optional login form/http basic auth support

2005-11-18 07:21:24 +01:00 · 2005-11-18 07:21:24 +01:00 · c8437f35c6
parent 1c7f75ed2c
commit c8437f35c6
5 changed files with 61 additions and 18 deletions
--- a/config.php-dist
+++ b/config.php-dist
@ -13,5 +13,8 @@
 	
 	define(WEB_DEMO_MODE, false);

+
+	define(USE_HTTP_AUTH, false);
+	// use HTTP Basic authentication
 ?>

--- a/functions.php
+++ b/functions.php
@ -516,7 +516,25 @@

 	}
 	
-	function authenticate_user($link) {
+	function authenticate_user($link, $login, $password) {
+
+		$pwd_hash = 'SHA1:' . sha1($password);
+
+		$result = db_query($link, "SELECT id,login FROM ttrss_users WHERE 
+			login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')");
+
+		if (db_num_rows($result) == 1) {
+			$_SESSION["uid"] = db_fetch_result($result, 0, "id");
+			$_SESSION["name"] = db_fetch_result($result, 0, "login");
+
+			return true;
+		}
+
+		return false;
+
+	}
+
+	function http_authenticate_user($link) {

 		if (!$_SERVER['PHP_AUTH_USER']) {

@ -529,15 +547,8 @@

 			$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
 			$password = db_escape_string($_SERVER['PHP_AUTH_PW']);
-			$pwd_hash = 'SHA1:' . sha1($password);

-			$result = db_query($link, "SELECT id,login FROM ttrss_users WHERE 
-				login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')");
-
-			if (db_num_rows($result) == 1) {
-				$_SESSION["uid"] = db_fetch_result($result, 0, "id");
-				$_SESSION["name"] = db_fetch_result($result, 0, "login");
-			}			
+			return authenticate_user($link, $login, $password);
 		}		
 	}

--- a/login.php
+++ b/login.php
@ -3,9 +3,18 @@

 	require_once "version.php"; 
 	require_once "config.php";
+	require_once "functions.php";

-	$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
-	$_SESSION["name"] = PLACEHOLDER_NAME;
+	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	
+
+	$login = $_POST["login"];
+	$password = $_POST["password"];
+
+	if ($login && $password) {
+		if (authenticate_user($link, $login, $password)) {
+			header("Location: tt-rss.php");
+		}
+	}

 ?>
 <html>
@ -20,6 +29,8 @@

 <body>

+<form action="login.php" method="POST">
+
 <table width='100%' height='100%' class="loginForm">

 	<tr><td align='center' valign='middle'>
@ -35,8 +46,16 @@
 	<tr><td align="right">Password:</td>
 		<td><input type="password" name="password"></td></tr>

+	<tr><td colspan="2" align="center">
+		<input type="submit" class="button" value="Login">
+	</td></tr>
+	
 	</table></td></tr>
 </table>

+</form>
+
+<? db_close($link); ?>
+
 </body>
 </html>
--- a/prefs.php
+++ b/prefs.php
@ -8,8 +8,14 @@

 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	

-//	$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
-//	$_SESSION["name"] = PLACEHOLDER_NAME;
+	if (!USE_HTTP_AUTH) {
+		if (!$_SESSION["uid"]) {
+			header("Location: login.php");
+			exit;
+		}
+	} else {
+		authenticate_user($link);
+	}

 	initialize_user_prefs($link, $_SESSION["uid"]); 
 	// FIXME this needs to be moved somewhere after user creation
--- a/tt-rss.php
+++ b/tt-rss.php
@ -8,10 +8,14 @@

 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	

+	if (!USE_HTTP_AUTH) {
+		if (!$_SESSION["uid"]) {
+			header("Location: login.php");
+			exit;
+		}
+	} else {
 		authenticate_user($link);
-
-//	$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
-//	$_SESSION["name"] = PLACEHOLDER_NAME;
+	}

 	initialize_user_prefs($link, $_SESSION["uid"]); 
 	// FIXME this needs to be moved somewhere after user creation