blallo/tt-rss
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

some http auth fixes

Browse source
This commit is contained in:
Andrew Dolgov 2005-11-23 14:52:02 +01:00
parent 81dde650b6
commit f557cd78ff
3 changed files with 63 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
functions.php
View file

@ -606,6 +606,8 @@
db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
$_SESSION["uid"]); $_SESSION["uid"]);
initialize_user_prefs($link, $_SESSION["uid"]);
return true; return true;
} }
@ -613,27 +615,6 @@
} }
function http_authenticate_user($link, $force_logout) {
if (!$_SERVER['PHP_AUTH_USER'] || $force_logout) {
if ($force_logout) logout_user();
header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"');
header('HTTP/1.0 401 Unauthorized');
print "<h1>401 Unathorized</h1>";
exit;
} else {
$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
$password = db_escape_string($_SERVER['PHP_AUTH_PW']);
return authenticate_user($link, $login, $password);
}
}
function make_password($length = 8) { function make_password($length = 8) {
$password = ""; $password = "";
@ -672,9 +653,6 @@
} }
function logout_user() { function logout_user() {
$_SESSION["uid"] = null;
$_SESSION["name"] = null;
$_SESSION["access_level"] = null;
session_destroy(); session_destroy();
} }
@ -687,8 +665,23 @@
exit; exit;
} }
} else { } else {
if (!http_authenticate_user($link, false)) { if (!$_SESSION["uid"]) {
if (!$_SERVER["PHP_AUTH_USER"]) {
header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"');
header('HTTP/1.0 401 Unauthorized');
exit; exit;
} else {
$auth_result = authenticate_user($link,
$_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"]);
if (!$auth_result) {
header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"');
header('HTTP/1.0 401 Unauthorized');
exit;
}
}
} }
} }
} else { } else {

26
logout.php
View file

@ -8,7 +8,25 @@
if (!USE_HTTP_AUTH) { if (!USE_HTTP_AUTH) {
header("Location: login.php"); header("Location: login.php");
} else { } else { ?>
header("Location: tt-rss.php");
} <html>
?> <head>
<title>Tiny Tiny RSS : Logout</title>
<link rel="stylesheet" type="text/css" href="tt-rss.css">
<body class="logoutBody">
<div class="logoutContent">
<h1>You have been logged out.</h1>
<p><span class="logoutWarning">Warning:</span>
As there is no way to reliably clear HTTP Authentication
credentials from your browser, it is recommended for you to close
this browser window, otherwise your browser could automatically
authenticate again using previously supplied credentials, which
is a security risk.</p>
</div>
</body>
</html>
<? } ?>

20
tt-rss.css
View file

@ -636,3 +636,23 @@ span.insensitive {
div.prefGenericAddBox { div.prefGenericAddBox {
margin : 5px; margin : 5px;
} }
body.logoutBody {
background-color : #f0f0f0;
color : black;
}
span.logoutWarning {
color : red;
font-weight : bold;
}
div.logoutContent {
width : 600px;
border : 1px solid #c0c0c0;
background-color : white;
margin-left : auto;
margin-right : auto;
margin-top : 20px;
padding : 10px;
}