// Limits the amount of feeds daemon (or a cronjob) updates on one run
define('ALLOW_REMOTE_USER_AUTH', false);
- // Set to 'true' if you trust your web server's REMOTE_USER
- // environment variable to validate that the user is logged in. This
- // option can be used to integrate tt-rss with Apache's external
- // authentication modules.
+ // Set to 'true' if you trust your web server's REMOTE_USER or
+ // REDIRECT_SSL_CLIENT_S_DN_CN environment variables to validate
+ // that the user is logged in. This option can be used to integrate
+ // tt-rss with Apache's external authentication modules or SSL
+ // client certificate authentication.
+ // Please note that REMOTE_USER takes precedence over SSL certificate
+ // information.
define('AUTO_LOGIN', false);
// Set this to true if you use ALLOW_REMOTE_USER_AUTH and you want
return true;
}
+ function get_remote_user() {
+ $remote_user = $_SERVER["REMOTE_USER"];
+
+ if (!$remote_user)
+ $remote_user = $_SERVER["REDIRECT_SSL_CLIENT_S_DN_CN"];
+
+ return db_escape_string($remote_user);
+ }
+
+ function get_remote_fakepass() {
+ if (get_remote_user())
+ return "******";
+ else
+ return "";
+ }
+
function authenticate_user($link, $login, $password, $force_auth = false) {
if (!SINGLE_USER_MODE) {
$login = db_escape_string($login);
if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH
- && $_SERVER["REMOTE_USER"] && $login != "admin") {
+ && get_remote_user() && $login != "admin") {
- $login = db_escape_string($_SERVER["REMOTE_USER"]);
+ $login = db_escape_string(get_remote_user());
$query = "SELECT id,login,access_level,pwd_hash
FROM ttrss_users WHERE
if (!$_SESSION["uid"] || !validate_session($link)) {
if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH
- && $_SERVER["REMOTE_USER"] && defined('AUTO_LOGIN') && AUTO_LOGIN) {
- authenticate_user($link,$_SERVER['REMOTE_USER'],null);
+ && get_remote_user() && defined('AUTO_LOGIN') && AUTO_LOGIN) {
+ authenticate_user($link, get_remote_user(), null);
$_SESSION["ref_schema_version"] = get_schema_version($link, true);
} else {
render_login_form($link, $mobile);
<tr><td align="right"><?php echo __("Login:") ?></td>
<td align="right"><input name="login"
onchange="fetchProfiles()" onfocus="fetchProfiles()"
- value="<?php echo $_SERVER["REMOTE_USER"] ?>"></td></tr>
+ value="<?php echo get_remote_user() ?>"></td></tr>
<tr><td align="right"><?php echo __("Password:") ?></td>
<td align="right"><input type="password" name="password"
onchange="fetchProfiles()" onfocus="fetchProfiles()"
- value="<?php echo $_SERVER["REMOTE_USER"] ?>"></td></tr>
+ value="<?php echo get_remote_fakepass() ?>"></td></tr>
<tr><td align="right"><?php echo __("Language:") ?></td>
<td align="right">
<?php
git.wh0rd.org / tt-rss.git / commitdiff
