_auth");
-       // if we are in bootstrap, load user.module ourselves
-       if (!module_exist('user')) {
-        drupal_load('module', 'user');
-       }
-       // try to log into Drupal. if unsuccessful, register the user
+   // Perform some cleanup so plaintext passwords aren't available under
-       $user = user_external_load($account->name);
+   // mod_auth_kerb.
-       if (!$user->uid) {
+   unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
-         if (variable_get("user_register", 1) == 1) {
-           $user_default = array("name" => $account->name, "pass" => "cyan", "init" => db_escape_string($name), "authname_webserver_auth" => $account->name, "status" => 1, "roles" => array(_user_authenticated_id()));
+   // Retrieve user credentials
-           // TODO - the hook_user('register') will fire but only for loaded modules. cold be a problem for sites using page cache and that hook+operation
+   $result = db_query("SELECT uid FROM {authmap} WHERE authname = '%s' AND module = 'webserver_auth'", $authname);
-           $user = user_save("", array_merge($user_default, $account));
+   $expected = db_fetch_array($result);
-           watchdog("user", "new user: $user->name (webserver_auth)", l(t("edit user"), "admin/user/edit/$user->uid"));
-         }
+   if (isset($user) && $user->uid === $expected['uid']) {
+     // Do nothing: user is already logged into Drupal with session data matching
+     // HTTP authentication.
+   }
+   else {
+     if (!empty($authname)) {
+       // User is logged into webserver via HTTP authentication.
+       // Try to log into Drupal.
+       $user = user_external_load($authname);
+       if (!$user) {
+         // If unsuccessful, register the user. This will trigger
+         // webserver_auth_user() and any other _user() hooks.
+         user_external_login_register($authname, 'webserver_auth');
        }
      }
-     else {
-       // do nothing. user isn't logged into web server
-     }
    }
  }
- // using a global to change your bits. module_invoke_all miffs me.
+ /**
- function webserver_auth_webserver_auth() {
+  * Implementation of hook_user().
-   global $account;
+  */
+ function webserver_auth_user($op, &$edit, &$account, $category = NULL) {
-   // pretties up the username for NTLM authentication (i.e. Windows)
+   if ($op == 'submit' && $category = 'account') {
-   if ($_SERVER["AUTH_TYPE"] == "NTLM" || $_SERVER["AUTH_TYPE"] == 'Negotiate') {
+     // Only fiddle with new accounts.
-     $account->name = substr(trim($account->name), strrpos(trim($account->name), "\\")+1);
+     if (empty($account->uid)) {
-   }
+       $account->name = trim($account->name);
+       // Pretty up the username for NTLM authentication (i.e. Windows)
+       if (variable_get('webserver_auth_strip_prefix', TRUE)) {
+         // Get 'bar' from 'foo1\foo2\bar'
+         $account->name = array_pop(explode("\\", $account->name));
+       }
+       if (variable_get('webserver_auth_strip_domain', TRUE)) {
+         // Get 'foo' from 'foo@bar'
+         $account->name = array_shift(explode('@', $account->name));
+       }
-   if ($domain = variable_get("webserver_auth_domain", "")) {
+       // Generate an e-mail address automagically
-     if ($account->name) {
+       if ($domain = variable_get('webserver_auth_email_domain', '')) {
-       $account->mail = $account->name. "@$domain";
+         if ($account->name) {
+           $account->mail = $account->name. '@'. $domain;
+         }
+       }
+       // run some custom code to modify the user object at creation time
+       if ($code = variable_get('webserver_auth_insert', '')) {
+         eval('?>'. $code);
+       }
      }
    }
- }
+   elseif ($op == 'logout') {
+     global $base_url;
- function webserver_auth_settings() {
+     // kick user out of a secure session so they aren't automatically logged back in
-   $output = form_textfield(t("Email Domain"), "webserver_auth_domain", variable_get("webserver_auth_domain", ""), 30, 55, t("Append this domain name to each new user in order generate his email address."));
+     $base_url = str_replace('https://', 'http://', $base_url);
-   return $output;
- }
- function webserver_auth_help($section) {
-   $output ="";
-   switch ($section) {
-     case 'admin/help#webserver_auth':
-       break;
-     case 'admin/modules#description':
-       $output .= t("Use web server authentication instead of Drupal");
-       break;
    }
-   return $output;
  }
- ?>
+ function webserver_auth_settings() {
+   $form['webserver_auth_email_domain'] = array(
+     '#type' => 'textfield',
+     '#title' => t('Email domain'),
+     '#default_value' => variable_get('webserver_auth_email_domain', ''),
+     '#size' => 30,
+     '#maxlength' => 55,
+     '#description' => t('Append this domain name to each new user in order generate his email address.'),
+   );
+   $form['advanced'] = array(
+     '#type' => 'fieldset',
+     '#title' => t('Advanced settings'),
+     '#collapsible' => TRUE,
+     '#collapsed' => TRUE,
+     'webserver_auth_strip_prefix' => array(
+       '#type' => 'checkbox',
+       '#title' => t('Strip prefix'),
+       '#default_value' => variable_get('webserver_auth_strip_prefix', TRUE),
+       '#description' => t("Strip NTLM-style prefixes (e.g. 'foo1\foo2') from the login name ('foo1\foo2\bar') to generate the username ('bar')."),
+     ),
+     'webserver_auth_strip_domain' => array(
+       '#type' => 'checkbox',
+       '#title' => t('Strip domain'),
+       '#default_value' => variable_get('webserver_auth_strip_domain', TRUE),
+       '#description' => t("Strip a domain name (e.g. '@EXAMPLE.COM') from the login name ('newuser@EXAMPLE.COM') to generate the username ('newuser')."),
+     ),
+     'webserver_auth_insert' => array(
+       '#type' => 'textarea',
+       '#title' => 'User account modification',
+       '#default_value' => variable_get('webserver_auth_insert', ''),
+       '#description' => t("Modify user accounts at the time of creation. Use PHP code (enclosed in <code>&lt;?php</code> and <code>?&gt;</code>). The variable <code>\$account</code> is available as in <a href=\"http://api.drupal.org/api/function/hook_user/6\">hook_user('submit',...)</a>. Changes to the \$account object will be automatically saved."),
+     ),
+   );
+   return system_settings_form($form);
+ }

 Legend:



Removed from v.1.11.2.2
 


changed lines


 
Added in v.1.23
 Legend:



Removed from v.1.11.2.2
 


changed lines


 
Added in v.1.23
-Removed from v.1.11.2.2
+Added in v.1.23

	ViewVC Help
Powered by ViewVC 1.1.2