optional login form/http basic auth support

This commit is contained in:
Andrew Dolgov 2005-11-18 07:21:24 +01:00
parent 1c7f75ed2c
commit c8437f35c6
5 changed files with 61 additions and 18 deletions

View File

@ -13,5 +13,8 @@
define(WEB_DEMO_MODE, false); define(WEB_DEMO_MODE, false);
define(USE_HTTP_AUTH, false);
// use HTTP Basic authentication
?> ?>

View File

@ -515,8 +515,26 @@
db_query($link, "COMMIT"); db_query($link, "COMMIT");
} }
function authenticate_user($link, $login, $password) {
function authenticate_user($link) { $pwd_hash = 'SHA1:' . sha1($password);
$result = db_query($link, "SELECT id,login FROM ttrss_users WHERE
login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')");
if (db_num_rows($result) == 1) {
$_SESSION["uid"] = db_fetch_result($result, 0, "id");
$_SESSION["name"] = db_fetch_result($result, 0, "login");
return true;
}
return false;
}
function http_authenticate_user($link) {
if (!$_SERVER['PHP_AUTH_USER']) { if (!$_SERVER['PHP_AUTH_USER']) {
@ -529,16 +547,9 @@
$login = db_escape_string($_SERVER['PHP_AUTH_USER']); $login = db_escape_string($_SERVER['PHP_AUTH_USER']);
$password = db_escape_string($_SERVER['PHP_AUTH_PW']); $password = db_escape_string($_SERVER['PHP_AUTH_PW']);
$pwd_hash = 'SHA1:' . sha1($password);
$result = db_query($link, "SELECT id,login FROM ttrss_users WHERE return authenticate_user($link, $login, $password);
login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')"); }
if (db_num_rows($result) == 1) {
$_SESSION["uid"] = db_fetch_result($result, 0, "id");
$_SESSION["name"] = db_fetch_result($result, 0, "login");
}
}
} }
?> ?>

View File

@ -3,9 +3,18 @@
require_once "version.php"; require_once "version.php";
require_once "config.php"; require_once "config.php";
require_once "functions.php";
$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
$_SESSION["name"] = PLACEHOLDER_NAME;
$login = $_POST["login"];
$password = $_POST["password"];
if ($login && $password) {
if (authenticate_user($link, $login, $password)) {
header("Location: tt-rss.php");
}
}
?> ?>
<html> <html>
@ -20,6 +29,8 @@
<body> <body>
<form action="login.php" method="POST">
<table width='100%' height='100%' class="loginForm"> <table width='100%' height='100%' class="loginForm">
<tr><td align='center' valign='middle'> <tr><td align='center' valign='middle'>
@ -34,9 +45,17 @@
<td><input name="login"></td></tr> <td><input name="login"></td></tr>
<tr><td align="right">Password:</td> <tr><td align="right">Password:</td>
<td><input type="password" name="password"></td></tr> <td><input type="password" name="password"></td></tr>
<tr><td colspan="2" align="center">
<input type="submit" class="button" value="Login">
</td></tr>
</table></td></tr> </table></td></tr>
</table> </table>
</form>
<? db_close($link); ?>
</body> </body>
</html> </html>

View File

@ -8,8 +8,14 @@
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder if (!USE_HTTP_AUTH) {
// $_SESSION["name"] = PLACEHOLDER_NAME; if (!$_SESSION["uid"]) {
header("Location: login.php");
exit;
}
} else {
authenticate_user($link);
}
initialize_user_prefs($link, $_SESSION["uid"]); initialize_user_prefs($link, $_SESSION["uid"]);
// FIXME this needs to be moved somewhere after user creation // FIXME this needs to be moved somewhere after user creation

View File

@ -8,10 +8,14 @@
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
authenticate_user($link); if (!USE_HTTP_AUTH) {
if (!$_SESSION["uid"]) {
// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder header("Location: login.php");
// $_SESSION["name"] = PLACEHOLDER_NAME; exit;
}
} else {
authenticate_user($link);
}
initialize_user_prefs($link, $_SESSION["uid"]); initialize_user_prefs($link, $_SESSION["uid"]);
// FIXME this needs to be moved somewhere after user creation // FIXME this needs to be moved somewhere after user creation