#40 Code changes to trust REMOTE_USER value
Our VTCalendar lives in a secure intranet environment, and no one can reach it without having previously logged in. Thus I can be assured that REMOTE_USER has a valid value, sp O'd like VTCalendar to not prompt me for a userid. I looked at an older "feature Request" entry in this list that purported to address this issue, but the code was complex and didn't appear applicable to the current release (2.3.0). Instead of using that code I found that these two one-line modifications to the current release do the trick for me.
In 'functions-authentication.inc.php', in function "logUserIn":
1. after the first if-then-else (line #353), insert
$userid=$_SERVER[REMOTE_USER]; $password="anything";
2. 20 lines on, comment out the line below "Check the username/password" and add a line below:
// Check the username/password.
# $authresult = userauthenticated($userid, $password);
$authresult=true;
That's it! If you're in one or more sponsor's lists, you'll get prompted for which one to use when you click UPDATE. Users who are not sponsored get a clear error message telling them just that.
