Htauth.php 0.1 Web Server Authorization for Kimai 0.9.2

This authorization module adds HTTP web server authentication and automatic
logins to Kimai 0.9.2. It falls gracefully back to the standard Kimai login
page when the web server doesn't supply an authorized user name or after the
currently authorized user chooses to log out.

Configuration options are provided to enable/disable auto-logins (default
enabled), to automatically create auto-login users not found in the Kimai
database (default disabled), or to force usernames to lower case (default
disabled).

Web server page access is generally controlled by the server host configuration
file or by a .htaccess file in the directory, with the authentication method
being any that is appropriate for the situation (Basic, Digest, LDAP, etc.).
After a user has entered a valid user name and password, the user name is 
provided in server environment variables to htauth.php. Usually, this will be 
"REMOTE_USER", so this is the default selection. However, two other common 
possibilities are "REDIRECT_REMOTE_USER" or "PHP_AUTH_USER". You can select 
any combination of these variables to query for the auto-login user name.

The configuration options are set by editing htauth.php to make the various
option variables either "true" or "false". The actions taken by htauth depend
on the option settings, whether the web server supplies an authenticated
user name in the environment, and whether that user is already in Kimai's
database:

Auto-Logins   Auto-Create   User Auth     User in
  Enabled?      Enabled?    by Server?    Kimai DB?    Action Taken
  
   No             --            --           --        Standard login page
   Yes            --            No           --        Standard login page
   Yes            --            Yes          Yes       Auto-login
   Yes            No            Yes          No        Standard login page
   Yes            Yes           Yes          No        Auto-login and create user

Auto-creation of users can be convenient -- after all, if they have a user
name that was accepted by the web server to access the Kimai page, they
probably should be in the Kimai user database. However, the new user is
assigned a random password, and will not be able to use the standard login
(only auto-logins) until a new password is set in Preferences. Their group
membership also may or may not be correct.

To install htauth.php, just copy htauth.php to the kimai /auth directory,
and in the main kimai directory, back up your original index.php and
copy in the replacement index.php. The changes to index.php were required 
to cause invocation of htauth.php for logins instead of the standard kimai.php,
and to prevent an immediate auto-login after a logout. Because of this, a
modified version of index.php is included with htauth.php. Be sure to back up
your original index.php before overwriting it with the htauth version. Also,
please test your setup carefully before rolling it out.

Kristofer Sweger
February 22, 2012