[Tickets #2067] NEW: HTTP/HTTPS login issue
bugs@bugs.horde.org
bugs at bugs.horde.org
Wed Jun 1 23:02:11 PDT 2005
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=2067
-----------------------------------------------------------------------
Ticket | 2067
Created By | horde at padilla.net
Summary | HTTP/HTTPS login issue
Queue | IMP
Version | 4.0.3
State | Unconfirmed
Priority | 2. Medium
Type | Bug
Owners |
-----------------------------------------------------------------------
horde at padilla.net (2005-06-01 23:02) wrote:
Hi,
I have Horde/IMP set up for using HTTPS only for the part of the session
where the password is sent ($conf['use_ssl'] = 3;). I (client side) am on a
network that uses a transparent proxy for HTTP traffic, so the HTTP and
HTTPS source addresses that hit the server are different.
I modified lib/Horde/Auth.php as follows (added checks for HTTP_CLIENT_IP
and HTTP_X_FORWARDED_FOR) and now it works fine:
function _checkSessionIP()
{
return (empty($GLOBALS['conf']['auth']['checkip']) ||
(isset($_SESSION['__auth']['remote_addr']) &&
$_SESSION['__auth']['remote_addr'] == $_SERVER['REMOTE_ADDR']) ||
(isset($_SESSION['__auth']['remote_addr']) &&
$_SESSION['__auth']['remote_addr'] == $_SERVER['HTTP_CLIENT_IP']) ||
(isset($_SESSION['__auth']['remote_addr']) &&
$_SESSION['__auth']['remote_addr'] == $_SERVER['HTTP_X_FORWARDED_FOR'])
);
}
Thanks for a great webmail client!
Len Padilla
More information about the bugs
mailing list