Authentication

From Dolibarr ERP CRM Wiki
Revision as of 17:27, 25 August 2009 by Eldy (talk | contribs) (→‎Processus)
Jump to navigation Jump to search

Return to developer
documentation index

File Doc dev.png

Introduction

This page describe how the Dolibarr authentication process works. You must be familiar with PHP session and redirect to understand correctly what happen.

Process

Process start when you call the page you want to see. For example index.php (htdocs/index.php). But this is not this file that ask for authentication. Each Dolibarr php page include at the beginning a file called pre.inc.php and this file include a file called main.php that include master.php. So we have: 

 <index.php>
   <pre.inc.php>
     <main.inc.php>
       <master.inc.php>
         #1#
       </master.inc.php>
       #2#
       if (! isset($_SESSION["dol_login"]))
       {
         if (isset($_POST["username"]))
         {
           ...
           // if user and pass are ok, we set $login
           $login=
         }
         if (! $login)
         { 
	   // We show login page
	   include_once(DOL_DOCUMENT_ROOT."/lib/security.lib.php");
	   dol_loginfunction($langs,$conf,$mysoc);
	   exit;
         }
         ...
       }
     </main.inc.php>
   </pre.inc.php>
 </index.php>

The #1# represents the loading of a lot of libraries that we will use later, but also initialize objects and variables containing the running PHP context (load configuration file, load language files and create an empty user not yet authenticated).

The #2# represents the code for authentication: Program check if we are inside a logged session (this means the $_SESSION["dol_login"] exists). If not, we check if we receives data from a login and password form. During first call of page, this is not the case since user has not yet view the login form. So we continue and $login is still false, so we just output the login HTML form and we end the script.

After submission of login, the same page (so still index.php is called), we still go inside #1#, then #2# and now the $_POST["username"] is defined. So we check if user and pass are ok (check into database, LDAP, it depends on $dolibarr_main_authentication value in config file). If it's ok, the $login variable is set, so we don't show the form anymore and we set the $_SESSION["dol_login"] so next time we call a page, we never go inside the "if (! isset($_SESSION["dol_login"]))".

The login modules

The login modules are files that contains functions to check validity of a couple user/password. There is one file by module so one file by function. Each file make a different kind of check.

  • The file htdocs/include/login/functions_http.php checks validity of couple user/password using a HTTP Basic authentication.
  • The file htdocs/include/login/functions_ldap.php checks validity of couple user/password into a LDAP annuary.
  • The file htdocs/include/login/functions_dolibarr.php checks validity of a couple user/password into Dolibarr database.

Each file contains only a function called check_user_password_xxx but Dolibarr will use only one of them. The file used will be the file with value xxx that match value of dolibarr_main_authentication in config file. Dolibarr will run the only function the file contains by sending them as parameters only the user and password received from the post login form. Function return true if couple user/password is valid, false otherwise.

Retrieved from "https://wiki.dolibarr.org/index.php?title=Authentication&oldid=15323"