optional login form/http basic auth support
This commit is contained in:
parent
1c7f75ed2c
commit
c8437f35c6
5 changed files with 61 additions and 18 deletions
|
@ -13,5 +13,8 @@
|
|||
|
||||
define(WEB_DEMO_MODE, false);
|
||||
|
||||
|
||||
define(USE_HTTP_AUTH, false);
|
||||
// use HTTP Basic authentication
|
||||
?>
|
||||
|
||||
|
|
|
@ -515,8 +515,26 @@
|
|||
db_query($link, "COMMIT");
|
||||
|
||||
}
|
||||
|
||||
function authenticate_user($link, $login, $password) {
|
||||
|
||||
function authenticate_user($link) {
|
||||
$pwd_hash = 'SHA1:' . sha1($password);
|
||||
|
||||
$result = db_query($link, "SELECT id,login FROM ttrss_users WHERE
|
||||
login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')");
|
||||
|
||||
if (db_num_rows($result) == 1) {
|
||||
$_SESSION["uid"] = db_fetch_result($result, 0, "id");
|
||||
$_SESSION["name"] = db_fetch_result($result, 0, "login");
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
|
||||
}
|
||||
|
||||
function http_authenticate_user($link) {
|
||||
|
||||
if (!$_SERVER['PHP_AUTH_USER']) {
|
||||
|
||||
|
@ -529,16 +547,9 @@
|
|||
|
||||
$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
|
||||
$password = db_escape_string($_SERVER['PHP_AUTH_PW']);
|
||||
$pwd_hash = 'SHA1:' . sha1($password);
|
||||
|
||||
$result = db_query($link, "SELECT id,login FROM ttrss_users WHERE
|
||||
login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')");
|
||||
|
||||
if (db_num_rows($result) == 1) {
|
||||
$_SESSION["uid"] = db_fetch_result($result, 0, "id");
|
||||
$_SESSION["name"] = db_fetch_result($result, 0, "login");
|
||||
}
|
||||
}
|
||||
return authenticate_user($link, $login, $password);
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
23
login.php
23
login.php
|
@ -3,9 +3,18 @@
|
|||
|
||||
require_once "version.php";
|
||||
require_once "config.php";
|
||||
require_once "functions.php";
|
||||
|
||||
$_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
|
||||
$_SESSION["name"] = PLACEHOLDER_NAME;
|
||||
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
||||
|
||||
$login = $_POST["login"];
|
||||
$password = $_POST["password"];
|
||||
|
||||
if ($login && $password) {
|
||||
if (authenticate_user($link, $login, $password)) {
|
||||
header("Location: tt-rss.php");
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
<html>
|
||||
|
@ -20,6 +29,8 @@
|
|||
|
||||
<body>
|
||||
|
||||
<form action="login.php" method="POST">
|
||||
|
||||
<table width='100%' height='100%' class="loginForm">
|
||||
|
||||
<tr><td align='center' valign='middle'>
|
||||
|
@ -34,9 +45,17 @@
|
|||
<td><input name="login"></td></tr>
|
||||
<tr><td align="right">Password:</td>
|
||||
<td><input type="password" name="password"></td></tr>
|
||||
|
||||
<tr><td colspan="2" align="center">
|
||||
<input type="submit" class="button" value="Login">
|
||||
</td></tr>
|
||||
|
||||
</table></td></tr>
|
||||
</table>
|
||||
|
||||
</form>
|
||||
|
||||
<? db_close($link); ?>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
|
10
prefs.php
10
prefs.php
|
@ -8,8 +8,14 @@
|
|||
|
||||
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
||||
|
||||
// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
|
||||
// $_SESSION["name"] = PLACEHOLDER_NAME;
|
||||
if (!USE_HTTP_AUTH) {
|
||||
if (!$_SESSION["uid"]) {
|
||||
header("Location: login.php");
|
||||
exit;
|
||||
}
|
||||
} else {
|
||||
authenticate_user($link);
|
||||
}
|
||||
|
||||
initialize_user_prefs($link, $_SESSION["uid"]);
|
||||
// FIXME this needs to be moved somewhere after user creation
|
||||
|
|
12
tt-rss.php
12
tt-rss.php
|
@ -8,10 +8,14 @@
|
|||
|
||||
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
|
||||
|
||||
authenticate_user($link);
|
||||
|
||||
// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
|
||||
// $_SESSION["name"] = PLACEHOLDER_NAME;
|
||||
if (!USE_HTTP_AUTH) {
|
||||
if (!$_SESSION["uid"]) {
|
||||
header("Location: login.php");
|
||||
exit;
|
||||
}
|
||||
} else {
|
||||
authenticate_user($link);
|
||||
}
|
||||
|
||||
initialize_user_prefs($link, $_SESSION["uid"]);
|
||||
// FIXME this needs to be moved somewhere after user creation
|
||||
|
|
Loading…
Reference in a new issue