•  30-06-2022
  •  | 
  •  

Question

I have got Trac installed as a subset of a larger website. Ideally I'd like to be able to log users into trac from the main site without having to use the trac interface itself. The main site is implemented in PHP on IIS. Additionally if the user is logged in via Trac then I'd like to be able to offer access to other features from some of the PHP pages based upon the user privileges.

Authentication uses an htpasswd file in trac and being able to administrate users via the trac interface is useful. Additionally the same user/pass would be used for subversion as this can use the htpasswd file. I can't use this with IIS to do the login via a virtual path and authentication role. I don't want to use LDAP/ActiveDirectory

It would be nice to be able to implement a login page in PHP that actually logs the user into Trac. However I an unsure how I would add an appropriate __FORM_TOKEN field in the PHP page. It would be fine to use the trac login page itself but after logging in, it goes to the trac wiki home page rather than the referer that I set in the form data if it is not a sub-url of the trac part of the site.

Also it would be handy to be able to query permissions for the user currently logged into trac from PHP. Presumably this is possible via the sqlite database, but how do I know who the current user is?

Was it helpful?

Solution

Ended up generating the trac_form_token cookie myself for my PHP login form, from a sub-url of the trac root (overriding that sub-url from within IIS so that it is not handled by trac but by php instead). Easy enough to do.

Checking the logged in user is easy enough to do if you configure trac to set the path of the trac_auth cookie to be the root of the site. You can then access this and query the trac sqlite database from PHP to get the user name and permissions.

Then for the PHP login, you generate the trac_form_token and do a POST curl request to trac and then pass on the cookies you need from the returned response header.

EDIT: change to trac.ini to make trac_auth cookie available site-wide and not just from /trac/

[trac] 
auth_cookie_path = \
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top