From da19109f403d4d41a417181f5e1de67972334bad Mon Sep 17 00:00:00 2001 From: kondou Date: Wed, 26 Feb 2014 18:06:13 +0100 Subject: [PATCH] Config to disable basic_auth username chacking This can be confusing and/or annoying --- config/config.sample.php | 3 +++ lib/base.php | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/config/config.sample.php b/config/config.sample.php index 9c5eca8a5e..987a866e49 100755 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -178,6 +178,9 @@ $CONFIG = array( /* Enable or disable the logging of IP addresses in case of webform auth failures */ "log_authfailip" => false, +/* Whether http-basic username must equal username to login */ +"basic_auth" => true, + /* * Configure the size in bytes log rotation should happen, 0 or false disables the rotation. * This rotates the current owncloud logfile to a new name, this way the total log usage diff --git a/lib/base.php b/lib/base.php index 49cbb1279d..351b91b7df 100644 --- a/lib/base.php +++ b/lib/base.php @@ -554,7 +554,8 @@ class OC { OC_User::useBackend(new OC_User_Database()); OC_Group::useBackend(new OC_Group_Database()); - if (isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('loginname') + $basic_auth = OC_Config::getValue('basic_auth', true); + if ($basic_auth && isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('loginname') && $_SERVER['PHP_AUTH_USER'] !== self::$session->get('loginname')) { $sessionUser = self::$session->get('loginname'); $serverUser = $_SERVER['PHP_AUTH_USER'];