Difference between revisions of "Authentication"

From Dolibarr ERP CRM Wiki
Jump to navigation Jump to search
Visual
m
Line 1: Line 1:
 
[[Category:Core]]
 
[[Category:Core]]
 
{{TemplateDocDevEn}}
 
{{TemplateDocDevEn}}
{{ToTranslate}}
 
  
 
= Introduction =
 
= Introduction =
Line 42: Line 41:
 
The #1# represents the loading of a lot of libraries that we will use later, but also initialize objects and variables containing the running PHP context (load configuration file, load language files and create an empty user not yet authenticated).
 
The #1# represents the loading of a lot of libraries that we will use later, but also initialize objects and variables containing the running PHP context (load configuration file, load language files and create an empty user not yet authenticated).
  
The #2# represents the code for authentication: Program check if we are inside a logged session (this means the $_SESSION["dol_login"] exists). If not, we check if we receives data from a login and password form. After first call, this is not the case since we haven't yet show the login form. So we continue and $login is false so we just output the login HTML form and we end the script.
+
The #2# represents the code for authentication: Program check if we are inside a logged session (this means the $_SESSION["dol_login"] exists). If not, we check if we receives data from a login and password form. During first call of page, this is not the case since user has not yet view the login form. So we continue and $login is still false, so we just output the login HTML form and we end the script.
  
 
After submission of login, the same page (so still index.php is called), we still go inside #1#, then #2# and now the $_POST["username"] is defined. So we check if user and pass are ok (check into database, LDAP, it depends on $dolibarr_main_authentication value in config file). If it's ok, the $login variable is set, so we don't show the form anymore and we set the $_SESSION["dol_login"] so next time we call a page, we never go inside the "if (! isset($_SESSION["dol_login"]))".
 
After submission of login, the same page (so still index.php is called), we still go inside #1#, then #2# and now the $_POST["username"] is defined. So we check if user and pass are ok (check into database, LDAP, it depends on $dolibarr_main_authentication value in config file). If it's ok, the $login variable is set, so we don't show the form anymore and we set the $_SESSION["dol_login"] so next time we call a page, we never go inside the "if (! isset($_SESSION["dol_login"]))".
  
= Les modules de login =
+
= The login modules =
  
Les modules de login sont les fichiers qui contiennent les fonctions qui controlent la validite d'un couple user/password.
+
The login modules are files that contains functions to check validity of a couple user/password.
Il y a un fichier par module. Chaque fichier assure un type de controle différent.
+
There is one file by module so one file by function. Each file make a different kind of check.
* Le fichier '''htdocs/include/login/functions_http.php''' controle la validite du couple user/mot de passe par une authentification de type http Basic.
+
* The file '''htdocs/include/login/functions_http.php''' checks validity of couple user/password using a HTTP Basic authentication.
* Le fichier '''htdocs/include/login/functions_ldap.php''' verifie la validite d'un couple user/mot de passe dans un annuaire LDAP.
+
* The file '''htdocs/include/login/functions_ldap.php''' checks validity of couple user/password into a LDAP annuary.
* Le fichier '''htdocs/include/login/functions_dolibarr.php''' veririe la validite d'un couple user/mot de passe dans la base de donnee Dolibarr.
+
* The file '''htdocs/include/login/functions_dolibarr.php''' checks validity of a couple user/password into Dolibarr database.
  
Chaque fichier contient en fait uniquement une fonction '''check_user_password_xxx''' mais Dolibarr ne va en utiliser qu'un. Ce sera celui dont la valeur '''xxx''' correspond a la valeur de la variable '''dolibarr_main_authentication'''.
+
Each file contains only a function called '''check_user_password_xxx''' but Dolibarr will use only one of them. The file used will be the file with value '''xxx''' that match value of '''dolibarr_main_authentication''' in config file.
Dans ce fichier, Dolibarr sollicite la seule fonction qui s'y trouve en envoyant comme parametres le user et mot de passe.La fonction renvoie vrai si le couple est valide.
+
Dolibarr will run the only function the file contains by sending them as parameters only the user and password received from the post login form. Function return true if couple user/password is valid, false otherwise.

Revision as of 17:27, 25 August 2009

Return to developer
documentation index

File Doc dev.png

Introduction

This page describe how the Dolibarr authentication process works. You must be familiar with PHP session and redirect to understand correctly what happen.

Processus

Process start when you call the page you want to see. For example index.php (htdocs/index.php). But this is not this file that ask for authentication. Each Dolibarr php page include at the beginning a file called pre.inc.php and this file include a file called main.php that include master.php. So we have: 

 <index.php>
   <pre.inc.php>
     <main.inc.php>
       <master.inc.php>
         #1#
       </master.inc.php>
       #2#
       if (! isset($_SESSION["dol_login"]))
       {
         if (isset($_POST["username"]))
         {
           ...
           // if user and pass are ok, we set $login
           $login=
         }
         if (! $login)
         { 
	   // We show login page
	   include_once(DOL_DOCUMENT_ROOT."/lib/security.lib.php");
	   dol_loginfunction($langs,$conf,$mysoc);
	   exit;
         }
         ...
       }
     </main.inc.php>
   </pre.inc.php>
 </index.php>

The #1# represents the loading of a lot of libraries that we will use later, but also initialize objects and variables containing the running PHP context (load configuration file, load language files and create an empty user not yet authenticated).

The #2# represents the code for authentication: Program check if we are inside a logged session (this means the $_SESSION["dol_login"] exists). If not, we check if we receives data from a login and password form. During first call of page, this is not the case since user has not yet view the login form. So we continue and $login is still false, so we just output the login HTML form and we end the script.

After submission of login, the same page (so still index.php is called), we still go inside #1#, then #2# and now the $_POST["username"] is defined. So we check if user and pass are ok (check into database, LDAP, it depends on $dolibarr_main_authentication value in config file). If it's ok, the $login variable is set, so we don't show the form anymore and we set the $_SESSION["dol_login"] so next time we call a page, we never go inside the "if (! isset($_SESSION["dol_login"]))".

The login modules

The login modules are files that contains functions to check validity of a couple user/password. There is one file by module so one file by function. Each file make a different kind of check.

  • The file htdocs/include/login/functions_http.php checks validity of couple user/password using a HTTP Basic authentication.
  • The file htdocs/include/login/functions_ldap.php checks validity of couple user/password into a LDAP annuary.
  • The file htdocs/include/login/functions_dolibarr.php checks validity of a couple user/password into Dolibarr database.

Each file contains only a function called check_user_password_xxx but Dolibarr will use only one of them. The file used will be the file with value xxx that match value of dolibarr_main_authentication in config file. Dolibarr will run the only function the file contains by sending them as parameters only the user and password received from the post login form. Function return true if couple user/password is valid, false otherwise.

Retrieved from "https://wiki.dolibarr.org/index.php?title=Authentication&oldid=15322"