--- htusers_header.php	2001/09/26 14:44:54	1.3
+++ htusers_header.php	2002/01/11 13:39:25	1.5
@@ -23,6 +23,8 @@
 	will match exact hostname
 http_referer=test.foo.bar:Dobrica (by referer):auth_header:dpavlin@foo.bar
 	will match user which comes from site test.foo.bar
+remote_user=dpavlin:Dobrica (by server http auth):auth_header:dpavlin@foo.bar
+	will match user "dpavlin" which is authetificated using .htaccess
 
 */
 
@@ -32,13 +34,20 @@
 
 	$cookie_name="docman_autologin";
 	$cookie_val=md5($htusers_file.$GLOBALS[REMOTE_ADDR]);
+	$cookie_val_force=md5($htusers_file.$GLOBALS[REMOTE_USER]);
 
 	if (isset($HTTP_COOKIE_VARS[$cookie_name]) && $HTTP_COOKIE_VARS[$cookie_name] == $cookie_val) {
+		// no PHP_AUTH_PW set
 		$login_allowed=1;
+	} elseif (isset($HTTP_COOKIE_VARS[$cookie_name]) && $HTTP_COOKIE_VARS[$cookie_name] == $cookie_val_force) {
+		// PHP_AUTH_PW is set, force login!
+		$force_login_allowed=1;
 	} else {
 		$login_allowed=0;
 	}
 
+	$force_login_allowed=0;
+
 	$htusers=fopen($htusers_file,"r");
 	while($user = fgetcsv($htusers,255,":")) {
 		if ( $user[2]=="auth_header" ) {
@@ -52,19 +61,24 @@
 			} elseif (stristr($tmp[0],"http_referer")) {
 				//error_log("$tmp[0]: $tmp[1] ?? $GLOBALS[HTTP_REFERER]",0);
 				if (isset($GLOBALS[HTTP_REFERER]) && stristr($GLOBALS[HTTP_REFERER],$tmp[1])) {
-					setcookie($cookie_name,$cookie_val,time()+3600);
+					setcookie($cookie_name,$cookie_val_force,time()+3600);
 					$login_allowed=1;
 					//error_log("$tmp[0]: $tmp[1] == $GLOBALS[HTTP_REFERER]",0);
 				}
+			} elseif (stristr($tmp[0],"remote_user") && isset($GLOBALS[AUTH_TYPE]) && isset($GLOBALS[REMOTE_USER])) {
+				if ($GLOBALS[REMOTE_USER] == $tmp[1]) {
+					$force_login_allowed=1;
+				}
 
 			}
-			if ($login_allowed && !isset($PHP_AUTH_PW)) {
+			//error_log("$tmp[0]: $tmp[1] == $GLOBALS[REMOTE_USER] go!go!go! $login_allowed|$force_login_allowed|$PHP_AUTH_PW",0);
+			if (($login_allowed && !isset($PHP_AUTH_PW)) || ($force_login_allowed && isset($PHP_AUTH_PW))) {
 				$gblUserName=$user[1];
 				// make fake login credentials
 				$PHP_AUTH_PW=$PHP_AUTH_USER=$user[0];
 				$gblPw=md5($PHP_AUTH_USER.$PHP_AUTH_PW);
 				$gblEmail=$user[3];
-				continue ;
+				break ;
 			}
 		}
 	}