Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Don't store user password in database (#1486553)

  • Loading branch information...
commit d9921e4d3f6c24d041838d242d2ae8b474ceae36 1 parent 27032fb
Aleksander Machniak alecpl authored
86 plugins/http_authentication/http_authentication.php
@@ -17,51 +17,67 @@
17 17 */
18 18 class http_authentication extends rcube_plugin
19 19 {
20   - public $task = 'login|logout';
21 20
22   - function init()
23   - {
24   - $this->add_hook('startup', array($this, 'startup'));
25   - $this->add_hook('authenticate', array($this, 'authenticate'));
26   - $this->add_hook('logout_after', array($this, 'logout'));
27   - }
  21 + function init()
  22 + {
  23 + $this->add_hook('startup', array($this, 'startup'));
  24 + $this->add_hook('authenticate', array($this, 'authenticate'));
  25 + $this->add_hook('logout_after', array($this, 'logout'));
  26 + }
28 27
29   - function startup($args)
30   - {
31   - // change action to login
32   - if (empty($args['action']) && empty($_SESSION['user_id'])
33   - && !empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW']))
34   - $args['action'] = 'login';
  28 + function startup($args)
  29 + {
  30 + if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
  31 + $rcmail = rcmail::get_instance();
  32 + $rcmail->add_shutdown_function(array('http_authentication', 'shutdown'));
35 33
36   - return $args;
37   - }
  34 + // handle login action
  35 + if (empty($args['action']) && empty($_SESSION['user_id'])) {
  36 + $args['action'] = 'login';
  37 + }
  38 + // Set user password in session (see shutdown() method for more info)
  39 + else if (!empty($_SESSION['user_id']) && empty($_SESION['password'])) {
  40 + $_SESSION['password'] = $rcmail->encrypt($_SERVER['PHP_AUTH_PW']);
  41 + }
  42 + }
38 43
39   - function authenticate($args)
40   - {
41   - // Allow entering other user data in login form,
42   - // e.g. after log out (#1487953)
43   - if (!empty($args['user'])) {
44 44 return $args;
45 45 }
46 46
47   - if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
48   - $args['user'] = $_SERVER['PHP_AUTH_USER'];
49   - $args['pass'] = $_SERVER['PHP_AUTH_PW'];
50   - }
  47 + function authenticate($args)
  48 + {
  49 + // Allow entering other user data in login form,
  50 + // e.g. after log out (#1487953)
  51 + if (!empty($args['user'])) {
  52 + return $args;
  53 + }
51 54
52   - $args['cookiecheck'] = false;
53   - $args['valid'] = true;
  55 + if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
  56 + $args['user'] = $_SERVER['PHP_AUTH_USER'];
  57 + $args['pass'] = $_SERVER['PHP_AUTH_PW'];
  58 + }
54 59
55   - return $args;
56   - }
57   -
58   - function logout($args)
59   - {
60   - // redirect to configured URL in order to clear HTTP auth credentials
61   - if (!empty($_SERVER['PHP_AUTH_USER']) && $args['user'] == $_SERVER['PHP_AUTH_USER'] && ($url = rcmail::get_instance()->config->get('logout_url'))) {
62   - header("Location: $url", true, 307);
  60 + $args['cookiecheck'] = false;
  61 + $args['valid'] = true;
  62 +
  63 + return $args;
63 64 }
64   - }
65 65
  66 + function logout($args)
  67 + {
  68 + // redirect to configured URL in order to clear HTTP auth credentials
  69 + if (!empty($_SERVER['PHP_AUTH_USER']) && $args['user'] == $_SERVER['PHP_AUTH_USER']) {
  70 + if ($url = rcmail::get_instance()->config->get('logout_url')) {
  71 + header("Location: $url", true, 307);
  72 + }
  73 + }
  74 + }
  75 +
  76 + function shutdown()
  77 + {
  78 + // There's no need to store password (even if encrypted) in session
  79 + // We'll set it back on startup (#1486553)
  80 + rcmail::get_instance()->session->remove('password');
  81 + }
66 82 }
67 83
6 plugins/http_authentication/package.xml
@@ -13,10 +13,10 @@
13 13 <email>roundcube@gmail.com</email>
14 14 <active>yes</active>
15 15 </lead>
16   - <date>2011-11-21</date>
  16 + <date>2012-09-18</date>
17 17 <version>
18   - <release>1.4</release>
19   - <api>1.4</api>
  18 + <release>1.5</release>
  19 + <api>1.5</api>
20 20 </version>
21 21 <stability>
22 22 <release>stable</release>

0 comments on commit d9921e4

Please sign in to comment.
Something went wrong with that request. Please try again.