githubFork/roundcubemail.git

			@@ -7,9 +7,11 @@
			*
			* Configuration:
			* // redirect the client to this URL after logout. This page is then responsible to clear HTTP auth
			* $rcmail_config['logout_url'] = 'http://server.tld/logout.html';
			* $config['logout_url'] = 'http://server.tld/logout.html';
			*
			* See logout.html (in this directory) for an example how HTTP auth can be cleared.
			*
			* For other configuration options, see config.inc.php.dist!
			*
			* @version @package_version@
			* @license GNU GPLv3+
			@@ -27,7 +29,7 @@

			function startup($args)
			{
			if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
			if (!empty($_SERVER['PHP_AUTH_USER'])) {
			$rcmail = rcmail::get_instance();
			$rcmail->add_shutdown_function(array('http_authentication', 'shutdown'));

			@@ -36,7 +38,8 @@
			$args['action'] = 'login';
			}
			// Set user password in session (see shutdown() method for more info)
			else if (!empty($_SESSION['user_id']) && empty($_SESION['password'])) {
			else if (!empty($_SESSION['user_id']) && empty($_SESSION['password'])
			&& !empty($_SERVER['PHP_AUTH_PW'])) {
			$_SESSION['password'] = $rcmail->encrypt($_SERVER['PHP_AUTH_PW']);
			}
			}
			@@ -46,15 +49,23 @@

			function authenticate($args)
			{
			// Load plugin's config file
			$this->load_config();

			$host = rcmail::get_instance()->config->get('http_authentication_host');
			if (is_string($host) && trim($host) !== '' && empty($args['host']))
			$args['host'] = rcube_utils::idn_to_ascii(rcube_utils::parse_host($host));

			// Allow entering other user data in login form,
			// e.g. after log out (#1487953)
			if (!empty($args['user'])) {
			return $args;
			}

			if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
			if (!empty($_SERVER['PHP_AUTH_USER'])) {
			$args['user'] = $_SERVER['PHP_AUTH_USER'];
			$args['pass'] = $_SERVER['PHP_AUTH_PW'];
			if (!empty($_SERVER['PHP_AUTH_PW']))
			$args['pass'] = $_SERVER['PHP_AUTH_PW'];
			}

			$args['cookiecheck'] = false;