From c8437f35c62f0ad12eee5d4b2ac075c44d7ed2c7 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 18 Nov 2005 07:21:24 +0100 Subject: [PATCH] optional login form/http basic auth support --- config.php-dist | 3 +++ functions.php | 31 +++++++++++++++++++++---------- login.php | 23 +++++++++++++++++++++-- prefs.php | 10 ++++++++-- tt-rss.php | 12 ++++++++---- 5 files changed, 61 insertions(+), 18 deletions(-) diff --git a/config.php-dist b/config.php-dist index eeb1961bc..8e34e7b2c 100644 --- a/config.php-dist +++ b/config.php-dist @@ -13,5 +13,8 @@ define(WEB_DEMO_MODE, false); + + define(USE_HTTP_AUTH, false); + // use HTTP Basic authentication ?> diff --git a/functions.php b/functions.php index fc9818021..67575cbb2 100644 --- a/functions.php +++ b/functions.php @@ -515,8 +515,26 @@ db_query($link, "COMMIT"); } + + function authenticate_user($link, $login, $password) { - function authenticate_user($link) { + $pwd_hash = 'SHA1:' . sha1($password); + + $result = db_query($link, "SELECT id,login FROM ttrss_users WHERE + login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')"); + + if (db_num_rows($result) == 1) { + $_SESSION["uid"] = db_fetch_result($result, 0, "id"); + $_SESSION["name"] = db_fetch_result($result, 0, "login"); + + return true; + } + + return false; + + } + + function http_authenticate_user($link) { if (!$_SERVER['PHP_AUTH_USER']) { @@ -529,16 +547,9 @@ $login = db_escape_string($_SERVER['PHP_AUTH_USER']); $password = db_escape_string($_SERVER['PHP_AUTH_PW']); - $pwd_hash = 'SHA1:' . sha1($password); - $result = db_query($link, "SELECT id,login FROM ttrss_users WHERE - login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')"); - - if (db_num_rows($result) == 1) { - $_SESSION["uid"] = db_fetch_result($result, 0, "id"); - $_SESSION["name"] = db_fetch_result($result, 0, "login"); - } - } + return authenticate_user($link, $login, $password); + } } ?> diff --git a/login.php b/login.php index 10875ce87..86694667a 100644 --- a/login.php +++ b/login.php @@ -3,9 +3,18 @@ require_once "version.php"; require_once "config.php"; + require_once "functions.php"; - $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder - $_SESSION["name"] = PLACEHOLDER_NAME; + $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); + + $login = $_POST["login"]; + $password = $_POST["password"]; + + if ($login && $password) { + if (authenticate_user($link, $login, $password)) { + header("Location: tt-rss.php"); + } + } ?> @@ -20,6 +29,8 @@ +
+ + +
@@ -34,9 +45,17 @@
Password:
+ +
+
+ + + diff --git a/prefs.php b/prefs.php index 73081c7ca..837cf584f 100644 --- a/prefs.php +++ b/prefs.php @@ -8,8 +8,14 @@ $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); -// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder -// $_SESSION["name"] = PLACEHOLDER_NAME; + if (!USE_HTTP_AUTH) { + if (!$_SESSION["uid"]) { + header("Location: login.php"); + exit; + } + } else { + authenticate_user($link); + } initialize_user_prefs($link, $_SESSION["uid"]); // FIXME this needs to be moved somewhere after user creation diff --git a/tt-rss.php b/tt-rss.php index 7b6b11b48..9348944f6 100644 --- a/tt-rss.php +++ b/tt-rss.php @@ -8,10 +8,14 @@ $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); - authenticate_user($link); - -// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder -// $_SESSION["name"] = PLACEHOLDER_NAME; + if (!USE_HTTP_AUTH) { + if (!$_SESSION["uid"]) { + header("Location: login.php"); + exit; + } + } else { + authenticate_user($link); + } initialize_user_prefs($link, $_SESSION["uid"]); // FIXME this needs to be moved somewhere after user creation