From bf9fc06072f2dcd5b17aec1fe6a03b046236d360 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 28 Mar 2011 13:03:43 +0400 Subject: [PATCH] only use autologin with SSL certificate when AUTO_LOGIN is enabled, otherwise redirect to login form as with remote auth --- config.php-dist | 9 ++++++--- functions.php | 24 ++++++++---------------- login_form.php | 4 ++-- 3 files changed, 16 insertions(+), 21 deletions(-) diff --git a/config.php-dist b/config.php-dist index 26e8a02ff..531ce20b3 100644 --- a/config.php-dist +++ b/config.php-dist @@ -133,9 +133,12 @@ // used to integrate tt-rss with Apache's external authentication modules. define('AUTO_LOGIN', false); - // Set this to true if you use ALLOW_REMOTE_USER_AUTH and you want - // to skip the login form. If set to true, users won't be able to - // set application language and settings profile. + // Set this to true if you use ALLOW_REMOTE_USER_AUTH or client SSL + // certificate authentication and you want to skip the login form. + // If set to true, users won't be able to set application language + // and settings profile. + // Otherwise users will be redirected to login form with their login + // information pre-filled. define('LOCK_DIRECTORY', 'lock'); // Directory for lockfiles, must be writable to the user you run diff --git a/functions.php b/functions.php index dc162d7a9..974e2b9a8 100644 --- a/functions.php +++ b/functions.php @@ -1784,18 +1784,17 @@ return ""; } - function get_remote_user() { - $remote_user = ""; + function get_remote_user($link) { if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH) { - $remote_user = $_SERVER["REMOTE_USER"]; + return db_escape_string($_SERVER["REMOTE_USER"]); } - return db_escape_string($remote_user); + return db_escape_string(get_login_by_ssl_certificate($link)); } - function get_remote_fakepass() { - if (get_remote_user()) + function get_remote_fakepass($link) { + if (get_remote_user($link)) return "******"; else return ""; @@ -1809,10 +1808,7 @@ $pwd_hash2 = encrypt_password($password, $login); $login = db_escape_string($login); - $remote_user = get_remote_user(); - - if (!$remote_user) - $remote_user = get_login_by_ssl_certificate($link); + $remote_user = get_remote_user($link); if ($remote_user && $login != "admin") { @@ -2006,13 +2002,9 @@ } if (!$_SESSION["uid"] || !validate_session($link)) { - $cert_login = get_login_by_ssl_certificate($link); - if ($cert_login) { - authenticate_user($link, $cert_login, null); - $_SESSION["ref_schema_version"] = get_schema_version($link, true); - } else if (get_remote_user() && AUTO_LOGIN) { - authenticate_user($link, get_remote_user(), null); + if (get_remote_user($link) && AUTO_LOGIN) { + authenticate_user($link, get_remote_user($link), null); $_SESSION["ref_schema_version"] = get_schema_version($link, true); } else { render_login_form($link, $mobile); diff --git a/login_form.php b/login_form.php index 1dbc00549..5810c5cef 100644 --- a/login_form.php +++ b/login_form.php @@ -131,11 +131,11 @@ function validateLoginForm(f) { + value=""> + value="">