From 66b9fb364b88c15ae7a5e8c0524e42aabeeeb220 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Sun, 26 Apr 2026 17:01:02 +0200
Subject: [PATCH 1/2] use function $settings->getBaseUrlWithRoot()

---
 views/bootstrap/class.ViewDocument.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/views/bootstrap/class.ViewDocument.php b/views/bootstrap/class.ViewDocument.php
index a2f524fec..92ce80c28 100644
--- a/views/bootstrap/class.ViewDocument.php
+++ b/views/bootstrap/class.ViewDocument.php
@@ -619,7 +619,7 @@ $(document).ready( function() {
 					$this->contentHeading(getMLText("preview"));
 ?>
 			<div style="width:100%; height: 0; position:relative; padding-top: 141%;">
-			<iframe src="<?= $settings->_httpRoot ?>ext/pdfviewer/res/web/viewer.html?file=<?php echo urlencode(getBaseUrl().$settings->_httpRoot.'op/op.ViewOnline.php?documentid='.$latestContent->getDocument()->getID().'&version='.$latestContent->getVersion()); ?>" _width="100%" _height="100%" style="position: absolute; top: 0; left: 0; bottom: 0; right: 0; width: 100%; height: 100%"></iframe>
+			<iframe src="<?= $settings->_httpRoot ?>ext/pdfviewer/res/web/viewer.html?file=<?php echo urlencode($settings->getBaseUrlWithRoot().'op/op.ViewOnline.php?documentid='.$latestContent->getDocument()->getID().'&version='.$latestContent->getVersion()); ?>" _width="100%" _height="100%" style="position: absolute; top: 0; left: 0; bottom: 0; right: 0; width: 100%; height: 100%"></iframe>
 			</div>
 <?php
 					}
@@ -657,7 +657,7 @@ $(document).ready( function() {
 					$this->contentHeading(getMLText("preview_pdf"));
 ?>
 				<div style="width:100%; height: 0; position:relative; padding-top: 141%;">
-				<iframe src="<?= $settings->_httpRoot ?>ext/pdfviewer/res/web/viewer.html?file=<?php echo urlencode(getBaseUrl().$settings->_httpRoot.'op/op.PdfPreview.php?documentid='.$latestContent->getDocument()->getID().'&version='.$latestContent->getVersion()); ?>" _width="100%" _height="700px" style="position: absolute; top: 0; left: 0; bottom: 0; right: 0; width:    100%; height: 100%"></iframe>
+				<iframe src="<?= $settings->_httpRoot ?>ext/pdfviewer/res/web/viewer.html?file=<?php echo urlencode($settings->getBaseUrlWithRoot().'op/op.PdfPreview.php?documentid='.$latestContent->getDocument()->getID().'&version='.$latestContent->getVersion()); ?>" _width="100%" _height="700px" style="position: absolute; top: 0; left: 0; bottom: 0; right: 0; width:    100%; height: 100%"></iframe>
 				</div>
 <?php
 				}

From fa4f86e59b46b37395bb03c9c0fddc671b77c37f Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Mon, 27 Apr 2026 07:51:31 +0200
Subject: [PATCH 2/2] backport basic auth from seeddms 6.0.x

---
 inc/inc.BasicAuthentication.php | 41 +++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 inc/inc.BasicAuthentication.php

diff --git a/inc/inc.BasicAuthentication.php b/inc/inc.BasicAuthentication.php
new file mode 100644
index 000000000..8d9a69bdb
--- /dev/null
+++ b/inc/inc.BasicAuthentication.php
@@ -0,0 +1,41 @@
+<?php
+/**
+ * Do authentication of users and session management
+ *
+ * @category   DMS
+ * @package    SeedDMS
+ * @license    GPL 2
+ * @version    @version@
+ * @author     Markus Westphal, Malcolm Cowe, Uwe Steinmann <uwe@steinmann.cx>
+ * @copyright  Copyright (C) 2002-2005 Markus Westphal,
+ *             2006-2008 Malcolm Cowe, 2010 Uwe Steinmann
+ * @version    Release: @package_version@
+ */
+
+require_once("inc.Utils.php");
+require_once("inc.ClassNotificationService.php");
+require_once("inc.ClassEmailNotify.php");
+require_once("inc.ClassSession.php");
+require_once("inc.ClassAccessOperation.php");
+
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+	header('WWW-Authenticate: Basic realm="'.$settings->_siteName.'"');
+	header('HTTP/1.0 401 Unauthorized');
+	echo getMLText('cancel_basic_authentication');
+	exit;
+} else {
+	if(!($user = $authenticator->authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))) {
+		header('WWW-Authenticate: Basic realm="'.$settings->_siteName.'"');
+		header('HTTP/1.0 401 Unauthorized');
+		echo getMLText('cancel_basic_authentication');
+		exit;
+	}
+}
+
+/* Clear login failures if login was successful */
+$user->clearLoginFailures();
+
+$dms->setUser($user);
+
+require_once('inc/inc.Notification.php');
+