View Issue Details

IDProjectCategoryView StatusLast Update
06938Bug reports[All Projects] Securitypublic2012-12-04 13:16
ReporterpfpDave 
Assigned Toc_schmitz 
PrioritynormalSeverityminor 
Status closedResolutionfixed 
Product Version2.00+ 
Target VersionFixed in Version2.00+ 
Summary06938: Web Server Auth Doesn't work
DescriptionWeb Server Auth doesn't work because some code appears to be missing from application\core\useridentity.php. Additionally, I've added code to make it work with Windows Integrated Authentication (allowing single sign on).

Code changes to the above file are:

Change line 59 farom:

elseif(Yii::app()->getConfig("auth_webserver") === true && isset($_SERVER['PHP_AUTH_USER'])) // normal login through webserver authentication

to:

elseif(Yii::app()->getConfig("auth_webserver") === true && (isset($_SERVER['PHP_AUTH_USER'])||isset($_SERVER['LOGON_USER']))) // normal login through webserver authentication

Change line 61 from:

$sUser=$_SERVER['PHP_AUTH_USER'];

to:

            if (isset($_SERVER['PHP_AUTH_USER'])) {
                             $sUser=$_SERVER['PHP_AUTH_USER'];
                        } else {
                            $sUser = $_SERVER['LOGON_USER'];
                            $sUser = substr($sUser, strrpos($sUser, "\\")+1);
                        }
change (old) line 74 from:

                elseif (Yii::app()->getConfig("auth_webserver_autocreate_user"))
                {
                    $aUserProfile=Yii::app()->getConfig("auth_webserver_autocreate_profile");
                }
            }

to:

                elseif (Yii::app()->getConfig("auth_webserver_autocreate_user"))
                {
                    $aUserProfile=Yii::app()->getConfig("auth_webserver_autocreate_profile");
                }
            } else {
        $this->id = $oUser->uid;
                $this->user = $oUser;
                $this->errorCode = self::ERROR_NONE;
                        }

TagsNo tags attached.
Complete LimeSurvey version number (& build)121115
I will donate to the project if issue is resolvedNo
BrowserIE8
Database & DB-VersionSQL Express 2012
Operating System (Server)Server 2008
Webserver software & versionIIS 7
PHP Version5.4.8

Relationships

Activities

pfpDave

2012-11-22 19:00

reporter   ~22436

I've also made an additional enhancement to my install that will allow me to login with an alternative user ID if I want to (ie to login as admin from a colleagues PC for example). The change I made is:

Line 29 from:

        if (Yii::app()->getConfig("auth_webserver")==false)

to:

        if (Yii::app()->getConfig("auth_webserver")==false || $this->username != "")

c_schmitz

2012-11-23 19:22

administrator   ~22462

Thank you very much!

c_schmitz

2012-11-23 19:22

administrator   ~22464

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10451

c_schmitz

2012-11-24 00:11

administrator   ~22474

Fix committed to 2.1 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10465

pfpDave

2012-11-26 10:29

reporter   ~22508

There's a slight fault in the implementation you have added, the closing curly brace needs moving from line 98 to line 93 just above the '} else {'

c_schmitz

2012-11-27 06:11

administrator   ~22576

New 2.00+ build released.

pfpDave

2012-11-27 16:38

reporter   ~22609

The latest release doesn't contain the fix in my last comment and therefore has a bug.

c_schmitz

2012-11-30 15:33

administrator   ~22744

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10620

c_schmitz

2012-11-30 17:02

administrator   ~22756

Fix committed to 2.1 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10629

c_schmitz

2012-12-04 13:16

administrator   ~22857

LimeSurvey 2.0+ build 121204 released.

Related Changesets

LimeSurvey: master b9abfc2d

2012-11-23 18:22:20

c_schmitz

Details Diff
Fixed issue 06938: Web server auth doesn't work - patch by pfpDave
mod - application/core/UserIdentity.php Diff File

LimeSurvey: 2.1 fd0f9239

2012-11-23 18:22:20

c_schmitz

Details Diff
Fixed issue 06938: Web server auth doesn't work - patch by pfpDave
mod - application/core/UserIdentity.php Diff File

LimeSurvey: master c57d276b

2012-11-30 14:31:38

c_schmitz

Details Diff
Fixed issue 06938: Web server auth doesn't work - patch by pfpDave
mod - application/core/UserIdentity.php Diff File

LimeSurvey: 2.1 63e307fe

2012-11-30 14:31:38

c_schmitz

Details Diff
Fixed issue 06938: Web server auth doesn't work - patch by pfpDave
mod - application/core/UserIdentity.php Diff File

Issue History

Date Modified Username Field Change
2012-11-22 18:51 pfpDave New Issue
2012-11-22 19:00 pfpDave Note Added: 22436
2012-11-23 19:21 c_schmitz Assigned To => c_schmitz
2012-11-23 19:21 c_schmitz Status new => assigned
2012-11-23 19:22 c_schmitz Note Added: 22462
2012-11-23 19:22 c_schmitz Status assigned => resolved
2012-11-23 19:22 c_schmitz Fixed in Version => 2.00+
2012-11-23 19:22 c_schmitz Resolution open => fixed
2012-11-23 19:22 c_schmitz Changeset attached => LimeSurvey master b9abfc2d
2012-11-23 19:22 c_schmitz Note Added: 22464
2012-11-24 00:11 c_schmitz Changeset attached => LimeSurvey 2.1 fd0f9239
2012-11-24 00:11 c_schmitz Note Added: 22474
2012-11-26 10:29 pfpDave Note Added: 22508
2012-11-27 06:11 c_schmitz Note Added: 22576
2012-11-27 06:11 c_schmitz Status resolved => closed
2012-11-27 16:38 pfpDave Note Added: 22609
2012-11-27 16:38 pfpDave Status closed => feedback
2012-11-27 16:38 pfpDave Resolution fixed => reopened
2012-11-30 15:32 c_schmitz Status feedback => resolved
2012-11-30 15:32 c_schmitz Resolution reopened => fixed
2012-11-30 15:33 c_schmitz Changeset attached => LimeSurvey master c57d276b
2012-11-30 15:33 c_schmitz Note Added: 22744
2012-11-30 17:02 c_schmitz Changeset attached => LimeSurvey 2.1 63e307fe
2012-11-30 17:02 c_schmitz Note Added: 22756
2012-12-04 13:16 c_schmitz Note Added: 22857
2012-12-04 13:16 c_schmitz Status resolved => closed