]>
Commit | Line | Data |
---|---|---|
0d421af8 | 1 | <?php |
0f28f81f AD |
2 | class Auth_Remote extends Plugin implements IAuthModule { |
3 | ||
4 | private $link; | |
5 | private $host; | |
6 | private $base; | |
7 | ||
8 | function about() { | |
9 | return array(1.0, | |
10 | "Authenticates against remote password (e.g. supplied by Apache)", | |
11 | "fox", | |
12 | true); | |
13 | } | |
14 | ||
15 | function init($host) { | |
16 | $this->link = $host->get_link(); | |
17 | $this->host = $host; | |
18 | $this->base = new Auth_Base($this->link); | |
19 | ||
20 | $host->add_hook($host::HOOK_AUTH_USER, $this); | |
21 | } | |
22 | ||
0d421af8 | 23 | function get_login_by_ssl_certificate() { |
3972bf59 | 24 | $cert_serial = db_escape_string($this->link, get_ssl_certificate_id()); |
0d421af8 AD |
25 | |
26 | if ($cert_serial) { | |
27 | $result = db_query($this->link, "SELECT login FROM ttrss_user_prefs, ttrss_users | |
28 | WHERE pref_name = 'SSL_CERT_SERIAL' AND value = '$cert_serial' AND | |
29 | owner_uid = ttrss_users.id"); | |
30 | ||
31 | if (db_num_rows($result) != 0) { | |
3972bf59 | 32 | return db_escape_string($this->link, db_fetch_result($result, 0, "login")); |
0d421af8 AD |
33 | } |
34 | } | |
35 | ||
36 | return ""; | |
37 | } | |
38 | ||
39 | ||
40 | function authenticate($login, $password) { | |
3972bf59 | 41 | $try_login = db_escape_string($this->link, $_SERVER["REMOTE_USER"]); |
0d421af8 | 42 | |
23923ca7 | 43 | // php-cgi |
3972bf59 | 44 | if (!$try_login) $try_login = db_escape_string($this->link, $_SERVER["REDIRECT_REMOTE_USER"]); |
23923ca7 | 45 | |
0d421af8 AD |
46 | if (!$try_login) $try_login = $this->get_login_by_ssl_certificate(); |
47 | # if (!$try_login) $try_login = "test_qqq"; | |
48 | ||
49 | if ($try_login) { | |
0f28f81f | 50 | $user_id = $this->base->auto_create_user($try_login); |
0d421af8 AD |
51 | |
52 | if ($user_id) { | |
53 | $_SESSION["fake_login"] = $try_login; | |
54 | $_SESSION["fake_password"] = "******"; | |
55 | $_SESSION["hide_hello"] = true; | |
56 | $_SESSION["hide_logout"] = true; | |
57 | ||
58 | // LemonLDAP can send user informations via HTTP HEADER | |
59 | if (defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE){ | |
60 | // update user name | |
61 | $fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN']; | |
62 | if ($fullname){ | |
3972bf59 | 63 | $fullname = db_escape_string($this->link, $fullname); |
0d421af8 AD |
64 | db_query($this->link, "UPDATE ttrss_users SET full_name = '$fullname' WHERE id = " . |
65 | $user_id); | |
66 | } | |
67 | // update user mail | |
68 | $email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL']; | |
69 | if ($email){ | |
3972bf59 | 70 | $email = db_escape_string($this->link, $email); |
0d421af8 AD |
71 | db_query($this->link, "UPDATE ttrss_users SET email = '$email' WHERE id = " . |
72 | $user_id); | |
73 | } | |
74 | } | |
75 | ||
76 | return $user_id; | |
77 | } | |
78 | } | |
79 | ||
80 | return false; | |
81 | } | |
82 | } | |
83 | ||
84 | ?> |