new option: ALLOW_REMOTE_USER_AUTH

config.php-dist

@@ -164,7 +164,13 @@
 	define('DAEMON_FEED_LIMIT', 100);
 	// Limits the amount of feeds daemon updates on one run
 
-	define('CONFIG_VERSION', 12);
+	define('ALLOW_REMOTE_USER_AUTH', false);
+   // Set to 'true' if you trust your web server's REMOTE_USER
+	// environment variable to validate that the user is logged in. This
+	// option can be used to integrate tt-rss with Apache's external
+	// authentication modules.
+
+	define('CONFIG_VERSION', 13);
 	// Expected config version. Please update this option in config.php
 	// if necessary (after migrating all new options from this file).
 

functions.php

@@ -1560,10 +1560,15 @@
 			$pwd_hash1 = encrypt_password($password);
 			$pwd_hash2 = encrypt_password($password, $login);
 
-			if ($force_auth && defined('_DEBUG_USER_SWITCH')) {
+			if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH 
+					&& $_SERVER["REMOTE_USER"]) {
+
+				$login = db_escape_string($_SERVER["REMOTE_USER"]);
+
 				$query = "SELECT id,login,access_level
 	            FROM ttrss_users WHERE
-		         login = '$login'";
+					login = '$login'";
+
 			} else {
 				$query = "SELECT id,login,access_level,pwd_hash
 	            FROM ttrss_users WHERE

sanity_check.php

@@ -1,7 +1,7 @@
 <?php
 	require_once "functions.php";
 
-	define('EXPECTED_CONFIG_VERSION', 12);
+	define('EXPECTED_CONFIG_VERSION', 13);
 	define('SCHEMA_VERSION', 27);
 
 	if (!file_exists("config.php")) {