]>
Commit | Line | Data |
---|---|---|
0d421af8 | 1 | <?php |
0f28f81f AD |
2 | class Auth_Remote extends Plugin implements IAuthModule { |
3 | ||
0f28f81f AD |
4 | private $host; |
5 | private $base; | |
6 | ||
7 | function about() { | |
8 | return array(1.0, | |
9 | "Authenticates against remote password (e.g. supplied by Apache)", | |
10 | "fox", | |
11 | true); | |
12 | } | |
13 | ||
a0ed0d38 | 14 | function init($host) { |
0f28f81f | 15 | $this->host = $host; |
a0ed0d38 | 16 | $this->base = new Auth_Base(); |
0f28f81f AD |
17 | |
18 | $host->add_hook($host::HOOK_AUTH_USER, $this); | |
19 | } | |
20 | ||
0d421af8 | 21 | function get_login_by_ssl_certificate() { |
6322ac79 | 22 | $cert_serial = db_escape_string( get_ssl_certificate_id()); |
0d421af8 AD |
23 | |
24 | if ($cert_serial) { | |
6322ac79 | 25 | $result = db_query( "SELECT login FROM ttrss_user_prefs, ttrss_users |
0d421af8 AD |
26 | WHERE pref_name = 'SSL_CERT_SERIAL' AND value = '$cert_serial' AND |
27 | owner_uid = ttrss_users.id"); | |
28 | ||
29 | if (db_num_rows($result) != 0) { | |
6322ac79 | 30 | return db_escape_string( db_fetch_result($result, 0, "login")); |
0d421af8 AD |
31 | } |
32 | } | |
33 | ||
34 | return ""; | |
35 | } | |
36 | ||
37 | ||
38 | function authenticate($login, $password) { | |
6322ac79 | 39 | $try_login = db_escape_string( $_SERVER["REMOTE_USER"]); |
0d421af8 | 40 | |
23923ca7 | 41 | // php-cgi |
6322ac79 | 42 | if (!$try_login) $try_login = db_escape_string( $_SERVER["REDIRECT_REMOTE_USER"]); |
23923ca7 | 43 | |
0d421af8 AD |
44 | if (!$try_login) $try_login = $this->get_login_by_ssl_certificate(); |
45 | # if (!$try_login) $try_login = "test_qqq"; | |
46 | ||
47 | if ($try_login) { | |
0f28f81f | 48 | $user_id = $this->base->auto_create_user($try_login); |
0d421af8 AD |
49 | |
50 | if ($user_id) { | |
51 | $_SESSION["fake_login"] = $try_login; | |
52 | $_SESSION["fake_password"] = "******"; | |
53 | $_SESSION["hide_hello"] = true; | |
54 | $_SESSION["hide_logout"] = true; | |
55 | ||
56 | // LemonLDAP can send user informations via HTTP HEADER | |
57 | if (defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE){ | |
58 | // update user name | |
59 | $fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN']; | |
60 | if ($fullname){ | |
6322ac79 AD |
61 | $fullname = db_escape_string( $fullname); |
62 | db_query( "UPDATE ttrss_users SET full_name = '$fullname' WHERE id = " . | |
0d421af8 AD |
63 | $user_id); |
64 | } | |
65 | // update user mail | |
66 | $email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL']; | |
67 | if ($email){ | |
6322ac79 AD |
68 | $email = db_escape_string( $email); |
69 | db_query( "UPDATE ttrss_users SET email = '$email' WHERE id = " . | |
0d421af8 AD |
70 | $user_id); |
71 | } | |
72 | } | |
73 | ||
74 | return $user_id; | |
75 | } | |
76 | } | |
77 | ||
78 | return false; | |
79 | } | |
80 | } | |
81 | ||
82 | ?> |