logout location is configurable

Useful for installations where you want to "cascade" logout to a central
authentication system

classes/handler/public.php

@@ -263,7 +263,11 @@ class Handler_Public extends Handler {
 
 	function logout() {
 		logout_user();
-		header("Location: index.php");
+		$location = 'index.php';
+		if(defined('LOGOUT_LOCATION')) {
+			$location = LOGOUT_LOCATION;
+		}
+		header("Location: $location");
 	}
 
 	function share() {

config.php-dist

@@ -90,6 +90,10 @@
 	// If set to true, users won't be able to set application language
 	// and settings profile.
 
+    define ('LOGIN_LOCATION', 'index.php');
+    // When a user logs out, redirect to this location. This is useful when you have some central
+    // authentication system, and you want to reach the main logout page
+
 	// *********************
 	// *** Feed settings ***
 	// *********************

plugins/auth_proxy/init.php

@@ -0,0 +1,89 @@
+<?php
+class Auth_Proxy extends Plugin implements IAuthModule {
+
+	private $host;
+	/* @var Auth_Base $base */
+	private $base;
+
+	function about() {
+		return array(1.0,
+			"Trust proxy X-Forwarded-User. May be dangerous, see doc",
+			"boyska",
+			true);
+	}
+
+	/* @var PluginHost $host */
+	function init($host ) {
+		$this->host = $host;
+		$this->base = new Auth_Base();
+
+		$host->add_hook($host::HOOK_AUTH_USER, $this);
+	}
+
+	/*
+	 * is_whitelisted check if an IP is whitelisted by defined values in config.php
+	 * it will check by-IP and by-NAME
+	 * currently, only exact IP is supported (no cidr, no wildcard); this is a TODO
+	 * check by 
+	 */
+	private function is_whitelisted($client_ip) {
+		if(!defined('AUTHPROXY_WHITELIST_IP') && !defined('AUTHPROXY_WHITELIST_NAME')) {
+			// TODO: send a warning: this is a misconfiguration!
+			return false;
+		}
+		if(defined('AUTHPROXY_WHITELIST_IP')) {
+			$whitelist = explode(' ', AUTHPROXY_WHITELIST_IP);
+			foreach($whitelist as $w_ip) {
+				if($client_ip === $w_ip) {
+					return true;
+				}
+			}
+		}
+		if(defined('AUTHPROXY_WHITELIST_NAME')) {
+			$whitelist = explode(' ', AUTHPROXY_WHITELIST_NAME);
+			foreach($whitelist as $w_name) {
+				foreach(gethostbynamel($w_name) as $w_ip) {
+					if($client_ip === $w_ip) {
+						return true;
+					}
+				}
+			}
+		}
+		return false;
+	}
+
+	/**
+	 * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+	 */
+	function authenticate($login, $password) {
+		$client_ip = $_SERVER['REMOTE_ADDR'];
+		if($this->is_whitelisted($client_ip) === false) {
+			return false;
+		}
+
+		if(!array_key_exists("HTTP_X_FORWARDED_USER", $_SERVER)) {
+			return false;
+		}
+		$try_login = $_SERVER["HTTP_X_FORWARDED_USER"];
+
+		if ($try_login) {
+			$user_id = $this->base->auto_create_user($try_login, $password);
+
+			if ($user_id) {
+				$_SESSION["fake_login"] = $try_login;
+				$_SESSION["fake_password"] = "******";
+				$_SESSION["hide_hello"] = true;
+				$_SESSION["hide_logout"] = true;
+
+				return $user_id;
+			}
+		}
+
+		return false;
+	}
+
+	function api_version() {
+		return 2;
+	}
+
+}