From b2c0d8748928d956d6dc5168ce3df0f8f4784592 Mon Sep 17 00:00:00 2001
From: Gina Haeussge <osd@foosel.net>
Date: Sun, 12 Oct 2008 15:10:42 +0200
Subject: [PATCH] Fail silently if trying to login through supplied HTTP
 credentials (FS#1228)

darcs-hash:20081012131042-2b4f5-029f4f0ffa6c89e23653584c8bb41db78834cc73.gz
---
 inc/auth.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/inc/auth.php b/inc/auth.php
index 6c9ac9817..1eef0db91 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -58,11 +58,13 @@
       if (!isset($_REQUEST['u'])) $_REQUEST['u'] = '';
       if (!isset($_REQUEST['p'])) $_REQUEST['p'] = '';
       if (!isset($_REQUEST['r'])) $_REQUEST['r'] = '';
+      $_REQUEST['http_credentials'] = false;
 
       // if no credentials were given try to use HTTP auth (for SSO)
       if(empty($_REQUEST['u']) && empty($_COOKIE[DOKU_COOKIE]) && !empty($_SERVER['PHP_AUTH_USER'])){
         $_REQUEST['u'] = $_SERVER['PHP_AUTH_USER'];
         $_REQUEST['p'] = $_SERVER['PHP_AUTH_PW'];
+        $_REQUEST['http_credentials'] = true;
       }
 
       if($_REQUEST['authtok']){
@@ -72,7 +74,7 @@
         // external trust mechanism in place
         $auth->trustExternal($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r']);
       }else{
-        auth_login($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r']);
+        auth_login($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r'],$_REQUEST['http_credentials']);
       }
     }
 
-- 
GitLab