make HTTP SSO possible for IIS or rewriting

DokuWiki silently attemps to resuse received HTTP auth credentials for user logins. Unfortunately these are only passed to PHP when using mod_php. IIS provides a HTTP_AUTHORIZATION header which now will be decoded and used as well. This header can also be faked via mod_rewrite: <IfModule mod_rewrite.c> RewriteEngine on RewriteRule .* - [E darcs-hash:20090114153601-7ad00-6c75e8568eda6753834981642eed638b9eb01694.gz

make HTTP SSO possible for IIS or rewriting
DokuWiki silently attemps to resuse received HTTP auth credentials for user logins. Unfortunately these are only passed to PHP when using mod_php. IIS provides a HTTP_AUTHORIZATION header which now will be decoded and used as well. This header can also be faked via mod_rewrite: <IfModule mod_rewrite.c> RewriteEngine on RewriteRule .* - [E darcs-hash:20090114153601-7ad00-6c75e8568eda6753834981642eed638b9eb01694.gz
528ddc7c · Andreas Gohr · c7408a63 · 528ddc7c
Commit 528ddc7c authored 16 years ago by Andreas Gohr
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -61,6 +61,12 @@
      $_REQUEST['http_credentials'] = false;
      if (!$conf['rememberme']) $_REQUEST['r'] = false;

+      // streamline HTTP auth credentials (IIS/rewrite -> mod_php)
+      isset($_SERVER['HTTP_AUTHORIZATION']){
+        list($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']) =
+          explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
+      }
+
      // if no credentials were given try to use HTTP auth (for SSO)
      if(empty($_REQUEST['u']) && empty($_COOKIE[DOKU_COOKIE]) && !empty($_SERVER['PHP_AUTH_USER'])){
        $_REQUEST['u'] = $_SERVER['PHP_AUTH_USER'];