optional login form/http basic auth support

This commit is contained in:
Andrew Dolgov 2005-11-18 07:21:24 +01:00
parent 1c7f75ed2c
commit c8437f35c6
5 changed files with 61 additions and 18 deletions

View file

@ -13,5 +13,8 @@
define(WEB_DEMO_MODE, false);
define(USE_HTTP_AUTH, false);
// use HTTP Basic authentication
?>

View file

@ -515,8 +515,26 @@
db_query($link, "COMMIT");
}
function authenticate_user($link, $login, $password) {
function authenticate_user($link) {
$pwd_hash = 'SHA1:' . sha1($password);
$result = db_query($link, "SELECT id,login FROM ttrss_users WHERE
login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')");
if (db_num_rows($result) == 1) {
$_SESSION["uid"] = db_fetch_result($result, 0, "id");
$_SESSION["name"] = db_fetch_result($result, 0, "login");
return true;
}
return false;
}
function http_authenticate_user($link) {
if (!$_SERVER['PHP_AUTH_USER']) {
@ -529,16 +547,9 @@
$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
$password = db_escape_string($_SERVER['PHP_AUTH_PW']);
$pwd_hash = 'SHA1:' . sha1($password);
$result = db_query($link, "SELECT id,login FROM ttrss_users WHERE
login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')");
if (db_num_rows($result) == 1) {
$_SESSION["uid"] = db_fetch_result($result, 0, "id");
$_SESSION["name"] = db_fetch_result($result, 0, "login");
}
}
return authenticate_user($link, $login, $password);
}
}
?>

View file

@ -3,9 +3,18 @@
require_once "version.php";
require_once "config.php";
require_once "functions.php";
$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
$_SESSION["name"] = PLACEHOLDER_NAME;
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
$login = $_POST["login"];
$password = $_POST["password"];
if ($login && $password) {
if (authenticate_user($link, $login, $password)) {
header("Location: tt-rss.php");
}
}
?>
<html>
@ -20,6 +29,8 @@
<body>
<form action="login.php" method="POST">
<table width='100%' height='100%' class="loginForm">
<tr><td align='center' valign='middle'>
@ -34,9 +45,17 @@
<td><input name="login"></td></tr>
<tr><td align="right">Password:</td>
<td><input type="password" name="password"></td></tr>
<tr><td colspan="2" align="center">
<input type="submit" class="button" value="Login">
</td></tr>
</table></td></tr>
</table>
</form>
<? db_close($link); ?>
</body>
</html>

View file

@ -8,8 +8,14 @@
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
// $_SESSION["name"] = PLACEHOLDER_NAME;
if (!USE_HTTP_AUTH) {
if (!$_SESSION["uid"]) {
header("Location: login.php");
exit;
}
} else {
authenticate_user($link);
}
initialize_user_prefs($link, $_SESSION["uid"]);
// FIXME this needs to be moved somewhere after user creation

View file

@ -8,10 +8,14 @@
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
authenticate_user($link);
// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
// $_SESSION["name"] = PLACEHOLDER_NAME;
if (!USE_HTTP_AUTH) {
if (!$_SESSION["uid"]) {
header("Location: login.php");
exit;
}
} else {
authenticate_user($link);
}
initialize_user_prefs($link, $_SESSION["uid"]);
// FIXME this needs to be moved somewhere after user creation