use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324)
This commit is contained in:
parent
f98252f27c
commit
3d72afa19a
|
@ -128,13 +128,9 @@
|
||||||
// Limits the amount of feeds daemon (or a cronjob) updates on one run
|
// Limits the amount of feeds daemon (or a cronjob) updates on one run
|
||||||
|
|
||||||
define('ALLOW_REMOTE_USER_AUTH', false);
|
define('ALLOW_REMOTE_USER_AUTH', false);
|
||||||
// Set to 'true' if you trust your web server's REMOTE_USER or
|
// Set to 'true' if you trust your web server's REMOTE_USER
|
||||||
// REDIRECT_SSL_CLIENT_S_DN_CN environment variables to validate
|
// environment variable that the user is logged in. This option can be
|
||||||
// that the user is logged in. This option can be used to integrate
|
// used to integrate tt-rss with Apache's external authentication modules.
|
||||||
// tt-rss with Apache's external authentication modules or SSL
|
|
||||||
// client certificate authentication.
|
|
||||||
// Please note that REMOTE_USER takes precedence over SSL certificate
|
|
||||||
// information.
|
|
||||||
|
|
||||||
define('AUTO_LOGIN', false);
|
define('AUTO_LOGIN', false);
|
||||||
// Set this to true if you use ALLOW_REMOTE_USER_AUTH and you want
|
// Set this to true if you use ALLOW_REMOTE_USER_AUTH and you want
|
||||||
|
|
|
@ -1757,11 +1757,29 @@
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
function get_remote_user() {
|
function get_login_by_ssl_certificate($link) {
|
||||||
$remote_user = $_SERVER["REMOTE_USER"];
|
|
||||||
|
|
||||||
if (!$remote_user)
|
$cert_serial = db_escape_string($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"]);
|
||||||
$remote_user = $_SERVER["REDIRECT_SSL_CLIENT_S_DN_CN"];
|
|
||||||
|
if ($cert_serial) {
|
||||||
|
$result = db_query($link, "SELECT login FROM ttrss_user_prefs, ttrss_users
|
||||||
|
WHERE pref_name = 'SSL_CERT_SERIAL' AND value = '$cert_serial' AND
|
||||||
|
owner_uid = ttrss_users.id");
|
||||||
|
|
||||||
|
if (db_num_rows($result) != 0) {
|
||||||
|
return db_escape_string(db_fetch_result($result, 0, "login"));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return "";
|
||||||
|
}
|
||||||
|
|
||||||
|
function get_remote_user() {
|
||||||
|
$remote_user = "";
|
||||||
|
|
||||||
|
if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH) {
|
||||||
|
$remote_user = $_SERVER["REMOTE_USER"];
|
||||||
|
}
|
||||||
|
|
||||||
return db_escape_string($remote_user);
|
return db_escape_string($remote_user);
|
||||||
}
|
}
|
||||||
|
@ -1781,10 +1799,14 @@
|
||||||
$pwd_hash2 = encrypt_password($password, $login);
|
$pwd_hash2 = encrypt_password($password, $login);
|
||||||
$login = db_escape_string($login);
|
$login = db_escape_string($login);
|
||||||
|
|
||||||
if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH
|
$remote_user = get_remote_user();
|
||||||
&& get_remote_user() && $login != "admin") {
|
|
||||||
|
|
||||||
$login = db_escape_string(get_remote_user());
|
if (!$remote_user)
|
||||||
|
$remote_user = get_login_by_ssl_certificate($link);
|
||||||
|
|
||||||
|
if ($remote_user && $login != "admin") {
|
||||||
|
|
||||||
|
$login = $remote_user;
|
||||||
|
|
||||||
$query = "SELECT id,login,access_level,pwd_hash
|
$query = "SELECT id,login,access_level,pwd_hash
|
||||||
FROM ttrss_users WHERE
|
FROM ttrss_users WHERE
|
||||||
|
@ -1974,8 +1996,12 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$_SESSION["uid"] || !validate_session($link)) {
|
if (!$_SESSION["uid"] || !validate_session($link)) {
|
||||||
if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH
|
$cert_login = get_login_by_ssl_certificate($link);
|
||||||
&& get_remote_user() && defined('AUTO_LOGIN') && AUTO_LOGIN) {
|
|
||||||
|
if ($cert_login) {
|
||||||
|
authenticate_user($link, $cert_login, null);
|
||||||
|
$_SESSION["ref_schema_version"] = get_schema_version($link, true);
|
||||||
|
} else if (get_remote_user() && AUTO_LOGIN) {
|
||||||
authenticate_user($link, get_remote_user(), null);
|
authenticate_user($link, get_remote_user(), null);
|
||||||
$_SESSION["ref_schema_version"] = get_schema_version($link, true);
|
$_SESSION["ref_schema_version"] = get_schema_version($link, true);
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -6,12 +6,12 @@
|
||||||
$subop = $_REQUEST["subop"];
|
$subop = $_REQUEST["subop"];
|
||||||
|
|
||||||
$prefs_blacklist = array("HIDE_FEEDLIST", "SYNC_COUNTERS", "ENABLE_LABELS",
|
$prefs_blacklist = array("HIDE_FEEDLIST", "SYNC_COUNTERS", "ENABLE_LABELS",
|
||||||
"ENABLE_SEARCH_TOOLBAR", "HIDE_READ_FEEDS", "ENABLE_FEED_ICONS",
|
"ENABLE_SEARCH_TOOLBAR", "HIDE_READ_FEEDS", "ENABLE_FEED_ICONS",
|
||||||
"ENABLE_OFFLINE_READING", "EXTENDED_FEEDLIST", "FEEDS_SORT_BY_UNREAD",
|
"ENABLE_OFFLINE_READING", "EXTENDED_FEEDLIST", "FEEDS_SORT_BY_UNREAD",
|
||||||
"OPEN_LINKS_IN_NEW_WINDOW", "USER_STYLESHEET_URL", "ENABLE_FLASH_PLAYER");
|
"OPEN_LINKS_IN_NEW_WINDOW", "USER_STYLESHEET_URL", "ENABLE_FLASH_PLAYER");
|
||||||
|
|
||||||
$profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS",
|
$profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS",
|
||||||
"PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP",
|
"PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP",
|
||||||
"BLACKLISTED_TAGS", "ENABLE_FEED_ICONS", "ENABLE_API_ACCESS",
|
"BLACKLISTED_TAGS", "ENABLE_FEED_ICONS", "ENABLE_API_ACCESS",
|
||||||
"UPDATE_POST_ON_CHECKSUM_CHANGE", "DEFAULT_UPDATE_INTERVAL",
|
"UPDATE_POST_ON_CHECKSUM_CHANGE", "DEFAULT_UPDATE_INTERVAL",
|
||||||
"MARK_UNREAD_ON_UPDATE", "USER_TIMEZONE", "SORT_HEADLINES_BY_FEED_DATE");
|
"MARK_UNREAD_ON_UPDATE", "USER_TIMEZONE", "SORT_HEADLINES_BY_FEED_DATE");
|
||||||
|
@ -47,18 +47,18 @@
|
||||||
$new_pw_hash = encrypt_password($new_pw, $_SESSION["name"]);
|
$new_pw_hash = encrypt_password($new_pw, $_SESSION["name"]);
|
||||||
|
|
||||||
$active_uid = $_SESSION["uid"];
|
$active_uid = $_SESSION["uid"];
|
||||||
|
|
||||||
if ($old_pw && $new_pw) {
|
if ($old_pw && $new_pw) {
|
||||||
|
|
||||||
$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
|
$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
|
||||||
|
|
||||||
$result = db_query($link, "SELECT id FROM ttrss_users WHERE
|
$result = db_query($link, "SELECT id FROM ttrss_users WHERE
|
||||||
id = '$active_uid' AND (pwd_hash = '$old_pw_hash1' OR
|
id = '$active_uid' AND (pwd_hash = '$old_pw_hash1' OR
|
||||||
pwd_hash = '$old_pw_hash2')");
|
pwd_hash = '$old_pw_hash2')");
|
||||||
|
|
||||||
if (db_num_rows($result) == 1) {
|
if (db_num_rows($result) == 1) {
|
||||||
db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash'
|
db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash'
|
||||||
WHERE id = '$active_uid'");
|
WHERE id = '$active_uid'");
|
||||||
|
|
||||||
$_SESSION["pwd_hash"] = $new_pw_hash;
|
$_SESSION["pwd_hash"] = $new_pw_hash;
|
||||||
|
|
||||||
|
@ -81,7 +81,7 @@
|
||||||
$orig_theme = get_pref($link, "_THEME_ID");
|
$orig_theme = get_pref($link, "_THEME_ID");
|
||||||
|
|
||||||
foreach (array_keys($_POST) as $pref_name) {
|
foreach (array_keys($_POST) as $pref_name) {
|
||||||
|
|
||||||
$pref_name = db_escape_string($pref_name);
|
$pref_name = db_escape_string($pref_name);
|
||||||
$value = db_escape_string($_POST[$pref_name]);
|
$value = db_escape_string($_POST[$pref_name]);
|
||||||
|
|
||||||
|
@ -119,10 +119,10 @@
|
||||||
$active_uid = $_SESSION["uid"];
|
$active_uid = $_SESSION["uid"];
|
||||||
|
|
||||||
db_query($link, "UPDATE ttrss_users SET email = '$email',
|
db_query($link, "UPDATE ttrss_users SET email = '$email',
|
||||||
full_name = '$full_name' WHERE id = '$active_uid'");
|
full_name = '$full_name' WHERE id = '$active_uid'");
|
||||||
|
|
||||||
print __("Your personal data has been saved.");
|
print __("Your personal data has been saved.");
|
||||||
|
|
||||||
return;
|
return;
|
||||||
|
|
||||||
} else if ($subop == "reset-config") {
|
} else if ($subop == "reset-config") {
|
||||||
|
@ -135,7 +135,7 @@
|
||||||
$profile_qpart = "profile IS NULL";
|
$profile_qpart = "profile IS NULL";
|
||||||
}
|
}
|
||||||
|
|
||||||
db_query($link, "DELETE FROM ttrss_user_prefs
|
db_query($link, "DELETE FROM ttrss_user_prefs
|
||||||
WHERE $profile_qpart AND owner_uid = ".$_SESSION["uid"]);
|
WHERE $profile_qpart AND owner_uid = ".$_SESSION["uid"]);
|
||||||
|
|
||||||
initialize_user_prefs($link, $_SESSION["uid"], $_SESSION["profile"]);
|
initialize_user_prefs($link, $_SESSION["uid"], $_SESSION["profile"]);
|
||||||
|
@ -164,8 +164,8 @@
|
||||||
|
|
||||||
new Ajax.Request('backend.php', {
|
new Ajax.Request('backend.php', {
|
||||||
parameters: dojo.objectToQuery(this.getValues()),
|
parameters: dojo.objectToQuery(this.getValues()),
|
||||||
onComplete: function(transport) {
|
onComplete: function(transport) {
|
||||||
notify_callback2(transport);
|
notify_callback2(transport);
|
||||||
} });
|
} });
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -176,7 +176,7 @@
|
||||||
$result = db_query($link, "SELECT email,full_name,
|
$result = db_query($link, "SELECT email,full_name,
|
||||||
access_level FROM ttrss_users
|
access_level FROM ttrss_users
|
||||||
WHERE id = ".$_SESSION["uid"]);
|
WHERE id = ".$_SESSION["uid"]);
|
||||||
|
|
||||||
$email = htmlspecialchars(db_fetch_result($result, 0, "email"));
|
$email = htmlspecialchars(db_fetch_result($result, 0, "email"));
|
||||||
$full_name = htmlspecialchars(db_fetch_result($result, 0, "full_name"));
|
$full_name = htmlspecialchars(db_fetch_result($result, 0, "full_name"));
|
||||||
|
|
||||||
|
@ -192,9 +192,9 @@
|
||||||
print "<tr><td width=\"40%\">".__('Access level')."</td>";
|
print "<tr><td width=\"40%\">".__('Access level')."</td>";
|
||||||
print "<td>" . $access_level_names[$access_level] . "</td></tr>";
|
print "<td>" . $access_level_names[$access_level] . "</td></tr>";
|
||||||
}
|
}
|
||||||
|
|
||||||
print "</table>";
|
print "</table>";
|
||||||
|
|
||||||
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
|
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
|
||||||
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"change-email\">";
|
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"change-email\">";
|
||||||
|
|
||||||
|
@ -207,7 +207,7 @@
|
||||||
print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Authentication')."\">";
|
print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Authentication')."\">";
|
||||||
|
|
||||||
$result = db_query($link, "SELECT id FROM ttrss_users
|
$result = db_query($link, "SELECT id FROM ttrss_users
|
||||||
WHERE id = ".$_SESSION["uid"]." AND pwd_hash
|
WHERE id = ".$_SESSION["uid"]." AND pwd_hash
|
||||||
= 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'");
|
= 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'");
|
||||||
|
|
||||||
if (db_num_rows($result) != 0) {
|
if (db_num_rows($result) != 0) {
|
||||||
|
@ -223,7 +223,7 @@
|
||||||
|
|
||||||
new Ajax.Request('backend.php', {
|
new Ajax.Request('backend.php', {
|
||||||
parameters: dojo.objectToQuery(this.getValues()),
|
parameters: dojo.objectToQuery(this.getValues()),
|
||||||
onComplete: function(transport) {
|
onComplete: function(transport) {
|
||||||
notify('');
|
notify('');
|
||||||
if (transport.responseText.indexOf('ERROR: ') == 0) {
|
if (transport.responseText.indexOf('ERROR: ') == 0) {
|
||||||
notify_error(transport.responseText.replace('ERROR: ', ''));
|
notify_error(transport.responseText.replace('ERROR: ', ''));
|
||||||
|
@ -238,12 +238,12 @@
|
||||||
</script>";
|
</script>";
|
||||||
|
|
||||||
print "<table width=\"100%\" class=\"prefPrefsList\">";
|
print "<table width=\"100%\" class=\"prefPrefsList\">";
|
||||||
|
|
||||||
print "<tr><td width=\"40%\">".__("Old password")."</td>";
|
print "<tr><td width=\"40%\">".__("Old password")."</td>";
|
||||||
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"old_password\"></td></tr>";
|
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"old_password\"></td></tr>";
|
||||||
|
|
||||||
print "<tr><td width=\"40%\">".__("New password")."</td>";
|
print "<tr><td width=\"40%\">".__("New password")."</td>";
|
||||||
|
|
||||||
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\"
|
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\"
|
||||||
name=\"new_password\"></td></tr>";
|
name=\"new_password\"></td></tr>";
|
||||||
|
|
||||||
|
@ -252,7 +252,7 @@
|
||||||
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"confirm_password\"></td></tr>";
|
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"confirm_password\"></td></tr>";
|
||||||
|
|
||||||
print "</table>";
|
print "</table>";
|
||||||
|
|
||||||
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
|
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
|
||||||
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"change-password\">";
|
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"change-password\">";
|
||||||
|
|
||||||
|
@ -278,11 +278,11 @@
|
||||||
$profile_qpart = "profile IS NULL";
|
$profile_qpart = "profile IS NULL";
|
||||||
}
|
}
|
||||||
|
|
||||||
$result = db_query($link, "SELECT
|
$result = db_query($link, "SELECT
|
||||||
ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,
|
ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,
|
||||||
section_name,def_value,section_id
|
section_name,def_value,section_id
|
||||||
FROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs
|
FROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs
|
||||||
WHERE type_id = ttrss_prefs_types.id AND
|
WHERE type_id = ttrss_prefs_types.id AND
|
||||||
$profile_qpart AND
|
$profile_qpart AND
|
||||||
section_id = ttrss_prefs_sections.id AND
|
section_id = ttrss_prefs_sections.id AND
|
||||||
ttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND
|
ttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND
|
||||||
|
@ -299,7 +299,7 @@
|
||||||
|
|
||||||
new Ajax.Request('backend.php', {
|
new Ajax.Request('backend.php', {
|
||||||
parameters: dojo.objectToQuery(this.getValues()),
|
parameters: dojo.objectToQuery(this.getValues()),
|
||||||
onComplete: function(transport) {
|
onComplete: function(transport) {
|
||||||
var msg = transport.responseText;
|
var msg = transport.responseText;
|
||||||
if (msg.match('PREFS_THEME_CHANGED')) {
|
if (msg.match('PREFS_THEME_CHANGED')) {
|
||||||
window.location.reload();
|
window.location.reload();
|
||||||
|
@ -313,14 +313,14 @@
|
||||||
$lnum = 0;
|
$lnum = 0;
|
||||||
|
|
||||||
$active_section = "";
|
$active_section = "";
|
||||||
|
|
||||||
while ($line = db_fetch_assoc($result)) {
|
while ($line = db_fetch_assoc($result)) {
|
||||||
|
|
||||||
if (in_array($line["pref_name"], $prefs_blacklist)) {
|
if (in_array($line["pref_name"], $prefs_blacklist)) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($_SESSION["profile"] && in_array($line["pref_name"],
|
if ($_SESSION["profile"] && in_array($line["pref_name"],
|
||||||
$profile_blacklist)) {
|
$profile_blacklist)) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
@ -333,8 +333,8 @@
|
||||||
|
|
||||||
print "<table width=\"100%\" class=\"prefPrefsList\">";
|
print "<table width=\"100%\" class=\"prefPrefsList\">";
|
||||||
|
|
||||||
$active_section = $line["section_name"];
|
$active_section = $line["section_name"];
|
||||||
|
|
||||||
print "<tr><td colspan=\"3\"><h3>".__($active_section)."</h3></td></tr>";
|
print "<tr><td colspan=\"3\"><h3>".__($active_section)."</h3></td></tr>";
|
||||||
|
|
||||||
if ($line["section_id"] == 2) {
|
if ($line["section_id"] == 2) {
|
||||||
|
@ -345,7 +345,7 @@
|
||||||
|
|
||||||
print "<td><select name=\"_THEME_ID\" dojoType=\"dijit.form.Select\">";
|
print "<td><select name=\"_THEME_ID\" dojoType=\"dijit.form.Select\">";
|
||||||
print "<option value='Default'>".__('Default')."</option>";
|
print "<option value='Default'>".__('Default')."</option>";
|
||||||
print "<option value='----------------' disabled=\"1\">--------</option>";
|
print "<option value='----------------' disabled=\"1\">--------</option>";
|
||||||
|
|
||||||
foreach ($themes as $t) {
|
foreach ($themes as $t) {
|
||||||
$base = $t['base'];
|
$base = $t['base'];
|
||||||
|
@ -360,7 +360,7 @@
|
||||||
print "<option $selected value='$base'>$name</option>";
|
print "<option $selected value='$base'>$name</option>";
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
print "</select></td></tr>";
|
print "</select></td></tr>";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -383,7 +383,7 @@
|
||||||
print "<td width=\"40%\" class=\"prefName\" id=\"$pref_name\">" . __($line["short_desc"]);
|
print "<td width=\"40%\" class=\"prefName\" id=\"$pref_name\">" . __($line["short_desc"]);
|
||||||
|
|
||||||
if ($help_text) print "<div class=\"prefHelp\">".__($help_text)."</div>";
|
if ($help_text) print "<div class=\"prefHelp\">".__($help_text)."</div>";
|
||||||
|
|
||||||
print "</td>";
|
print "</td>";
|
||||||
|
|
||||||
print "<td class=\"prefValue\">";
|
print "<td class=\"prefValue\">";
|
||||||
|
@ -402,14 +402,14 @@
|
||||||
|
|
||||||
$limits = array(15, 30, 45, 60);
|
$limits = array(15, 30, 45, 60);
|
||||||
|
|
||||||
print_select($pref_name, $value, $limits,
|
print_select($pref_name, $value, $limits,
|
||||||
'dojoType="dijit.form.Select"');
|
'dojoType="dijit.form.Select"');
|
||||||
|
|
||||||
} else if ($pref_name == "DEFAULT_UPDATE_INTERVAL") {
|
} else if ($pref_name == "DEFAULT_UPDATE_INTERVAL") {
|
||||||
|
|
||||||
global $update_intervals_nodefault;
|
global $update_intervals_nodefault;
|
||||||
|
|
||||||
print_select_hash($pref_name, $value, $update_intervals_nodefault,
|
print_select_hash($pref_name, $value, $update_intervals_nodefault,
|
||||||
'dojoType="dijit.form.Select"');
|
'dojoType="dijit.form.Select"');
|
||||||
|
|
||||||
} else if ($type_name == "bool") {
|
} else if ($type_name == "bool") {
|
||||||
|
@ -432,6 +432,20 @@
|
||||||
required=\"1\" $regexp
|
required=\"1\" $regexp
|
||||||
name=\"$pref_name\" value=\"$value\">";
|
name=\"$pref_name\" value=\"$value\">";
|
||||||
|
|
||||||
|
} else if ($pref_name == "SSL_CERT_SERIAL") {
|
||||||
|
|
||||||
|
print "<input dojoType=\"dijit.form.ValidationTextBox\"
|
||||||
|
id=\"SSL_CERT_SERIAL\"
|
||||||
|
name=\"$pref_name\" value=\"$value\">";
|
||||||
|
|
||||||
|
$cert_serial = htmlspecialchars($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"]);
|
||||||
|
|
||||||
|
if ($cert_serial) {
|
||||||
|
print " <button dojoType=\"dijit.form.Button\"
|
||||||
|
onclick=\"insertSSLserial('$cert_serial')\">" .
|
||||||
|
__('Fill automatically') . "</button>";
|
||||||
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
$regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : '';
|
$regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : '';
|
||||||
|
|
||||||
|
|
8
prefs.js
8
prefs.js
|
@ -1693,3 +1693,11 @@ function customizeCSS() {
|
||||||
exception_error("customizeCSS", e);
|
exception_error("customizeCSS", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function insertSSLserial(value) {
|
||||||
|
try {
|
||||||
|
dijit.byId("SSL_CERT_SERIAL").attr('value', value);
|
||||||
|
} catch (e) {
|
||||||
|
exception_error("insertSSLcerial", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
require_once "functions.php";
|
require_once "functions.php";
|
||||||
|
|
||||||
define('EXPECTED_CONFIG_VERSION', 21);
|
define('EXPECTED_CONFIG_VERSION', 21);
|
||||||
define('SCHEMA_VERSION', 81);
|
define('SCHEMA_VERSION', 82);
|
||||||
|
|
||||||
if (!file_exists("config.php")) {
|
if (!file_exists("config.php")) {
|
||||||
print "<b>Fatal Error</b>: You forgot to copy
|
print "<b>Fatal Error</b>: You forgot to copy
|
||||||
|
|
|
@ -258,7 +258,7 @@ create table ttrss_tags (id integer primary key auto_increment,
|
||||||
|
|
||||||
create table ttrss_version (schema_version int not null) TYPE=InnoDB DEFAULT CHARSET=UTF8;
|
create table ttrss_version (schema_version int not null) TYPE=InnoDB DEFAULT CHARSET=UTF8;
|
||||||
|
|
||||||
insert into ttrss_version values (81);
|
insert into ttrss_version values (82);
|
||||||
|
|
||||||
create table ttrss_enclosures (id integer primary key auto_increment,
|
create table ttrss_enclosures (id integer primary key auto_increment,
|
||||||
content_url text not null,
|
content_url text not null,
|
||||||
|
@ -391,6 +391,8 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_
|
||||||
|
|
||||||
insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_MOBILE_BROWSE_CATS', 1, 'true', '', 1);
|
insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_MOBILE_BROWSE_CATS', 1, 'true', '', 1);
|
||||||
|
|
||||||
|
insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('SSL_CERT_SERIAL', 2, '', 'Login with an SSL certificate',3, 'You can login automatically with an active client SSL certificate if you fill in its serial number here.');
|
||||||
|
|
||||||
create table ttrss_user_prefs (
|
create table ttrss_user_prefs (
|
||||||
owner_uid integer not null,
|
owner_uid integer not null,
|
||||||
pref_name varchar(250),
|
pref_name varchar(250),
|
||||||
|
|
|
@ -229,7 +229,7 @@ create index ttrss_tags_post_int_id_idx on ttrss_tags(post_int_id);
|
||||||
|
|
||||||
create table ttrss_version (schema_version int not null);
|
create table ttrss_version (schema_version int not null);
|
||||||
|
|
||||||
insert into ttrss_version values (81);
|
insert into ttrss_version values (82);
|
||||||
|
|
||||||
create table ttrss_enclosures (id serial not null primary key,
|
create table ttrss_enclosures (id serial not null primary key,
|
||||||
content_url text not null,
|
content_url text not null,
|
||||||
|
@ -355,6 +355,8 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_
|
||||||
|
|
||||||
insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_MOBILE_BROWSE_CATS', 1, 'true', '', 1);
|
insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_MOBILE_BROWSE_CATS', 1, 'true', '', 1);
|
||||||
|
|
||||||
|
insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('SSL_CERT_SERIAL', 2, '', 'Login with an SSL certificate',3, 'You can login automatically with an active client SSL certificate if you fill in its serial number here.');
|
||||||
|
|
||||||
create table ttrss_user_prefs (
|
create table ttrss_user_prefs (
|
||||||
owner_uid integer not null references ttrss_users(id) ON DELETE CASCADE,
|
owner_uid integer not null references ttrss_users(id) ON DELETE CASCADE,
|
||||||
pref_name varchar(250) not null references ttrss_prefs(pref_name) ON DELETE CASCADE,
|
pref_name varchar(250) not null references ttrss_prefs(pref_name) ON DELETE CASCADE,
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
begin;
|
||||||
|
|
||||||
|
insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('SSL_CERT_SERIAL', 2, '', 'Login with an SSL certificate',3, 'You can login automatically with an active client SSL certificate if you fill in its serial number here.');
|
||||||
|
|
||||||
|
update ttrss_version set schema_version = 82;
|
||||||
|
|
||||||
|
commit;
|
|
@ -0,0 +1,7 @@
|
||||||
|
begin;
|
||||||
|
|
||||||
|
insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('SSL_CERT_SERIAL', 2, '', 'Login with an SSL certificate',3, 'You can login automatically with an active client SSL certificate if you fill in its serial number here.');
|
||||||
|
|
||||||
|
update ttrss_version set schema_version = 82;
|
||||||
|
|
||||||
|
commit;
|
59
sessions.php
59
sessions.php
|
@ -7,28 +7,33 @@
|
||||||
$session_expire = SESSION_EXPIRE_TIME; //seconds
|
$session_expire = SESSION_EXPIRE_TIME; //seconds
|
||||||
$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
|
$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
|
||||||
|
|
||||||
|
if ($_SERVER['HTTPS'] == "on") {
|
||||||
|
$session_name .= "_ssl";
|
||||||
|
ini_set("session.cookie_secure", true);
|
||||||
|
}
|
||||||
|
|
||||||
ini_set("session.gc_probability", 50);
|
ini_set("session.gc_probability", 50);
|
||||||
ini_set("session.name", $session_name);
|
ini_set("session.name", $session_name);
|
||||||
ini_set("session.use_only_cookies", true);
|
ini_set("session.use_only_cookies", true);
|
||||||
ini_set("session.gc_maxlifetime", SESSION_EXPIRE_TIME);
|
ini_set("session.gc_maxlifetime", SESSION_EXPIRE_TIME);
|
||||||
|
|
||||||
function ttrss_open ($s, $n) {
|
function ttrss_open ($s, $n) {
|
||||||
|
|
||||||
global $session_connection;
|
global $session_connection;
|
||||||
|
|
||||||
$session_connection = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
$session_connection = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
function ttrss_read ($id){
|
function ttrss_read ($id){
|
||||||
|
|
||||||
global $session_connection,$session_read;
|
global $session_connection,$session_read;
|
||||||
|
|
||||||
$query = "SELECT data FROM ttrss_sessions WHERE id='$id'";
|
$query = "SELECT data FROM ttrss_sessions WHERE id='$id'";
|
||||||
|
|
||||||
$res = db_query($session_connection, $query);
|
$res = db_query($session_connection, $query);
|
||||||
|
|
||||||
if (db_num_rows($res) != 1) {
|
if (db_num_rows($res) != 1) {
|
||||||
return "";
|
return "";
|
||||||
} else {
|
} else {
|
||||||
|
@ -39,61 +44,61 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
function ttrss_write ($id, $data) {
|
function ttrss_write ($id, $data) {
|
||||||
|
|
||||||
if (! $data) {
|
if (! $data) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
global $session_connection, $session_read, $session_expire;
|
global $session_connection, $session_read, $session_expire;
|
||||||
|
|
||||||
$expire = time() + $session_expire;
|
$expire = time() + $session_expire;
|
||||||
|
|
||||||
$data = db_escape_string(base64_encode($data), $session_connection);
|
$data = db_escape_string(base64_encode($data), $session_connection);
|
||||||
|
|
||||||
if ($session_read) {
|
if ($session_read) {
|
||||||
$query = "UPDATE ttrss_sessions SET data='$data',
|
$query = "UPDATE ttrss_sessions SET data='$data',
|
||||||
expire='$expire' WHERE id='$id'";
|
expire='$expire' WHERE id='$id'";
|
||||||
} else {
|
} else {
|
||||||
$query = "INSERT INTO ttrss_sessions (id, data, expire)
|
$query = "INSERT INTO ttrss_sessions (id, data, expire)
|
||||||
VALUES ('$id', '$data', '$expire')";
|
VALUES ('$id', '$data', '$expire')";
|
||||||
}
|
}
|
||||||
|
|
||||||
db_query($session_connection, $query);
|
db_query($session_connection, $query);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
function ttrss_close () {
|
function ttrss_close () {
|
||||||
|
|
||||||
global $session_connection;
|
global $session_connection;
|
||||||
|
|
||||||
db_close($session_connection);
|
db_close($session_connection);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
function ttrss_destroy ($id) {
|
function ttrss_destroy ($id) {
|
||||||
|
|
||||||
global $session_connection;
|
global $session_connection;
|
||||||
|
|
||||||
$query = "DELETE FROM ttrss_sessions WHERE id = '$id'";
|
$query = "DELETE FROM ttrss_sessions WHERE id = '$id'";
|
||||||
|
|
||||||
db_query($session_connection, $query);
|
db_query($session_connection, $query);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
function ttrss_gc ($expire) {
|
function ttrss_gc ($expire) {
|
||||||
|
|
||||||
global $session_connection;
|
global $session_connection;
|
||||||
|
|
||||||
$query = "DELETE FROM ttrss_sessions WHERE expire < " . time();
|
$query = "DELETE FROM ttrss_sessions WHERE expire < " . time();
|
||||||
|
|
||||||
db_query($session_connection, $query);
|
db_query($session_connection, $query);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (DATABASE_BACKED_SESSIONS) {
|
if (DATABASE_BACKED_SESSIONS) {
|
||||||
session_set_save_handler("ttrss_open",
|
session_set_save_handler("ttrss_open",
|
||||||
"ttrss_close", "ttrss_read", "ttrss_write",
|
"ttrss_close", "ttrss_read", "ttrss_write",
|
||||||
"ttrss_destroy", "ttrss_gc");
|
"ttrss_destroy", "ttrss_gc");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue