[Vig]

I put together a basic plugin to reuse HTTP Auth for vBulletin login. In our environment, the webserver has HTTP Auth to access it and PHP shares the username and password as $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'].

In the admin control panel, I created a new plugin named "HTTP Authentication" attached to the global_bootstrap_init_complete hook:

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

Current problem:

When logged in with the above method, the CSS/display isn't quite right. The "Home", "Forum", "Blogs", etc is on the right and the search box on the left. When logged in with the admin account or not logged in at all, the search box is on the right and the "Home", "Forum", etc is on the left.

So somehow things are getting swapped right to left with the above code...

--------------- Added 28 Jan 2010 at 04:36 ---------------

If I attach this plugin to the "global_complete" hook location the CSS is not affected so it looks like that was the issue.

--------------- Added 28 Jan 2010 at 23:12 ---------------

Updated version: This version uses the same password for everyone. Sounds crazy right? Well HTTP Authentication has to work 100% on our site to ensure security. So nobody can login as anyone else unless they can do so also via HTTP Auth. So the plugin now sets the same password for everyone. The reason for this is that it can now handle the case where the HTTP Auth password changes.

The cleaner way would be to update the password in the vBulletin system when the login fails however I do not know how to do that yet.

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

[Vig]

Version 0.3:

- if session expires, resets session and redirects to reload page

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

--------------- Added 29 Jan 2010 at 23:21 ---------------

Version 0.4:

- Password issue appears to be a non-issue (further testing needed, in mean time, just use $_SERVER['PHP_AUTH_PW']).
- Handle case where session expires and next page load means the user is not logged in (but session cookies are set) and then refresh shows as logged in. Now there is a redirect in this case so user doesn't not see self as ever logged out.
- Handle case where user tries to access a session as someone other than who they are HTTP authenticated as.

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

[PepiMK]

Version 0.4 is missing the require_once from version 0.1 - without that, some things will fail (just tested on saw with post preview and post promotion to article on vanilla 4.08 Suite).