more http auth related fixes, unified login sequence function

author Andrew Dolgov <fox@bah.spb.su>

Sun, 20 Nov 2005 11:19:20 +0000 (12:19 +0100)

committer Andrew Dolgov <fox@bah.spb.su>

Sun, 20 Nov 2005 11:19:20 +0000 (12:19 +0100)
author Andrew Dolgov <fox@bah.spb.su>
Sun, 20 Nov 2005 11:19:20 +0000 (12:19 +0100)
committer Andrew Dolgov <fox@bah.spb.su>
Sun, 20 Nov 2005 11:19:20 +0000 (12:19 +0100)
diff --git a/functions.php b/functions.php

index e6b5b8e6eee44e2e6abac8de757cc47a6c7e3beb..32540bf56225f2b1ae31e9e61c68c7cb7e9f5dc0 100644 (file)
--- a/functions.php
+++ b/functions.php
@@ -608,9 +608,12 @@
  
                 if (!$_SERVER['PHP_AUTH_USER'] || $force_logout) {
  
+                       if ($force_logout) logout_user();
+
                         header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"');
                         header('HTTP/1.0 401 Unauthorized');
                         print "<h1>401 Unathorized</h1>";
+                       
                         exit;
                         
                 } else {
@@ -619,7 +622,7 @@
                         $password = db_escape_string($_SERVER['PHP_AUTH_PW']);
  
                         return authenticate_user($link, $login, $password);
-               }               
+               }
         }
  
         function make_password($length = 8) {
@@ -659,4 +662,33 @@
                 
                 }
  
+       function logout_user() {
+               $_SESSION["uid"] = null;
+               $_SESSION["name"] = null;
+               $_SESSION["access_level"] = null;
+               session_destroy();
+       }
+
+       function login_sequence($link) {
+               if (!SINGLE_USER_MODE) {
+       
+                       if (!USE_HTTP_AUTH) {
+                               if (!$_SESSION["uid"]) {
+                                       header("Location: login.php?rt=tt-rss.php");
+                                       exit;
+                               }
+                       } else {
+                               $force_logout = $_POST["ForceLogout"];
+       
+                               if (!http_authenticate_user($link, $force_logout == "yes")) {
+                                       if (!http_authenticate_user($link, true)) {
+                                               exit;
+                                       }
+                               }
+                       }
+               } else {
+                       $_SESSION["uid"] = 1;
+                       $_SESSION["name"] = "admin";
+               }
+       }
  ?>
diff --git a/logout.php b/logout.php

index cfc9fd0348e6be4e0c9e032cee77e9a8b8b5a172..7757689dcccebe9d7acdad692e4d2372c1f00b8c 100644 (file)
--- a/logout.php
+++ b/logout.php
@@ -2,12 +2,9 @@
         session_start();
  
         require_once "config.php";
+       require_once "functions.php";
  
-       $_SESSION["uid"] = null;
-       $_SESSION["name"] = null;
-       $_SESSION["access_level"] = null;
-
-       session_destroy();
+       logout_user();
  
         if (!USE_HTTP_AUTH) {
                 header("Location: login.php");
diff --git a/prefs.php b/prefs.php

index 85a01663ceeccd3132e54d413df538c0e89586dc..479425294afae04453141ce4185b873b0a56c6af 100644 (file)
--- a/prefs.php
+++ b/prefs.php
@@ -8,22 +8,7 @@
  
         $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); 
  
-       if (!SINGLE_USER_MODE) {
-
-               if (!USE_HTTP_AUTH) {
-                       if (!$_SESSION["uid"]) {
-                               header("Location: login.php?rt=tt-rss.php");
-                               exit;
-                       }
-               } else {
-                       $force_logout = $_POST["ForceLogout"];
-                       http_authenticate_user($link, $force_logout == "yes");
-               }
-       } else {
-               $_SESSION["uid"] = 1;
-               $_SESSION["name"] = "admin";
-       }
-
+       login_sequence($link);
  ?>
  <html>
  <head>
diff --git a/tt-rss.php b/tt-rss.php

index e88dd19d0c3384197a2c0bf109631b0f2e19d388..8a43f4d4bc126ac79b074da15a631937f16b15a5 100644 (file)
--- a/tt-rss.php
+++ b/tt-rss.php
@@ -8,21 +8,7 @@
  
         $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); 
  
-       if (!SINGLE_USER_MODE) {
-
-               if (!USE_HTTP_AUTH) {
-                       if (!$_SESSION["uid"]) {
-                               header("Location: login.php?rt=tt-rss.php");
-                               exit;
-                       }
-               } else {
-                       $force_logout = $_POST["ForceLogout"];
-                       http_authenticate_user($link, $force_logout == "yes");
-               }
-       } else {
-               $_SESSION["uid"] = 1;
-               $_SESSION["name"] = "admin";
-       }
+       login_sequence($link);
  
  ?>
  <html>
author	Andrew Dolgov <fox@bah.spb.su>
	Sun, 20 Nov 2005 11:19:20 +0000 (12:19 +0100)
committer	Andrew Dolgov <fox@bah.spb.su>
	Sun, 20 Nov 2005 11:19:20 +0000 (12:19 +0100)
functions.php		patch \| blob \| history
logout.php		patch \| blob \| history
prefs.php		patch \| blob \| history
tt-rss.php		patch \| blob \| history