plugins/auth_remote/init.php

   1 <?php
   2 class Auth_Remote extends Plugin implements IAuthModule {
   3
   4         private $link;
   5         private $host;
   6         private $base;
   7
   8         function about() {
   9                 return array(1.0,
  10                         "Authenticates against remote password (e.g. supplied by Apache)",
  11                         "fox",
  12                         true);
  13         }
  14
  15         function init($host) {
  16                 $this->link = $host->get_link();
  17                 $this->host = $host;
  18                 $this->base = new Auth_Base($this->link);
  19
  20                 $host->add_hook($host::HOOK_AUTH_USER, $this);
  21         }
  22
  23         function get_login_by_ssl_certificate() {
  24                 $cert_serial = db_escape_string($this->link, get_ssl_certificate_id());
  25
  26                 if ($cert_serial) {
  27                         $result = db_query($this->link, "SELECT login FROM ttrss_user_prefs, ttrss_users
  28                                 WHERE pref_name = 'SSL_CERT_SERIAL' AND value = '$cert_serial' AND
  29                                 owner_uid = ttrss_users.id");
  30
  31                         if (db_num_rows($result) != 0) {
  32                                 return db_escape_string($this->link, db_fetch_result($result, 0, "login"));
  33                         }
  34                 }
  35
  36                 return "";
  37         }
  38
  39
  40         function authenticate($login, $password) {
  41                 $try_login = db_escape_string($this->link, $_SERVER["REMOTE_USER"]);
  42
  43                 // php-cgi
  44                 if (!$try_login) $try_login = db_escape_string($this->link, $_SERVER["REDIRECT_REMOTE_USER"]);
  45
  46                 if (!$try_login) $try_login = $this->get_login_by_ssl_certificate();
  47 #               if (!$try_login) $try_login = "test_qqq";
  48
  49                 if ($try_login) {
  50                         $user_id = $this->base->auto_create_user($try_login);
  51
  52                         if ($user_id) {
  53                                 $_SESSION["fake_login"] = $try_login;
  54                                 $_SESSION["fake_password"] = "******";
  55                                 $_SESSION["hide_hello"] = true;
  56                                 $_SESSION["hide_logout"] = true;
  57
  58                                 // LemonLDAP can send user informations via HTTP HEADER
  59                                 if (defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE){
  60                                         // update user name
  61                                         $fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN'];
  62                                         if ($fullname){
  63                                                 $fullname = db_escape_string($this->link, $fullname);
  64                                                 db_query($this->link, "UPDATE ttrss_users SET full_name = '$fullname' WHERE id = " .
  65                                                         $user_id);
  66                                         }
  67                                         // update user mail
  68                                         $email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL'];
  69                                         if ($email){
  70                                                 $email = db_escape_string($this->link, $email);
  71                                                 db_query($this->link, "UPDATE ttrss_users SET email = '$email' WHERE id = " .
  72                                                         $user_id);
  73                                         }
  74                                 }
  75
  76                                 return $user_id;
  77                         }
  78                 }
  79
  80                 return false;
  81         }
  82 }
  83
  84 ?>