optional login form/http basic auth support

2005-11-18 07:21:24 +01:00 · 2005-11-18 07:21:24 +01:00 · c8437f35c6
parent 1c7f75ed2c
commit c8437f35c6
5 changed files with 61 additions and 18 deletions
--- a/config.php-dist
+++ b/config.php-dist
@ -13,5 +13,8 @@
 	define(WEB_DEMO_MODE, false);
 	define(USE_HTTP_AUTH, false);
 	// use HTTP Basic authentication
 ?>
--- a/functions.php
+++ b/functions.php
@ -516,7 +516,25 @@
 	}
-	function authenticate_user($link) {
+	function authenticate_user($link, $login, $password) {
 		$pwd_hash = 'SHA1:' . sha1($password);
 		$result = db_query($link, "SELECT id,login FROM ttrss_users WHERE 
 			login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')");
 		if (db_num_rows($result) == 1) {
 			$_SESSION["uid"] = db_fetch_result($result, 0, "id");
 			$_SESSION["name"] = db_fetch_result($result, 0, "login");
 			return true;
 		}
 		return false;
 	}
 	function http_authenticate_user($link) {
 		if (!$_SERVER['PHP_AUTH_USER']) {
@ -529,15 +547,8 @@
 			$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
 			$password = db_escape_string($_SERVER['PHP_AUTH_PW']);
 			$pwd_hash = 'SHA1:' . sha1($password);
-			$result = db_query($link, "SELECT id,login FROM ttrss_users WHERE 
+			return authenticate_user($link, $login, $password);
 				login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')");
 			if (db_num_rows($result) == 1) {
 				$_SESSION["uid"] = db_fetch_result($result, 0, "id");
 				$_SESSION["name"] = db_fetch_result($result, 0, "login");
 			}			
 		}		
 	}
--- a/login.php
+++ b/login.php
@ -3,9 +3,18 @@
 	require_once "version.php"; 
 	require_once "config.php";
 	require_once "functions.php";
-	$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
+	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	
-	$_SESSION["name"] = PLACEHOLDER_NAME;
+
 	$login = $_POST["login"];
 	$password = $_POST["password"];
 	if ($login && $password) {
 		if (authenticate_user($link, $login, $password)) {
 			header("Location: tt-rss.php");
 		}
 	}
 ?>
 <html>
@ -20,6 +29,8 @@
 <body>
 <form action="login.php" method="POST">
 <table width='100%' height='100%' class="loginForm">
 	<tr><td align='center' valign='middle'>
@ -35,8 +46,16 @@
 	<tr><td align="right">Password:</td>
 		<td><input type="password" name="password"></td></tr>
 	<tr><td colspan="2" align="center">
 		<input type="submit" class="button" value="Login">
 	</td></tr>
 	</table></td></tr>
 </table>
 </form>
 <? db_close($link); ?>
 </body>
 </html>
--- a/prefs.php
+++ b/prefs.php
@ -8,8 +8,14 @@
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	
-//	$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
+	if (!USE_HTTP_AUTH) {
-//	$_SESSION["name"] = PLACEHOLDER_NAME;
+		if (!$_SESSION["uid"]) {
 			header("Location: login.php");
 			exit;
 		}
 	} else {
 		authenticate_user($link);
 	}
 	initialize_user_prefs($link, $_SESSION["uid"]); 
 	// FIXME this needs to be moved somewhere after user creation
--- a/tt-rss.php
+++ b/tt-rss.php
@ -8,10 +8,14 @@
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	
 	if (!USE_HTTP_AUTH) {
 		if (!$_SESSION["uid"]) {
 			header("Location: login.php");
 			exit;
 		}
 	} else {
 		authenticate_user($link);
-
+	}
 //	$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
 //	$_SESSION["name"] = PLACEHOLDER_NAME;
 	initialize_user_prefs($link, $_SESSION["uid"]); 
 	// FIXME this needs to be moved somewhere after user creation