4 * HTTP Basic Authentication
6 * Make use of an existing HTTP authentication and perform login with the existing user credentials
9 * // redirect the client to this URL after logout. This page is then responsible to clear HTTP auth
10 * $rcmail_config['logout_url'] = 'http://server.tld/logout.html';
12 * See logout.html (in this directory) for an example how HTTP auth can be cleared.
15 * @author Thomas Bruederli
17 class http_authentication extends rcube_plugin
19 public $task = 'login|logout';
23 $this->add_hook('startup', array($this, 'startup'));
24 $this->add_hook('authenticate', array($this, 'authenticate'));
25 $this->add_hook('logout_after', array($this, 'logout'));
28 function startup($args)
30 // change action to login
31 if (empty($args['action']) && empty($_SESSION['user_id'])
32 && !empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW']))
33 $args['action'] = 'login';
38 function authenticate($args)
40 // Allow entering other user data in login form,
41 // e.g. after log out (#1487953)
42 if (!empty($args['user'])) {
46 if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
47 $args['user'] = $_SERVER['PHP_AUTH_USER'];
48 $args['pass'] = $_SERVER['PHP_AUTH_PW'];
51 $args['cookiecheck'] = false;
52 $args['valid'] = true;
57 function logout($args)
59 // redirect to configured URL in order to clear HTTP auth credentials
60 if (!empty($_SERVER['PHP_AUTH_USER']) && $args['user'] == $_SERVER['PHP_AUTH_USER'] && ($url = rcmail::get_instance()->config->get('logout_url'))) {
61 header("Location: $url", true, 307);