Home Explore Help
Register Sign In
blallo
/
tt-rss
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: b14f6d58b4
Branches Tags
tt-rss
/
plugins
/
auth_remote
/
init.php

init.php 2.2 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788 
  1. <?php
    2. 

  2. class Auth_Remote extends Plugin implements IAuthModule {
    3. 

  3. 

  4. 	private $host;
    5. 

  5. 	/* @var Auth_Base $base */
    6. 

  6. 	private $base;
    7. 

  7. 

  8. 	function about() {
    9. 

  9. 		return array(1.0,
    10. 

  10. 			"Authenticates against remote password (e.g. supplied by Apache)",
    11. 

  11. 			"fox",
    12. 

  12. 			true);
    13. 

  13. 	}
    14. 

  14. 

  15. 	/* @var PluginHost $host */
    16. 

  16. 	function init($host ) {
    17. 

  17. 		$this->host = $host;
    18. 

  18. 		$this->base = new Auth_Base();
    19. 

  19. 

  20. 		$host->add_hook($host::HOOK_AUTH_USER, $this);
    21. 

  21. 	}
    22. 

  22. 

  23. 	function get_login_by_ssl_certificate() {
    24. 

  24. 		$cert_serial = get_ssl_certificate_id();
    25. 

  25. 

  26. 		if ($cert_serial) {
    27. 

  27. 			$sth = $this->pdo->prepare("SELECT login FROM ttrss_user_prefs, ttrss_users
    28. 

  28. 				WHERE pref_name = 'SSL_CERT_SERIAL' AND value = ? AND
    29. 

  29. 				owner_uid = ttrss_users.id");
    30. 

  30. 			$sth->execute([$cert_serial]);
    31. 

  31. 

  32. 			if ($row = $sth->fetch()) {
    33. 

  33. 				return $row['login'];
    34. 

  34. 			}
    35. 

  35. 		}
    36. 

  36. 

  37. 		return "";
    38. 

  38. 	}
    39. 

  39. 

  40. 	/**
    41. 

  41. 	 * @SuppressWarnings(PHPMD.UnusedFormalParameter)
    42. 

  42. 	 */
    43. 

  43. 	function authenticate($login, $password) {
    44. 

  44. 		$try_login = $_SERVER["REMOTE_USER"];
    45. 

  45. 

  46. 		// php-cgi
    47. 

  47. 		if (!$try_login) $try_login = $_SERVER["REDIRECT_REMOTE_USER"];
    48. 

  48. 		if (!$try_login) $try_login = $_SERVER["PHP_AUTH_USER"];
    49. 

  49. 

  50. 		if (!$try_login) $try_login = $this->get_login_by_ssl_certificate();
    51. 

  51. 

  52. 		if ($try_login) {
    53. 

  53. 			$user_id = $this->base->auto_create_user($try_login, $password);
    54. 

  54. 

  55. 			if ($user_id) {
    56. 

  56. 				$_SESSION["fake_login"] = $try_login;
    57. 

  57. 				$_SESSION["fake_password"] = "******";
    58. 

  58. 				$_SESSION["hide_hello"] = true;
    59. 

  59. 				$_SESSION["hide_logout"] = true;
    60. 

  60. 

  61. 				// LemonLDAP can send user informations via HTTP HEADER
    62. 

  62. 				if (defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE){
    63. 

  63. 					// update user name
    64. 

  64. 					$fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN'];
    65. 

  65. 					if ($fullname){
    66. 

  66. 						$sth = $this->pdo->prepare("UPDATE ttrss_users SET full_name = ? WHERE id = ?");
    67. 

  67. 						$sth->execute([$fullname, $user_id]);
    68. 

  68. 					}
    69. 

  69. 					// update user mail
    70. 

  70. 					$email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL'];
    71. 

  71. 					if ($email){
    72. 

  72. 						$sth = $this->pdo->prepare("UPDATE ttrss_users SET email = ? WHERE id = ?");
    73. 

  73. 						$sth->execute([$email, $user_id]);
    74. 

  74. 					}
    75. 

  75. 				}
    76. 

  76. 

  77. 				return $user_id;
    78. 

  78. 			}
    79. 

  79. 		}
    80. 

  80. 

  81. 		return false;
    82. 

  82. 	}
    83. 

  83. 

  84. 	function api_version() {
    85. 

  85. 		return 2;
    86. 

  86. 	}
    87. 

  87. 

  88. }
    89.