]> git.wh0rd.org Git - tt-rss.git/commitdiff
some http auth fixes
authorAndrew Dolgov <fox@bah.spb.su>
Wed, 23 Nov 2005 13:52:02 +0000 (14:52 +0100)
committerAndrew Dolgov <fox@bah.spb.su>
Wed, 23 Nov 2005 13:52:02 +0000 (14:52 +0100)
functions.php
logout.php
tt-rss.css

index 410c76eac6d40a5ce79f41ea3cacb71e0fe7bb2a..4ba7da748b57f71af28c9568737b52c20626cc8b 100644 (file)
                        db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . 
                                $_SESSION["uid"]);
 
+                       initialize_user_prefs($link, $_SESSION["uid"]);
+
                        return true;
                }
 
 
        }
 
-       function http_authenticate_user($link, $force_logout) {
-
-               if (!$_SERVER['PHP_AUTH_USER'] || $force_logout) {
-
-                       if ($force_logout) logout_user();
-
-                       header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"');
-                       header('HTTP/1.0 401 Unauthorized');
-                       print "<h1>401 Unathorized</h1>";
-                       
-                       exit;
-                       
-               } else {
-
-                       $login = db_escape_string($_SERVER['PHP_AUTH_USER']);
-                       $password = db_escape_string($_SERVER['PHP_AUTH_PW']);
-
-                       return authenticate_user($link, $login, $password);
-               }
-       }
-
        function make_password($length = 8) {
 
                $password = "";
                }
 
        function logout_user() {
-               $_SESSION["uid"] = null;
-               $_SESSION["name"] = null;
-               $_SESSION["access_level"] = null;
-               session_destroy();
+               session_destroy();              
        }
 
        function login_sequence($link) {
                                        exit;
                                }
                        } else {
-                               if (!http_authenticate_user($link, false)) {
-                                       exit;
-                               }
+                               if (!$_SESSION["uid"]) {
+                                       if (!$_SERVER["PHP_AUTH_USER"]) {
+
+                                               header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"');
+                                               header('HTTP/1.0 401 Unauthorized');
+                                               exit;
+                                               
+                                       } else {
+                                               $auth_result = authenticate_user($link, 
+                                                       $_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"]);
+
+                                               if (!$auth_result) {
+                                                       header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"');
+                                                       header('HTTP/1.0 401 Unauthorized');
+                                                       exit;
+                                               }
+                                       }
+                               }                               
                        }
                } else {
                        $_SESSION["uid"] = 1;
index 7757689dcccebe9d7acdad692e4d2372c1f00b8c..9af2bab61beb0b3a9e664191450a7040badbbf3f 100644 (file)
@@ -8,7 +8,25 @@
 
        if (!USE_HTTP_AUTH) {
                header("Location: login.php");
-       } else {
-               header("Location: tt-rss.php");
-       }
-?>
+       } else { ?>
+       
+       <html>
+               <head>
+                       <title>Tiny Tiny RSS : Logout</title>
+                       <link rel="stylesheet" type="text/css" href="tt-rss.css">
+       <body class="logoutBody">
+               <div class="logoutContent">     
+               
+                       <h1>You have been logged out.</h1>
+
+                       <p><span class="logoutWarning">Warning:</span>
+                       As there is no way to reliably clear HTTP Authentication 
+                       credentials from your browser, it is recommended for you to close
+                       this browser window, otherwise your browser could automatically
+                       authenticate again using previously supplied credentials, which
+                       is a security risk.</p>
+                       
+               </div>
+       </body>
+       </html>
+<?     } ?>
index 20e4d546c630a41933697de3a79dee3a8ee2dcf2..aa40c7ea53b68d0f61e8bf0d7d34296ab190a791 100644 (file)
@@ -636,3 +636,23 @@ span.insensitive {
 div.prefGenericAddBox {
        margin : 5px;
 }
+
+body.logoutBody {
+       background-color : #f0f0f0;
+       color : black;
+}
+
+span.logoutWarning {
+       color : red;
+       font-weight : bold;
+}
+
+div.logoutContent {
+       width : 600px;
+       border : 1px solid #c0c0c0;
+       background-color : white;
+       margin-left : auto;
+       margin-right : auto;
+       margin-top : 20px;
+       padding : 10px;
+}