optional login form/http basic auth support

diff --git a/config.php-dist b/config.php-dist
index eeb1961bc2476a115ee0796064f985f0451c2bdd..8e34e7b2c9c3fba9094edfafd77540f7b53feb96 100644 (file)
--- a/config.php-dist
+++ b/config.php-dist
@@ -13,5 +13,8 @@
        
        define(WEB_DEMO_MODE, false);
 
+
+       define(USE_HTTP_AUTH, false);
+       // use HTTP Basic authentication
 ?>
 

diff --git a/functions.php b/functions.php
index fc98180214ac7e1a35a6ba1e507301a255f454e6..67575cbb24f72da990b1efdafaa081f952efd5da 100644 (file)
--- a/functions.php
+++ b/functions.php
@@ -515,8 +515,26 @@
                db_query($link, "COMMIT");
 
        }
+       
+       function authenticate_user($link, $login, $password) {
+
+               $pwd_hash = 'SHA1:' . sha1($password);
+
+               $result = db_query($link, "SELECT id,login FROM ttrss_users WHERE 
+                       login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')");
+
+               if (db_num_rows($result) == 1) {
+                       $_SESSION["uid"] = db_fetch_result($result, 0, "id");
+                       $_SESSION["name"] = db_fetch_result($result, 0, "login");
+
+                       return true;
+               }
 
-       function authenticate_user($link) {
+               return false;
+
+       }
+
+       function http_authenticate_user($link) {
 
                if (!$_SERVER['PHP_AUTH_USER']) {
 
@@ -529,16 +547,9 @@
 
                        $login = db_escape_string($_SERVER['PHP_AUTH_USER']);
                        $password = db_escape_string($_SERVER['PHP_AUTH_PW']);
-                       $pwd_hash = 'SHA1:' . sha1($password);
-
-                       $result = db_query($link, "SELECT id,login FROM ttrss_users WHERE 
-                               login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')");
 
-                       if (db_num_rows($result) == 1) {
-                               $_SESSION["uid"] = db_fetch_result($result, 0, "id");
-                               $_SESSION["name"] = db_fetch_result($result, 0, "login");
-                       }                       
-               }
+                       return authenticate_user($link, $login, $password);
+               }               
        }
 
 ?>

diff --git a/login.php b/login.php
index 10875ce87e65e65b9153db165d21396d031ca107..86694667af8d227b0300f6a10c386136af811b2f 100644 (file)
--- a/login.php
+++ b/login.php
@@ -3,9 +3,18 @@
 
        require_once "version.php"; 
        require_once "config.php";
+       require_once "functions.php";
 
-       $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
-       $_SESSION["name"] = PLACEHOLDER_NAME;
+       $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); 
+
+       $login = $_POST["login"];
+       $password = $_POST["password"];
+
+       if ($login && $password) {
+               if (authenticate_user($link, $login, $password)) {
+                       header("Location: tt-rss.php");
+               }
+       }
 
 ?>
 <html>
@@ -20,6 +29,8 @@
 
 <body>
 
+<form action="login.php" method="POST">
+
 <table width='100%' height='100%' class="loginForm">
 
        <tr><td align='center' valign='middle'>
@@ -34,9 +45,17 @@
                <td><input name="login"></td></tr>
        <tr><td align="right">Password:</td>
                <td><input type="password" name="password"></td></tr>
+
+       <tr><td colspan="2" align="center">
+               <input type="submit" class="button" value="Login">
+       </td></tr>
        
        </table></td></tr>
 </table>
 
+</form>
+
+<? db_close($link); ?>
+
 </body>
 </html>

diff --git a/prefs.php b/prefs.php
index 73081c7cacb01bcb9982204f63b51421bd394a5f..837cf584f051cc8909757924807268f49d4aac2b 100644 (file)
--- a/prefs.php
+++ b/prefs.php
@@ -8,8 +8,14 @@
 
        $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); 
 
-//     $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
-//     $_SESSION["name"] = PLACEHOLDER_NAME;
+       if (!USE_HTTP_AUTH) {
+               if (!$_SESSION["uid"]) {
+                       header("Location: login.php");
+                       exit;
+               }
+       } else {
+               authenticate_user($link);
+       }
 
        initialize_user_prefs($link, $_SESSION["uid"]); 
        // FIXME this needs to be moved somewhere after user creation

diff --git a/tt-rss.php b/tt-rss.php
index 7b6b11b48abd513faf2a8b40b6bfb2dc15cb4cb9..9348944f61eb0ad105ff4f79f0f853f71a0c224a 100644 (file)
--- a/tt-rss.php
+++ b/tt-rss.php
@@ -8,10 +8,14 @@
 
        $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); 
 
-       authenticate_user($link);
-
-//     $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder
-//     $_SESSION["name"] = PLACEHOLDER_NAME;
+       if (!USE_HTTP_AUTH) {
+               if (!$_SESSION["uid"]) {
+                       header("Location: login.php");
+                       exit;
+               }
+       } else {
+               authenticate_user($link);
+       }
 
        initialize_user_prefs($link, $_SESSION["uid"]); 
        // FIXME this needs to be moved somewhere after user creation