Ok nevermind I found it.

In the htsrv/_login_form.php file, find this bit of code

<fieldset>
	<div class="label"><label for="pwd"><?php echo T_('Password:') ?></label></div>
	<div class="input"><input type="password" name="pwd" id="pwd" size="16" maxlength="20" value="" class="large" /></div>
</fieldset>

And replace the value of the input field by whatever you want as a default password, like this:

<fieldset>
	<div class="label"><label for="pwd"><?php echo T_('Password:') ?></label></div>
	<div class="input"><input type="password" name="pwd" id="pwd" size="16" maxlength="20" value="fakepwd" class="large" /></div>
</fieldset>

Now all I have to do is find a way to fetch the client's NTLM username with PHP (which I think is impossible ... well I hope not)

MODERATORS: You can delete this thread if you think it irrevelant, but this can always be useful to someone in the futur.

Instead of changing things on the login page like that (which can be easily overridden by users since it's available on the client-side) you should probably modify the actual login process on the server-side.

The function to log users in is defined in b2evocore/_functions_users.php. You can modify this function to check for the NTLM username (it should be available as an environment variable if you are using IIS) and automatically log the user in without even bothering with a password.

This way, there would be no need for a "default password", and the user would not have the ability to enter another user's ID.

I'll seriously check it out.

Thanks for the pointers Kweb !

I think I will need some help :oops:

I know I can get the NTLM username using the $_SERVER["REMOTE_USER"] variable.

I need pointers as to which funtion(s) I should change in the b2evocore/_functions_user.php file.

Also, I guess I can comment out all the code that hashes and validates the passwords ... then I simply compare the value of the "REMOTE_USER" environment variable with usernames in the databases and if everything fits it's ok ?

I'm checking the _functions_user.php file's code and I'm unsure of what to do and where ... normally I'd take time to analyse the code in details but I'm very short on time so I don't have the luxury to really get to know how the code works.

Sorry if I'm asking much, I wish I could take my time to implement all this :-/

I believe the function you need to modify is the veriflog() function (near the top).

I've never done this myself, so I can't really tell you exactly what to do. The code is well commented, though (kudos to the devs, by the way), so it shouldn't be hard to see where it's getting the login info and setting up the cookie. Just modify it to get the username from the variable and set the cookie that way. It may take some trial and error, so make sure you back up the file first!

I'd like to know how to make login so that when an user clicks on the "Login" link on the weblog it does not direct him to the login page.

How to make it so identification is made inside the b2evocore/_functions_user.php file without redirection to the login form ?

Which functions should I modify to achieve that and what modifications should I do ? An example of code would be very welcome but I fear not many people ever looked into the login process so there must not be a lot of knowledge about it ??

Anyways, any pointers are welcome !