Changes

[[Category:Core]]

[[Category:Core]]

{{TemplateDocDevEn}}

{{TemplateDocDevEn}}

= Process =

= Process =

Process start when you call the page you want to see. For example index.php (htdocs/index.php). But this is not this file that ask for authentication. Each Dolibarr php page include at the beginning a file called pre.inc.php and this file include a file called main.php that include master.php.

Process start when you call the page you want to see. For example index.php (htdocs/index.php). But this is not this file that ask for authentication. Each Dolibarr php page include at the beginning a file called main.inc.php and this file include a file called master.inc.php.

So we have:

So we have:

 

{{Template:CodeSampleForLoginProcess}}

        {

        {  

        }

      }

The #1# represents the loading of a lot of libraries that we will use later, but also initialize objects and variables containing the running PHP context (load configuration file, load language files and create an empty user not yet authenticated).

The #1# represents the loading of a lot of libraries that we will use later, but also initialize objects and variables containing the running PHP context (load configuration file, load language files and create an empty user not yet authenticated).

The #2# represents the code for authentication: Program check if we are inside a logged session (this means the $_SESSION["dol_login"] exists). If not, we check if we receives data from a login and password form. During first call of page, this is not the case since user has not yet view the login form. So we continue and $login is still false, so we just output the login HTML form and we end the script.

The #2# represents the code for authentication: Program check if we are inside a logged session (this means the $_SESSION["dol_login"] exists). If not, we check if we receives data from a login and password form. During first call of page, this is not the case since user has not yet view the login form. So we continue and $login is still false, so we just output the login HTML form and we end the script.

After submission of login, the same page (so still index.php is called), we still go inside #1#, then #2# and now the $_POST["username"] is defined. So we check if user and pass are ok (check into database, LDAP, it depends on $dolibarr_main_authentication value in config file). If it's ok, the $login variable is set, so we don't show the form anymore and we set the $_SESSION["dol_login"] so next time we call a page, we never go inside the "if (! isset($_SESSION["dol_login"]))".

After submission of login, the same page (so still index.php is called), we still go inside #1#, then #2# and now the $_POST["username"] and $_POST['actionlogin'] are defined. So we check if user and pass are ok (check into database, LDAP, it depends on $dolibarr_main_authentication value in config file). If it's ok, the $login variable is set, so we don't show the form anymore and we set the $_SESSION["dol_login"] so next time we call a page, we never go inside the "if (! isset($_SESSION["dol_login"]))".

The #3# is to check business permissions and show the page. See [[Permissions En|Permissions]] page for more informations.

The #3# is to check business permissions and show the page. See [[Permissions En|Permissions]] page for more informations.

= The login modules =

= The authentication mode and the login modules =

 

The login modules are files that contains functions to check validity of a couple user/password.

The file used is named '''htdocs/core/login/functions_xxx.php''' with value '''xxx''' that match the value set in '''dolibarr_main_authentication''' in config file '''conf/conf.php'''.

There is one file by module so one file by function. Each file make a different kind of check.

* The file '''htdocs/include/login/functions_http.php''' checks validity of couple user/password using a HTTP Basic authentication.

* The file '''htdocs/include/login/functions_ldap.php''' checks validity of couple user/password into a LDAP annuary.

* The file '''htdocs/include/login/functions_dolibarr.php''' checks validity of a couple user/password into Dolibarr database.

Each file contains only a function called '''check_user_password_xxx''' but Dolibarr will use only one of them. The file used will be the file with value '''xxx''' that match value of '''dolibarr_main_authentication''' in config file '''conf/conf.php'''.

See [[Authentication,_SSO_and_SSL]] for a list of authentication mode (possible values for 'xxx' and specificity for them)

Dolibarr will run the only function the file contains by sending them as parameters only the user and password received from the post login form. Function return true if couple user/password is valid, false otherwise.