[tt-rss.git] / plugins / auth_remote / init.php

<?php
class Auth_Remote extends Plugin implements IAuthModule {

	private $link;
	private $host;
	private $base;

	function about() {
		return array(1.0,
			"Authenticates against remote password (e.g. supplied by Apache)",
			"fox",
			true);
	}

	function init($host) {
		$this->link = $host->get_link();
		$this->host = $host;
		$this->base = new Auth_Base($this->link);

		$host->add_hook($host::HOOK_AUTH_USER, $this);
	}

	function get_login_by_ssl_certificate() {
		$cert_serial = db_escape_string($this->link, get_ssl_certificate_id());

		if ($cert_serial) {
			$result = db_query($this->link, "SELECT login FROM ttrss_user_prefs, ttrss_users
				WHERE pref_name = 'SSL_CERT_SERIAL' AND value = '$cert_serial' AND
				owner_uid = ttrss_users.id");

			if (db_num_rows($result) != 0) {
				return db_escape_string($this->link, db_fetch_result($result, 0, "login"));
			}
		}

		return "";
	}


	function authenticate($login, $password) {
		$try_login = db_escape_string($this->link, $_SERVER["REMOTE_USER"]);

		// php-cgi
		if (!$try_login) $try_login = db_escape_string($this->link, $_SERVER["REDIRECT_REMOTE_USER"]);

		if (!$try_login) $try_login = $this->get_login_by_ssl_certificate();
#	  	if (!$try_login) $try_login = "test_qqq";

		if ($try_login) {
			$user_id = $this->base->auto_create_user($try_login);

			if ($user_id) {
				$_SESSION["fake_login"] = $try_login;
				$_SESSION["fake_password"] = "******";
				$_SESSION["hide_hello"] = true;
				$_SESSION["hide_logout"] = true;

				// LemonLDAP can send user informations via HTTP HEADER
				if (defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE){
					// update user name
					$fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN'];
					if ($fullname){
						$fullname = db_escape_string($this->link, $fullname);
						db_query($this->link, "UPDATE ttrss_users SET full_name = '$fullname' WHERE id = " .
							$user_id);
					}
					// update user mail
					$email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL'];
					if ($email){
						$email = db_escape_string($this->link, $email);
						db_query($this->link, "UPDATE ttrss_users SET email = '$email' WHERE id = " .
							$user_id);
					}
				}

				return $user_id;
			}
		}

		return false;
	}
}

?>
Commit	Line	Data
0d421af8	1	<?php
0f28f81f AD	2	class Auth_Remote extends Plugin implements IAuthModule {
	3
	4	private $link;
	5	private $host;
	6	private $base;
	7
	8	function about() {
	9	return array(1.0,
	10	"Authenticates against remote password (e.g. supplied by Apache)",
	11	"fox",
	12	true);
	13	}
	14
	15	function init($host) {
	16	$this->link = $host->get_link();
	17	$this->host = $host;
	18	$this->base = new Auth_Base($this->link);
	19
	20	$host->add_hook($host::HOOK_AUTH_USER, $this);
	21	}
	22
0d421af8	23	function get_login_by_ssl_certificate() {
3972bf59	24	$cert_serial = db_escape_string($this->link, get_ssl_certificate_id());
0d421af8 AD	25
	26	if ($cert_serial) {
	27	$result = db_query($this->link, "SELECT login FROM ttrss_user_prefs, ttrss_users
	28	WHERE pref_name = 'SSL_CERT_SERIAL' AND value = '$cert_serial' AND
	29	owner_uid = ttrss_users.id");
	30
	31	if (db_num_rows($result) != 0) {
3972bf59	32	return db_escape_string($this->link, db_fetch_result($result, 0, "login"));
0d421af8 AD	33	}
	34	}
	35
	36	return "";
	37	}
	38
	39
	40	function authenticate($login, $password) {
3972bf59	41	$try_login = db_escape_string($this->link, $_SERVER["REMOTE_USER"]);
0d421af8	42
23923ca7	43	// php-cgi
3972bf59	44	if (!$try_login) $try_login = db_escape_string($this->link, $_SERVER["REDIRECT_REMOTE_USER"]);
23923ca7	45
0d421af8 AD	46	if (!$try_login) $try_login = $this->get_login_by_ssl_certificate();
	47	# if (!$try_login) $try_login = "test_qqq";
	48
	49	if ($try_login) {
0f28f81f	50	$user_id = $this->base->auto_create_user($try_login);
0d421af8 AD	51
	52	if ($user_id) {
	53	$_SESSION["fake_login"] = $try_login;
	54	$_SESSION["fake_password"] = "******";
	55	$_SESSION["hide_hello"] = true;
	56	$_SESSION["hide_logout"] = true;
	57
	58	// LemonLDAP can send user informations via HTTP HEADER
	59	if (defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE){
	60	// update user name
	61	$fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN'];
	62	if ($fullname){
3972bf59	63	$fullname = db_escape_string($this->link, $fullname);
0d421af8 AD	64	db_query($this->link, "UPDATE ttrss_users SET full_name = '$fullname' WHERE id = " .
	65	$user_id);
	66	}
	67	// update user mail
	68	$email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL'];
	69	if ($email){
3972bf59	70	$email = db_escape_string($this->link, $email);
0d421af8 AD	71	db_query($this->link, "UPDATE ttrss_users SET email = '$email' WHERE id = " .
	72	$user_id);
	73	}
	74	}
	75
	76	return $user_id;
	77	}
	78	}
	79
	80	return false;
	81	}
	82	}
	83
	84	?>