diff --git a/htdocs/js/pla_ajax.js b/htdocs/js/pla_ajax.js
index 2eeaea0..a0570c0 100644
--- a/htdocs/js/pla_ajax.js
+++ b/htdocs/js/pla_ajax.js
@@ -42,7 +42,7 @@ function includeHTML(component, html) {
// callback function
function alertHttpRequest() {
if (http_request && (http_request.readyState == 4)) {
- if (http_request.status == 200) {
+ if (http_request.status == 200 || http_request.status == 401) {
response = http_request.responseText;
http_request = null;
//alert(response);
diff --git a/htdocs/login_form.php b/htdocs/login_form.php
index 669e915..f5cb5c2 100644
--- a/htdocs/login_form.php
+++ b/htdocs/login_form.php
@@ -29,44 +29,68 @@ if (! isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) != 'on') {
}
echo '
';
-# Login form.
-echo '
';
+
+ echo '';
+
+ if ($app['server']->isAnonBindAllowed() ) {
?>
diff --git a/lib/HTMLTree.php b/lib/HTMLTree.php
index 7e2be73..193c062 100644
--- a/lib/HTMLTree.php
+++ b/lib/HTMLTree.php
@@ -121,8 +121,16 @@ class HTMLTree extends Tree {
# We are not logged in, draw a login... link.
} else {
- if ($server->getAuthType() != 'config')
- $this->draw_login_link();
+ switch ($server->getAuthType()) {
+
+ case 'http':
+ case 'session':
+ $this->draw_login_link();
+ break;
+
+ default:
+ die(sprintf('Error: %s hasnt been configured for auth_type %s',__METHOD__,$server->getAuthType()));
+ }
}
# Tree Footer.
diff --git a/lib/ds.php b/lib/ds.php
index bd8cc5e..7101265 100644
--- a/lib/ds.php
+++ b/lib/ds.php
@@ -127,6 +127,7 @@ abstract class DS {
public function getAuthType() {
switch ($this->getValue('login','auth_type')) {
case 'config':
+ case 'http':
case 'session':
return $this->getValue('login','auth_type');
@@ -154,6 +155,7 @@ abstract class DS {
else
return blowfish_decrypt($_SESSION['USER'][$this->index][$method]['name']);
+ case 'http':
case 'session':
if (! isset($_SESSION['USER'][$this->index][$method]['name']))
return null;
@@ -173,6 +175,7 @@ abstract class DS {
switch ($this->getAuthType()) {
case 'config':
+ case 'http':
case 'session':
$_SESSION['USER'][$this->index][$method]['name'] = blowfish_encrypt($user);
$_SESSION['USER'][$this->index][$method]['pass'] = blowfish_encrypt($pass);
@@ -200,6 +203,7 @@ abstract class DS {
else
return blowfish_decrypt($_SESSION['USER'][$this->index][$method]['pass']);
+ case 'http':
case 'session':
if (! isset($_SESSION['USER'][$this->index][$method]['pass']))
return null;
@@ -215,9 +219,56 @@ abstract class DS {
* Return if this datastore's connection method has been logged into
*/
public function isLoggedIn($method=null) {
+ static $CACHE = null;
+
$method = $this->getMethod($method);
- return is_null($this->getLogin($method)) ? false : true;
+ if (! is_null($CACHE))
+ return $CACHE;
+
+ # For some authentication types, we need to do the login here
+ switch ($this->getAuthType()) {
+ case 'http':
+ # If our auth vars are not set, throw up a login box.
+ if (! isset($_SERVER['PHP_AUTH_USER'])) {
+ header(sprintf('WWW-Authenticate: Basic realm="%s %s"',app_name(),_('login')));
+
+ if ($_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.0')
+ header('HTTP/1.0 401 Unauthorized'); // http 1.0 method
+ else
+ header('Status: 401 Unauthorized'); // http 1.1 method
+
+ # If we still dont have login details...
+ if (! isset($_SERVER['PHP_AUTH_USER'])) {
+ system_message(array(
+ 'title'=>_('Unable to login.'),
+ 'body'=>_('Your configuration file has authentication set to HTTP based authentication, however, there was none presented'),
+ 'type'=>'error'));
+
+ $CACHE = false;
+ }
+
+ # Check our auth vars are valid.
+ } else {
+ if (! $this->login($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'],$method)) {
+ system_message(array(
+ 'title'=>_('Unable to login.'),
+ 'body'=>_('Your HTTP based authentication is not accepted by the LDAP server'),
+ 'type'=>'error'));
+
+ $CACHE = false;
+
+ } else
+ $CACHE = true;
+ }
+
+ break;
+
+ default:
+ $CACHE = is_null($this->getLogin($method)) ? false : true;
+ }
+
+ return $CACHE;
}
/**
@@ -233,6 +284,9 @@ abstract class DS {
return true;
+ case 'http':
+ return true;
+
case 'session':
if (isset($_SESSION['USER'][$this->index][$method]))
unset($_SESSION['USER'][$this->index][$method]);
@@ -272,14 +326,22 @@ abstract class DS {
* @return string Connection Method
*/
protected function getMethod($method=null) {
+ static $CACHE = null;
+
# Immediately return if method is set.
if (! is_null($method))
return $method;
+ # If we have been here already, then return our result
+ if (! is_null($CACHE))
+ return $CACHE;
+
+ $CACHE = 'anon';
+
if ($this->isLoggedIn('user'))
- return 'user';
- else
- return 'anon';
+ $CACHE = 'user';
+
+ return $CACHE;
}
}
diff --git a/lib/ds_ldap.php b/lib/ds_ldap.php
index 8890ffb..2534ac8 100644
--- a/lib/ds_ldap.php
+++ b/lib/ds_ldap.php
@@ -137,8 +137,8 @@ class ldap extends DS {
return $CACHE[$this->index][$method];
# Check if we have logged in and therefore need to use those details as our bind.
- $bind['id'] = is_null($this->getLogin($method)) ? $this->getLogin('user') : $this->getLogin($method);
- $bind['pass'] = is_null($this->getPassword($method)) ? $this->getPassword('user') : $this->getPassword($method);
+ $bind['id'] = is_null($this->getLogin($method)) && $method != 'anon' ? $this->getLogin('user') : $this->getLogin($method);
+ $bind['pass'] = is_null($this->getPassword($method)) && $method != 'anon' ? $this->getPassword('user') : $this->getPassword($method);
# If our bind id is still null, we are not logged in.
if (is_null($bind['id']))
diff --git a/lib/ds_ldap_pla.php b/lib/ds_ldap_pla.php
index 59f5b11..620a734 100644
--- a/lib/ds_ldap_pla.php
+++ b/lib/ds_ldap_pla.php
@@ -404,7 +404,7 @@ class ldap_pla extends ldap {
* this function will return null.
*/
public function inactivityTime() {
- if ($this->isLoggedIn() && ! in_array($this->getAuthType(),array('config','httpd')))
+ if ($this->isLoggedIn() && ! in_array($this->getAuthType(),array('config','http')))
return time()+($this->getValue('login','timeout')*60);
else
return null;