<p>Error: Not logged in.</p>
<script type=\"text/javascript\">
if (parent.window != 'undefined') {
- parent.window.location = \"login.php\";
+ parent.window.location = \"tt-rss.php\";
} else {
- window.location = \"login.php\";
+ window.location = \"tt-rss.php\";
}
</script>
</body></html>
define('ICONS_URL', "icons");
// Local and URL path to the directory, where feed favicons are stored.
- define('USE_HTTP_AUTH', false);
- // Use HTTP Basic authentication instead of login form. Has some problems.
-
define('SINGLE_USER_MODE', true);
// Operate in single user mode, disables all functionality related to
// multiple users.
define('GLOBAL_ENABLE_LABELS', false);
// Labels are a security risk, so this option can globally disable them for all users.
- define('ENABLE_LOGIN_SSL', false);
- // Redirect to SSL url for login
-
define('MAIL_RESET_PASS', true);
// Send mail to user on password reset
// If update daemon and update_feeds should send digests
// Disable if you prefer querying special URL (see wiki)
- define('CONFIG_VERSION', 5);
+ define('CONFIG_VERSION', 6);
// Expected config version. Please update this option in config.php
// if necessary (after migrating all new options from this file).
return obj.readyState == 4 || obj.readyState == 0 || !obj.readyState;
}
+function logout_callback() {
+ var container = document.getElementById('notify');
+ if (xmlhttp.readyState == 4) {
+ try {
+ window.location.reload(true);
+ } catch (e) {
+ exception_error("logout_callback", e);
+ }
+ }
+}
+
function notify_callback() {
var container = document.getElementById('notify');
if (xmlhttp.readyState == 4) {
try {
if (code == 6) {
- window.location.href = "login.php?rt=none";
+ //window.location.href = "login.php?rt=none";
} else if (code == 5) {
window.location.href = "update.php";
} else {
function explainError(code) {
return displayDlg("explainError", code);
}
+
+function logoutUser() {
+ try {
+ if (xmlhttp_ready(xmlhttp_rpc)) {
+ xmlhttp_rpc.open("GET", "backend.php?op=rpc&subop=logout", true);
+ xmlhttp_rpc.onreadystatechange=logout_callback;
+ xmlhttp_rpc.send(null);
+ } else {
+ printLockingError();
+ }
+ } catch (e) {
+ exception_error("logoutUser", e);
+ }
+}
return preg_replace('/\/[^\/]*$/', "", $_SERVER["REQUEST_URI"]);
}
- function get_login_redirect() {
- $server = $_SERVER["SERVER_NAME"];
-
- if (ENABLE_LOGIN_SSL) {
- $protocol = "https";
- } else {
- $protocol = "http";
- }
-
- $url_path = get_script_urlpath();
-
- $redirect_uri = "$protocol://$server$url_path/login.php";
-
- return $redirect_uri;
- }
-
function validate_session($link) {
if (SESSION_CHECK_ADDRESS && $_SESSION["uid"]) {
if ($_SESSION["ip_address"]) {
return true;
}
- function basic_nosid_redirect_check() {
- if (!SINGLE_USER_MODE) {
- if (!$_COOKIE[get_session_cookie_name()]) {
- $redirect_uri = get_login_redirect();
- $return_to = preg_replace('/.*?\//', '', $_SERVER["REQUEST_URI"]);
- header("Location: $redirect_uri?rt=$return_to");
- exit;
- }
- }
- }
-
function login_sequence($link) {
if (!SINGLE_USER_MODE) {
if (!validate_session($link)) {
logout_user();
- $redirect_uri = get_login_redirect();
- $return_to = preg_replace('/.*?\//', '', $_SERVER["REQUEST_URI"]);
- header("Location: $redirect_uri?rt=$return_to");
+ render_login_form($link);
exit;
}
- if (!USE_HTTP_AUTH) {
- if (!$_SESSION["uid"]) {
- $redirect_uri = get_login_redirect();
- $return_to = preg_replace('/.*?\//', '', $_SERVER["REQUEST_URI"]);
- header("Location: $redirect_uri?rt=$return_to");
- exit;
- }
- } else {
- if (!$_SESSION["uid"]) {
- if (!$_SERVER["PHP_AUTH_USER"]) {
+ $login_action = $_POST["login_action"];
- header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"');
- header('HTTP/1.0 401 Unauthorized');
- exit;
-
- } else {
- $auth_result = authenticate_user($link,
- $_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"]);
+ # try to authenticate user if called from login form
+ if ($login_action == "do_login") {
+ $login = $_POST["login"];
+ $password = $_POST["password"];
- if (!$auth_result) {
- header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"');
- header('HTTP/1.0 401 Unauthorized');
- exit;
- }
- }
- }
+ if (authenticate_user($link, $login, $password)) {
+ $_POST["password"] = "";
+ return;
+ }
+ }
+
+ if (!$_SESSION["uid"]) {
+ render_login_form($link);
+ exit;
}
} else {
return authenticate_user($link, "admin", null);
return true;
}
+ function render_login_form($link) {
+ require_once "login_form.php";
+ }
+
?>
+++ /dev/null
-<?php
-// require_once "sessions.php";
-
- require_once "sanity_check.php";
- require_once "version.php";
- require_once "config.php";
- require_once "functions.php";
-
- $error_msg = "";
-
- $url_path = get_script_urlpath();
- $return_to = $_REQUEST["rt"];
-
- if (ENABLE_LOGIN_SSL) {
- $redirect_base = "https://" . $_SERVER["SERVER_NAME"] . $url_path;
- } else {
- $redirect_base = "http://" . $_SERVER["SERVER_NAME"] . $url_path;
- }
-
- if (SINGLE_USER_MODE && $return_to != "none") {
- header("Location: $redirect_base/tt-rss.php");
- exit;
- }
-
- $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
-
- $login = $_POST["login"];
- $password = $_POST["password"];
- $action = $_POST["action"];
-
- if ($_COOKIE[get_session_cookie_name()] && $return_to != "none") {
- require_once "sessions.php";
- if ($_SESSION["uid"]) {
- initialize_user_prefs($link, $_SESSION["uid"]);
- header("Location: $redirect_base/tt-rss.php");
- exit;
- }
- }
-
- if ($login && $password) {
-
- if ($_POST["remember_me"]) {
- session_set_cookie_params(SESSION_COOKIE_LIFETIME_REMEMBER);
- } else {
- session_set_cookie_params(SESSION_COOKIE_LIFETIME);
- }
-
- require_once "sessions.php";
-
- if (authenticate_user($link, $login, $password)) {
- initialize_user_prefs($link, $_SESSION["uid"]);
-
- if ($_POST["remember_me"]) {
- $_SESSION["cookie_lifetime"] = time() + SESSION_COOKIE_LIFETIME_REMEMBER;
- } else {
- $_SESSION["cookie_lifetime"] = time() + SESSION_COOKIE_LIFETIME;
- }
-
- setcookie("ttrss_cltime", $_SESSION["cookie_lifetime"],
- $_SESSION["cookie_lifetime"]);
-
- if (!$return_to) {
- $return_to = "tt-rss.php";
- }
- header("Location: $redirect_base/$return_to");
- exit;
- } else {
- $error_msg = "Error: Unable to authenticate user. Please check login and password.";
- }
- } else if ($action) {
- $error_msg = "Error: Either login or password is blank.";
- }
-
-?>
-<html>
-<head>
- <title>Tiny Tiny RSS : Login</title>
- <link rel="stylesheet" type="text/css" href="tt-rss.css">
- <link rel="shortcut icon" type="image/png" href="images/favicon.png">
- <!--[if gte IE 5.5000]>
- <script type="text/javascript" src="pngfix.js"></script>
- <![endif]-->
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-</head>
-
-<body>
-
-<script type="text/javascript">
-function init() {
-
- if (arguments.callee.done) return;
- arguments.callee.done = true;
-
- var login = document.forms["loginForm"].login;
-
- login.focus();
-
-}
-</script>
-
-<script type="text/javascript">
-if (document.addEventListener) {
- document.addEventListener("DOMContentLoaded", init, null);
-}
-window.onload = init;
-</script>
-
-<form action="login.php" method="POST" name="loginForm">
-
-<table width="100%" class="loginForm2">
-<tr>
- <td class="loginTop" valign="bottom" align="left">
- <img src="images/ttrss_logo_big.png" alt="Logo">
- </td>
-</tr><tr>
- <td align="center" valign="middle" class="loginMiddle" height="100%">
- <?php if ($error_msg) { ?>
- <div class="loginError"><?php echo $error_msg ?></div>
- <?php } ?>
- <table>
- <tr><td align="right">Login:</td>
- <td align="right"><input name="login"></td></tr>
- <tr><td align="right">Password:</td>
- <td align="right"><input type="password" name="password"></td></tr>
- <tr><td colspan="2">
- <input type="checkbox" name="remember_me" id="remember_me">
- <label for="remember_me">Remember me on this computer</label>
- </td></tr>
- <tr><td colspan="2" align="right" class="innerLoginCell">
- <input type="submit" class="button" value="Login">
- <input type="hidden" name="action" value="login">
- <input type="hidden" name="rt"
- value="<?php if ($return_to != 'none') { echo $return_to; } ?>">
- </td></tr>
- </table>
- </td>
-</tr><tr>
- <td align="center" class="loginBottom">
- <a href="http://tt-rss.spb.ru/">Tiny Tiny RSS</a> © 2005-2007 <a href="http://bah.org.ru/">Andrew Dolgov</a>
- </td>
-</tr>
-
-</table>
-
-</form>
-
-<?php db_close($link); ?>
-
-<script type="text/javascript">
- /* for IE */
- function statechange() {
- if (document.readyState == "interactive") init();
- }
-
- if (document.readyState) {
- if (document.readyState == "interactive" || document.readyState == "complete") {
- init();
- } else {
- document.onreadystatechange = statechange;
- }
- }
-</script>
-
-</body>
-</html>
--- /dev/null
+<html>
+<head>
+ <title>Tiny Tiny RSS : Login</title>
+ <link rel="stylesheet" type="text/css" href="tt-rss.css">
+ <link rel="shortcut icon" type="image/png" href="images/favicon.png">
+ <!--[if gte IE 5.5000]>
+ <script type="text/javascript" src="pngfix.js"></script>
+ <![endif]-->
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+</head>
+
+<body>
+
+<script type="text/javascript">
+function init() {
+
+ if (arguments.callee.done) return;
+ arguments.callee.done = true;
+
+ var login = document.forms["loginForm"].login;
+
+ login.focus();
+
+}
+</script>
+
+<script type="text/javascript">
+if (document.addEventListener) {
+ document.addEventListener("DOMContentLoaded", init, null);
+}
+window.onload = init;
+</script>
+
+<form action="" method="POST" name="loginForm">
+<input type="hidden" name="login_action" value="do_login">
+
+<table width="100%" class="loginForm2">
+<tr>
+ <td class="loginTop" valign="bottom" align="left">
+ <img src="images/ttrss_logo_big.png" alt="Logo">
+ </td>
+</tr><tr>
+ <td align="center" valign="middle" class="loginMiddle" height="100%">
+ <?php if ($error_msg) { ?>
+ <div class="loginError"><?php echo $error_msg ?></div>
+ <?php } ?>
+ <table>
+ <tr><td align="right">Login:</td>
+ <td align="right"><input name="login"></td></tr>
+ <tr><td align="right">Password:</td>
+ <td align="right"><input type="password" name="password"></td></tr>
+ <tr><td colspan="2">
+ <input type="checkbox" name="remember_me" id="remember_me">
+ <label for="remember_me">Remember me on this computer</label>
+ </td></tr>
+ <tr><td colspan="2" align="right" class="innerLoginCell">
+ <input type="submit" class="button" value="Login">
+ <input type="hidden" name="action" value="login">
+ <input type="hidden" name="rt"
+ value="<?php if ($return_to != 'none') { echo $return_to; } ?>">
+ </td></tr>
+ </table>
+ </td>
+</tr><tr>
+ <td align="center" class="loginBottom">
+ <a href="http://tt-rss.spb.ru/">Tiny Tiny RSS</a> © 2005-2007 <a href="http://bah.org.ru/">Andrew Dolgov</a>
+ </td>
+</tr>
+
+</table>
+
+</form>
+
+++ /dev/null
-<?php
- require_once "sessions.php";
-
- require_once "config.php";
- require_once "functions.php";
-
- logout_user();
-
- if (!USE_HTTP_AUTH) {
- $url_path = get_script_urlpath();
-
- if (ENABLE_LOGIN_SSL) {
- $protocol = "https";
- } else {
- $protocol = "http";
- }
-
- $redirect_base = "$protocol://" . $_SERVER["SERVER_NAME"] . $url_path;
-
- header("Location: $redirect_base/login.php");
- } else { ?>
-
- <html>
- <head>
- <title>Tiny Tiny RSS : Logout</title>
- <link rel="stylesheet" type="text/css" href="tt-rss.css">
- <body class="logoutBody">
- <div class="logoutContent">
-
- <h1><?php echo _('You have been logged out.') ?></h1>
-
- <p><?php echo _('<span class="logoutWarning">Warning:</span>
- As there is no way to reliably clear HTTP Authentication
- credentials from your browser, it is recommended for you to close
- this browser window, otherwise your browser could automatically
- authenticate again using previously supplied credentials, which
- is a security risk.') ?></p>
-
- </div>
- </body>
- </html>
-<?php } ?>
require_once "functions.php";
require_once "../functions.php";
- basic_nosid_redirect_check();
-
require_once "../sessions.php";
require_once "../version.php";
</rpc-reply>";
}
+
+ if ($subop == "logout") {
+ logout_user();
+ print_error_xml(6);
+ }
+
}
?>
<?php
require_once "sessions.php";
-
require_once "sanity_check.php";
require_once "functions.php";
require_once "config.php";
<?php
require_once "functions.php";
-
- basic_nosid_redirect_check();
-
require_once "sessions.php";
-
require_once "sanity_check.php";
require_once "version.php";
require_once "config.php";
<?php if (!SINGLE_USER_MODE) { ?>
<div style="float : right">
<?php echo _('Hello,') ?> <b><?php echo $_SESSION["name"] ?></b>
- (<a href="logout.php">Logout</a>)
+ (<a href="javascript:logoutUser()">Logout</a>)
</div>
<?php } ?>
<img src="<?php echo $theme_image_path ?>images/ttrss_logo.png" alt="Tiny Tiny RSS"/>
<?php
require_once "functions.php";
-
- basic_nosid_redirect_check();
-
require_once "sessions.php";
-
require_once "sanity_check.php";
require_once "version.php";
require_once "config.php";
<div style="float : right">
<?php if (!SINGLE_USER_MODE) { ?>
<?php echo _('Hello,') ?> <b><?php echo $_SESSION["name"] ?></b>
- (<a href="logout.php">Logout</a>)
+ (<a href="javascript:logoutUser()">Logout</a>)
<?php } ?>
<img id="newVersionIcon" onclick="javascript:explainError(2)"
src="images/new_version.png" title="New version is available!"
$owner_uid = $_SESSION["uid"];
if ($_SESSION["access_level"] < 10) {
- header("Location: login.php"); die;
+ print "<p>Error: your access level is insufficient to run this script.</p>";
+ exit;
}
define('SCHEMA_VERSION', 13);
login_sequence($link);
if ($_SESSION["access_level"] < 10) {
- header("Location: login.php"); die;
+ print "<p>Error: your access level is insufficient to run this script.</p>";
+ exit;
}
?>