]> git.wh0rd.org Git - tt-rss.git/commitdiff
only use autologin with SSL certificate when AUTO_LOGIN is enabled, otherwise redirec...
authorAndrew Dolgov <fox@madoka.volgo-balt.ru>
Mon, 28 Mar 2011 09:03:43 +0000 (13:03 +0400)
committerAndrew Dolgov <fox@madoka.volgo-balt.ru>
Mon, 28 Mar 2011 09:03:43 +0000 (13:03 +0400)
config.php-dist
functions.php
login_form.php

index 26e8a02ffacc1863a065853f1ff702bbc03d7ba0..531ce20b325d02b8311f8db4c3785df7be7f6ef0 100644 (file)
        // used to integrate tt-rss with Apache's external authentication modules.
 
        define('AUTO_LOGIN', false);
-       // Set this to true if you use ALLOW_REMOTE_USER_AUTH and you want
-       // to skip the login form. If set to true, users won't be able to
-       // set application language and settings profile.
+       // Set this to true if you use ALLOW_REMOTE_USER_AUTH or client SSL
+       // certificate authentication and you want to skip the login form. 
+       // If set to true, users won't be able to set application language 
+       // and settings profile.
+       // Otherwise users will be redirected to login form with their login
+       // information pre-filled.
 
        define('LOCK_DIRECTORY', 'lock');
        // Directory for lockfiles, must be writable to the user you run
index dc162d7a904f7b98b8b2588e732105810b9263a0..974e2b9a85895ba0872fb5a368de93211d6d11d9 100644 (file)
                return "";
        }
 
-       function get_remote_user() {
-               $remote_user = "";
+       function get_remote_user($link) {
 
                if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH) {
-                       $remote_user = $_SERVER["REMOTE_USER"];
+                       return db_escape_string($_SERVER["REMOTE_USER"]);
                }
 
-               return db_escape_string($remote_user);
+               return db_escape_string(get_login_by_ssl_certificate($link));
        }
 
-       function get_remote_fakepass() {
-               if (get_remote_user())
+       function get_remote_fakepass($link) {
+               if (get_remote_user($link))
                        return "******";
                else
                        return "";
                        $pwd_hash2 = encrypt_password($password, $login);
                        $login = db_escape_string($login);
 
-                       $remote_user = get_remote_user();
-
-                       if (!$remote_user)
-                               $remote_user = get_login_by_ssl_certificate($link);
+                       $remote_user = get_remote_user($link);
 
                        if ($remote_user && $login != "admin") {
 
                        }
 
                        if (!$_SESSION["uid"] || !validate_session($link)) {
-                               $cert_login = get_login_by_ssl_certificate($link);
 
-                               if ($cert_login) {
-                                   authenticate_user($link, $cert_login, null);
-                                   $_SESSION["ref_schema_version"] = get_schema_version($link, true);
-                               } else if (get_remote_user() && AUTO_LOGIN) {
-                                   authenticate_user($link, get_remote_user(), null);
+                               if (get_remote_user($link) && AUTO_LOGIN) {
+                                   authenticate_user($link, get_remote_user($link), null);
                                    $_SESSION["ref_schema_version"] = get_schema_version($link, true);
                                } else {
                                    render_login_form($link, $mobile);
index 1dbc00549939e48e1b0c52ad01a6aa945eb3cd95..5810c5cef6a0e318fbd0a451bbd0f94d7ed7e171 100644 (file)
@@ -131,11 +131,11 @@ function validateLoginForm(f) {
                        <tr><td align="right"><?php echo __("Login:") ?></td>
                        <td align="right"><input name="login"
                                onchange="fetchProfiles()" onfocus="fetchProfiles()"
-                               value="<?php echo get_remote_user() ?>"></td></tr>
+                               value="<?php echo get_remote_user($link) ?>"></td></tr>
                        <tr><td align="right"><?php echo __("Password:") ?></td>
                        <td align="right"><input type="password" name="password"
                                onchange="fetchProfiles()" onfocus="fetchProfiles()"
-                               value="<?php echo get_remote_fakepass() ?>"></td></tr>
+                               value="<?php echo get_remote_fakepass($link) ?>"></td></tr>
                        <tr><td align="right"><?php echo __("Language:") ?></td>
                        <td align="right">
                        <?php