Skip to content
Permalink
Browse files

Try to perform an automatic login if a Basic HTTP Authentication mech…

…anism is already in place. For this to work, the administrator username and password must be the same as the HTTP Authentication login credentials.
  • Loading branch information
haraldpdl committed Mar 7, 2008
1 parent 27e4f99 commit 569917f654edab2b07bf61ab8caf2764ba1457c4
Showing with 35 additions and 4 deletions.
  1. +16 −1 catalog/admin/includes/application_top.php
  2. +19 −3 catalog/admin/login.php
@@ -135,6 +135,13 @@

$current_page = basename($PHP_SELF);

// if the first page request is to the login page, set the current page to the index page
// so the redirection on a successful login is not made to the login page again
if ( ($current_page == FILENAME_LOGIN) && !tep_session_is_registered('redirect_origin') ) {
$current_page = FILENAME_DEFAULT;
$HTTP_GET_VARS = array();
}

if ($current_page != FILENAME_LOGIN) {
if (!tep_session_is_registered('redirect_origin')) {
tep_session_register('redirect_origin');
@@ -143,11 +150,19 @@
'get' => $HTTP_GET_VARS);
}

// try to automatically login with the HTTP Authentication values if it exists
if (!tep_session_is_registered('auth_ignore')) {
if (isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) && !empty($HTTP_SERVER_VARS['PHP_AUTH_USER']) && isset($HTTP_SERVER_VARS['PHP_AUTH_PW']) && !empty($HTTP_SERVER_VARS['PHP_AUTH_PW'])) {
$redirect_origin['auth_user'] = $HTTP_SERVER_VARS['PHP_AUTH_USER'];
$redirect_origin['auth_pw'] = $HTTP_SERVER_VARS['PHP_AUTH_PW'];
}
}

$redirect = true;
}

if ($redirect == true) {
tep_redirect(tep_href_link(FILENAME_LOGIN));
tep_redirect(tep_href_link(FILENAME_LOGIN, (isset($redirect_origin['auth_user']) ? 'action=process' : '')));
}

unset($redirect);
@@ -5,7 +5,7 @@
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2007 osCommerce
Copyright (c) 2008 osCommerce
Released under the GNU General Public License
*/
@@ -15,11 +15,21 @@

$action = (isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : '');

// prepare to logout an active administrator if the login page is accessed again
if (tep_session_is_registered('admin')) {
$action = 'logoff';
}

if (tep_not_null($action)) {
switch ($action) {
case 'process':
$username = tep_db_prepare_input($HTTP_POST_VARS['username']);
$password = tep_db_prepare_input($HTTP_POST_VARS['password']);
if (tep_session_is_registered('redirect_origin') && isset($redirect_origin['auth_user'])) {
$username = tep_db_prepare_input($redirect_origin['auth_user']);
$password = tep_db_prepare_input($redirect_origin['auth_pw']);
} else {
$username = tep_db_prepare_input($HTTP_POST_VARS['username']);
$password = tep_db_prepare_input($HTTP_POST_VARS['password']);
}

$check_query = tep_db_query("select id, user_name, user_password from " . TABLE_ADMINISTRATORS . " where user_name = '" . tep_db_input($username) . "'");

@@ -56,6 +66,12 @@
case 'logoff':
tep_session_unregister('selected_box');
tep_session_unregister('admin');

if (isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) && !empty($HTTP_SERVER_VARS['PHP_AUTH_USER']) && isset($HTTP_SERVER_VARS['PHP_AUTH_PW']) && !empty($HTTP_SERVER_VARS['PHP_AUTH_PW'])) {
tep_session_register('auth_ignore');
$auth_ignore = true;
}

tep_redirect(tep_href_link(FILENAME_DEFAULT));

break;

0 comments on commit 569917f

Please sign in to comment.
You can’t perform that action at this time.