From f557cd78ff5d9fba54eb2e660a2a5fa512b0bd90 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Wed, 23 Nov 2005 14:52:02 +0100 Subject: [PATCH] some http auth fixes --- functions.php | 49 +++++++++++++++++++++---------------------------- logout.php | 26 ++++++++++++++++++++++---- tt-rss.css | 20 ++++++++++++++++++++ 3 files changed, 63 insertions(+), 32 deletions(-) diff --git a/functions.php b/functions.php index 410c76eac..4ba7da748 100644 --- a/functions.php +++ b/functions.php @@ -606,6 +606,8 @@ db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]); + initialize_user_prefs($link, $_SESSION["uid"]); + return true; } @@ -613,27 +615,6 @@ } - function http_authenticate_user($link, $force_logout) { - - if (!$_SERVER['PHP_AUTH_USER'] || $force_logout) { - - if ($force_logout) logout_user(); - - header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"'); - header('HTTP/1.0 401 Unauthorized'); - print "

401 Unathorized

"; - - exit; - - } else { - - $login = db_escape_string($_SERVER['PHP_AUTH_USER']); - $password = db_escape_string($_SERVER['PHP_AUTH_PW']); - - return authenticate_user($link, $login, $password); - } - } - function make_password($length = 8) { $password = ""; @@ -672,10 +653,7 @@ } function logout_user() { - $_SESSION["uid"] = null; - $_SESSION["name"] = null; - $_SESSION["access_level"] = null; - session_destroy(); + session_destroy(); } function login_sequence($link) { @@ -687,9 +665,24 @@ exit; } } else { - if (!http_authenticate_user($link, false)) { - exit; - } + if (!$_SESSION["uid"]) { + if (!$_SERVER["PHP_AUTH_USER"]) { + + header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"'); + header('HTTP/1.0 401 Unauthorized'); + exit; + + } else { + $auth_result = authenticate_user($link, + $_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"]); + + if (!$auth_result) { + header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"'); + header('HTTP/1.0 401 Unauthorized'); + exit; + } + } + } } } else { $_SESSION["uid"] = 1; diff --git a/logout.php b/logout.php index 7757689dc..9af2bab61 100644 --- a/logout.php +++ b/logout.php @@ -8,7 +8,25 @@ if (!USE_HTTP_AUTH) { header("Location: login.php"); - } else { - header("Location: tt-rss.php"); - } -?> + } else { ?> + + + + Tiny Tiny RSS : Logout + + +
+ +

You have been logged out.

+ +

Warning: + As there is no way to reliably clear HTTP Authentication + credentials from your browser, it is recommended for you to close + this browser window, otherwise your browser could automatically + authenticate again using previously supplied credentials, which + is a security risk.

+ +
+ + + diff --git a/tt-rss.css b/tt-rss.css index 20e4d546c..aa40c7ea5 100644 --- a/tt-rss.css +++ b/tt-rss.css @@ -636,3 +636,23 @@ span.insensitive { div.prefGenericAddBox { margin : 5px; } + +body.logoutBody { + background-color : #f0f0f0; + color : black; +} + +span.logoutWarning { + color : red; + font-weight : bold; +} + +div.logoutContent { + width : 600px; + border : 1px solid #c0c0c0; + background-color : white; + margin-left : auto; + margin-right : auto; + margin-top : 20px; + padding : 10px; +}