modules/webserver_auth/webserver_auth.module

<?php
// $Id: webserver_auth.module,v 1.22 2008/07/17 20:37:37 weitzman Exp $

function webserver_auth_menu() {
  $items = array();
  $items['admin/settings/webserver_auth'] = array(
    'title' => t('Webserver authentication'),
    'description' => t('Configure a domain for generating email addresses. Optional.'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('webserver_auth_settings'),
    'access arguments' => array('administer site configuration'),
  );
  return $items;
}

function webserver_auth_init() {
  global $user;

  $authname = '';

  // Make sure we get the remote user whichever way it is available.
  if (isset($_SERVER['REDIRECT_REMOTE_USER'])) {
    $authname = $_SERVER['REDIRECT_REMOTE_USER'];
  }
  elseif (isset($_SERVER['REMOTE_USER'])) {
    $authname = $_SERVER['REMOTE_USER'];
  }

  // Perform some cleanup so plaintext passwords aren't available under
  // mod_auth_kerb.
  unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);

  // Retrieve user credentials
  $result = db_query("SELECT uid FROM {authmap} WHERE authname = '%s' AND module = 'webserver_auth'", $authname);
  $expected = db_fetch_array($result);

  if (isset($user) && $user->uid === $expected['uid']) {
    // Do nothing: user is already logged into Drupal with session data matching
    // HTTP authentication.
  }
  else {
    if (!empty($authname)) {
      // User is logged into webserver via HTTP authentication.
      // Try to log into Drupal. 
      $user = user_external_load($authname);

      if (!$user) {
        // If unsuccessful, register the user. This will trigger
        // webserver_auth_user() and any other _user() hooks.
        user_external_login_register($authname, 'webserver_auth');
      }
    }
  }
}

/**
 * Implementation of hook_user().
 */
function webserver_auth_user($op, &$edit, &$account, $category = NULL) {
  if ($op == 'submit' && $category = 'account') {
    // Only fiddle with new accounts.
    if (empty($account->uid)) {
      $account->name = trim($account->name);
      // Pretty up the username for NTLM authentication (i.e. Windows)
      if (variable_get('webserver_auth_strip_prefix', TRUE)) {
        // Get 'bar' from 'foo1\foo2\bar'
        $account->name = array_pop(explode("\\", $account->name));
      }
      if (variable_get('webserver_auth_strip_domain', TRUE)) {
        // Get 'foo' from 'foo@bar'
        $account->name = array_shift(explode('@', $account->name));
      }

      // Generate an e-mail address automagically
      if ($domain = variable_get('webserver_auth_email_domain', '')) {
        if ($account->name) {
          $account->mail = $account->name. '@'. $domain;
        }
      }
      // run some custom code to modify the user object at creation time
      if ($code = variable_get('webserver_auth_insert', '')) {
        eval('?>'. $code);
      }
    }
  }
  elseif ($op == 'logout') {
    global $base_url;
    // kick user out of a secure session so they aren't automatically logged back in
    $base_url = str_replace('https://', 'http://', $base_url);
  }
}

function webserver_auth_settings() {
  $form['webserver_auth_email_domain'] = array(
    '#type' => 'textfield',
    '#title' => t('Email domain'),
    '#default_value' => variable_get('webserver_auth_email_domain', ''),
    '#size' => 30,
    '#maxlength' => 55,
    '#description' => t('Append this domain name to each new user in order generate his email address.'),
  );
  $form['advanced'] = array(
    '#type' => 'fieldset',
    '#title' => t('Advanced settings'),
    '#collapsible' => TRUE,
    '#collapsed' => TRUE,
    'webserver_auth_strip_prefix' => array(
      '#type' => 'checkbox',
      '#title' => t('Strip prefix'),
      '#default_value' => variable_get('webserver_auth_strip_prefix', TRUE),
      '#description' => t("Strip NTLM-style prefixes (e.g. 'foo1\foo2') from the login name ('foo1\foo2\bar') to generate the username ('bar')."),
    ),
    'webserver_auth_strip_domain' => array(
      '#type' => 'checkbox',
      '#title' => t('Strip domain'),
      '#default_value' => variable_get('webserver_auth_strip_domain', TRUE),
      '#description' => t("Strip a domain name (e.g. '@EXAMPLE.COM') from the login name ('newuser@EXAMPLE.COM') to generate the username ('newuser')."),
    ),
    'webserver_auth_insert' => array(
      '#type' => 'textarea',
      '#title' => 'User account modification',
      '#default_value' => variable_get('webserver_auth_insert', ''),
      '#description' => t("Modify user accounts at the time of creation. Use PHP code (enclosed in <code>&lt;?php</code> and <code>?&gt;</code>). The variable <code>\$account</code> is available as in <a href=\"http://api.drupal.org/api/function/hook_user/6\">hook_user('submit',...)</a>. Changes to the \$account object will be automatically saved."),
    ),
  );
  return system_settings_form($form);
}
1	<?php
2	// $Id: webserver_auth.module,v 1.22 2008/07/17 20:37:37 weitzman Exp $
3
4	function webserver_auth_menu() {
5	$items = array();
6	$items['admin/settings/webserver_auth'] = array(
7	'title' => t('Webserver authentication'),
8	'description' => t('Configure a domain for generating email addresses. Optional.'),
9	'page callback' => 'drupal_get_form',
10	'page arguments' => array('webserver_auth_settings'),
11	'access arguments' => array('administer site configuration'),
12	);
13	return $items;
14	}
15
16	function webserver_auth_init() {
17	global $user;
18
19	$authname = '';
20
21	// Make sure we get the remote user whichever way it is available.
22	if (isset($_SERVER['REDIRECT_REMOTE_USER'])) {
23	$authname = $_SERVER['REDIRECT_REMOTE_USER'];
24	}
25	elseif (isset($_SERVER['REMOTE_USER'])) {
26	$authname = $_SERVER['REMOTE_USER'];
27	}
28
29	// Perform some cleanup so plaintext passwords aren't available under
30	// mod_auth_kerb.
31	unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
32
33	// Retrieve user credentials
34	$result = db_query("SELECT uid FROM {authmap} WHERE authname = '%s' AND module = 'webserver_auth'", $authname);
35	$expected = db_fetch_array($result);
36
37	if (isset($user) && $user->uid === $expected['uid']) {
38	// Do nothing: user is already logged into Drupal with session data matching
39	// HTTP authentication.
40	}
41	else {
42	if (!empty($authname)) {
43	// User is logged into webserver via HTTP authentication.
44	// Try to log into Drupal.
45	$user = user_external_load($authname);
46
47	if (!$user) {
48	// If unsuccessful, register the user. This will trigger
49	// webserver_auth_user() and any other _user() hooks.
50	user_external_login_register($authname, 'webserver_auth');
51	}
52	}
53	}
54	}
55
56	/**
57	* Implementation of hook_user().
58	*/
59	function webserver_auth_user($op, &$edit, &$account, $category = NULL) {
60	if ($op == 'submit' && $category = 'account') {
61	// Only fiddle with new accounts.
62	if (empty($account->uid)) {
63	$account->name = trim($account->name);
64	// Pretty up the username for NTLM authentication (i.e. Windows)
65	if (variable_get('webserver_auth_strip_prefix', TRUE)) {
66	// Get 'bar' from 'foo1\foo2\bar'
67	$account->name = array_pop(explode("\\", $account->name));
68	}
69	if (variable_get('webserver_auth_strip_domain', TRUE)) {
70	// Get 'foo' from 'foo@bar'
71	$account->name = array_shift(explode('@', $account->name));
72	}
73
74	// Generate an e-mail address automagically
75	if ($domain = variable_get('webserver_auth_email_domain', '')) {
76	if ($account->name) {
77	$account->mail = $account->name. '@'. $domain;
78	}
79	}
80	// run some custom code to modify the user object at creation time
81	if ($code = variable_get('webserver_auth_insert', '')) {
82	eval('?>'. $code);
83	}
84	}
85	}
86	elseif ($op == 'logout') {
87	global $base_url;
88	// kick user out of a secure session so they aren't automatically logged back in
89	$base_url = str_replace('https://', 'http://', $base_url);
90	}
91	}
92
93	function webserver_auth_settings() {
94	$form['webserver_auth_email_domain'] = array(
95	'#type' => 'textfield',
96	'#title' => t('Email domain'),
97	'#default_value' => variable_get('webserver_auth_email_domain', ''),
98	'#size' => 30,
99	'#maxlength' => 55,
100	'#description' => t('Append this domain name to each new user in order generate his email address.'),
101	);
102	$form['advanced'] = array(
103	'#type' => 'fieldset',
104	'#title' => t('Advanced settings'),
105	'#collapsible' => TRUE,
106	'#collapsed' => TRUE,
107	'webserver_auth_strip_prefix' => array(
108	'#type' => 'checkbox',
109	'#title' => t('Strip prefix'),
110	'#default_value' => variable_get('webserver_auth_strip_prefix', TRUE),
111	'#description' => t("Strip NTLM-style prefixes (e.g. 'foo1\foo2') from the login name ('foo1\foo2\bar') to generate the username ('bar')."),
112	),
113	'webserver_auth_strip_domain' => array(
114	'#type' => 'checkbox',
115	'#title' => t('Strip domain'),
116	'#default_value' => variable_get('webserver_auth_strip_domain', TRUE),
117	'#description' => t("Strip a domain name (e.g. '@EXAMPLE.COM') from the login name ('newuser@EXAMPLE.COM') to generate the username ('newuser')."),
118	),
119	'webserver_auth_insert' => array(
120	'#type' => 'textarea',
121	'#title' => 'User account modification',
122	'#default_value' => variable_get('webserver_auth_insert', ''),
123	'#description' => t("Modify user accounts at the time of creation. Use PHP code (enclosed in <code><?php</code> and <code>?></code>). The variable <code>\$account</code> is available as in <a href=\"http://api.drupal.org/api/function/hook_user/6\">hook_user('submit',...)</a>. Changes to the \$account object will be automatically saved."),
124	),
125	);
126	return system_settings_form($form);
127	}