Anonymous Login
2016-09-29 22:17 CEST

View Issue Details Jump to Notes ] Related Changesets ]
IDProjectCategoryView StatusLast Update
06938Bug reports[All Projects] Securitypublic2012-12-04 13:16
ReporterpfpDave 
Assigned Toc_schmitz 
PrioritynormalSeverityminor 
StatusclosedResolutionfixed 
Product Version2.00+ 
Target VersionFixed in Version2.00+ 
Summary06938: Web Server Auth Doesn't work
DescriptionWeb Server Auth doesn't work because some code appears to be missing from application\core\useridentity.php. Additionally, I've added code to make it work with Windows Integrated Authentication (allowing single sign on).

Code changes to the above file are:

Change line 59 farom:

elseif(Yii::app()->getConfig("auth_webserver") === true && isset($_SERVER['PHP_AUTH_USER'])) // normal login through webserver authentication

to:

elseif(Yii::app()->getConfig("auth_webserver") === true && (isset($_SERVER['PHP_AUTH_USER'])||isset($_SERVER['LOGON_USER']))) // normal login through webserver authentication

Change line 61 from:

$sUser=$_SERVER['PHP_AUTH_USER'];

to:

            if (isset($_SERVER['PHP_AUTH_USER'])) {
                             $sUser=$_SERVER['PHP_AUTH_USER'];
                        } else {
                            $sUser = $_SERVER['LOGON_USER'];
                            $sUser = substr($sUser, strrpos($sUser, "\\")+1);
                        }
change (old) line 74 from:

                elseif (Yii::app()->getConfig("auth_webserver_autocreate_user"))
                {
                    $aUserProfile=Yii::app()->getConfig("auth_webserver_autocreate_profile");
                }
            }

to:

                elseif (Yii::app()->getConfig("auth_webserver_autocreate_user"))
                {
                    $aUserProfile=Yii::app()->getConfig("auth_webserver_autocreate_profile");
                }
            } else {
        $this->id = $oUser->uid;
                $this->user = $oUser;
                $this->errorCode = self::ERROR_NONE;
                        }

Complete LimeSurvey version number (& build)121115
I will donate to the project if issue is resolvedNo
BrowserIE8
Database & DB-VersionSQL Express 2012
Operating System (Server)Server 2008
Webserver software & versionIIS 7
PHP Version5.4.8
Attached Files

-Relationships
+Relationships

-Notes

~22436

pfpDave (reporter)

I've also made an additional enhancement to my install that will allow me to login with an alternative user ID if I want to (ie to login as admin from a colleagues PC for example). The change I made is:

Line 29 from:

        if (Yii::app()->getConfig("auth_webserver")==false)

to:

        if (Yii::app()->getConfig("auth_webserver")==false || $this->username != "")

~22462

c_schmitz (administrator)

Thank you very much!

~22464

c_schmitz (administrator)

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10451

~22474

c_schmitz (administrator)

Fix committed to 2.1 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10465

~22508

pfpDave (reporter)

There's a slight fault in the implementation you have added, the closing curly brace needs moving from line 98 to line 93 just above the '} else {'

~22576

c_schmitz (administrator)

New 2.00+ build released.

~22609

pfpDave (reporter)

The latest release doesn't contain the fix in my last comment and therefore has a bug.

~22744

c_schmitz (administrator)

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10620

~22756

c_schmitz (administrator)

Fix committed to 2.1 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10629

~22857

c_schmitz (administrator)

LimeSurvey 2.0+ build 121204 released.
+Notes

+Related Changesets

-Issue History
Date Modified Username Field Change
2012-11-22 18:51 pfpDave New Issue
2012-11-22 19:00 pfpDave Note Added: 22436
2012-11-23 19:21 c_schmitz Assigned To => c_schmitz
2012-11-23 19:21 c_schmitz Status new => assigned
2012-11-23 19:22 c_schmitz Note Added: 22462
2012-11-23 19:22 c_schmitz Status assigned => resolved
2012-11-23 19:22 c_schmitz Fixed in Version => 2.00+
2012-11-23 19:22 c_schmitz Resolution open => fixed
2012-11-23 19:22 c_schmitz Changeset attached => LimeSurvey master b9abfc2d
2012-11-23 19:22 c_schmitz Note Added: 22464
2012-11-24 00:11 c_schmitz Changeset attached => LimeSurvey 2.1 fd0f9239
2012-11-24 00:11 c_schmitz Note Added: 22474
2012-11-26 10:29 pfpDave Note Added: 22508
2012-11-27 06:11 c_schmitz Note Added: 22576
2012-11-27 06:11 c_schmitz Status resolved => closed
2012-11-27 16:38 pfpDave Note Added: 22609
2012-11-27 16:38 pfpDave Status closed => feedback
2012-11-27 16:38 pfpDave Resolution fixed => reopened
2012-11-30 15:32 c_schmitz Status feedback => resolved
2012-11-30 15:32 c_schmitz Resolution reopened => fixed
2012-11-30 15:33 c_schmitz Changeset attached => LimeSurvey master c57d276b
2012-11-30 15:33 c_schmitz Note Added: 22744
2012-11-30 17:02 c_schmitz Changeset attached => LimeSurvey 2.1 63e307fe
2012-11-30 17:02 c_schmitz Note Added: 22756
2012-12-04 13:16 c_schmitz Note Added: 22857
2012-12-04 13:16 c_schmitz Status resolved => closed
+Issue History