[tt-rss.git] / plugins / auth_remote / init.php

<?php
class Auth_Remote extends Plugin implements IAuthModule {

	private $host;
	private $base;

	function about() {
		return array(1.0,
			"Authenticates against remote password (e.g. supplied by Apache)",
			"fox",
			true);
	}

	function init($host) {
		$this->host = $host;
		$this->base = new Auth_Base();

		$host->add_hook($host::HOOK_AUTH_USER, $this);
	}

	function get_login_by_ssl_certificate() {
		$cert_serial = db_escape_string( get_ssl_certificate_id());

		if ($cert_serial) {
			$result = db_query( "SELECT login FROM ttrss_user_prefs, ttrss_users
				WHERE pref_name = 'SSL_CERT_SERIAL' AND value = '$cert_serial' AND
				owner_uid = ttrss_users.id");

			if (db_num_rows($result) != 0) {
				return db_escape_string( db_fetch_result($result, 0, "login"));
			}
		}

		return "";
	}


	function authenticate($login, $password) {
		$try_login = db_escape_string( $_SERVER["REMOTE_USER"]);

		// php-cgi
		if (!$try_login) $try_login = db_escape_string( $_SERVER["REDIRECT_REMOTE_USER"]);

		if (!$try_login) $try_login = $this->get_login_by_ssl_certificate();
#	  	if (!$try_login) $try_login = "test_qqq";

		if ($try_login) {
			$user_id = $this->base->auto_create_user($try_login);

			if ($user_id) {
				$_SESSION["fake_login"] = $try_login;
				$_SESSION["fake_password"] = "******";
				$_SESSION["hide_hello"] = true;
				$_SESSION["hide_logout"] = true;

				// LemonLDAP can send user informations via HTTP HEADER
				if (defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE){
					// update user name
					$fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN'];
					if ($fullname){
						$fullname = db_escape_string( $fullname);
						db_query( "UPDATE ttrss_users SET full_name = '$fullname' WHERE id = " .
							$user_id);
					}
					// update user mail
					$email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL'];
					if ($email){
						$email = db_escape_string( $email);
						db_query( "UPDATE ttrss_users SET email = '$email' WHERE id = " .
							$user_id);
					}
				}

				return $user_id;
			}
		}

		return false;
	}
}

?>
Commit	Line	Data
0d421af8	1	<?php
0f28f81f AD	2	class Auth_Remote extends Plugin implements IAuthModule {
0f28f81f AD	3
0f28f81f AD	4	private $host;
	5	private $base;
	6
	7	function about() {
	8	return array(1.0,
	9	"Authenticates against remote password (e.g. supplied by Apache)",
	10	"fox",
	11	true);
	12	}
	13
	14	function init($host) {
0f28f81f	15	$this->host = $host;
6322ac79	16	$this->base = new Auth_Base();
0f28f81f AD	17
	18	$host->add_hook($host::HOOK_AUTH_USER, $this);
	19	}
	20
0d421af8	21	function get_login_by_ssl_certificate() {
6322ac79	22	$cert_serial = db_escape_string( get_ssl_certificate_id());
0d421af8 AD	23
0d421af8 AD	24	if ($cert_serial) {
6322ac79	25	$result = db_query( "SELECT login FROM ttrss_user_prefs, ttrss_users
0d421af8 AD	26	WHERE pref_name = 'SSL_CERT_SERIAL' AND value = '$cert_serial' AND
	27	owner_uid = ttrss_users.id");
	28
	29	if (db_num_rows($result) != 0) {
6322ac79	30	return db_escape_string( db_fetch_result($result, 0, "login"));
0d421af8 AD	31	}
	32	}
	33
	34	return "";
	35	}
	36
	37
	38	function authenticate($login, $password) {
6322ac79	39	$try_login = db_escape_string( $_SERVER["REMOTE_USER"]);
0d421af8	40
23923ca7	41	// php-cgi
6322ac79	42	if (!$try_login) $try_login = db_escape_string( $_SERVER["REDIRECT_REMOTE_USER"]);
23923ca7	43
0d421af8 AD	44	if (!$try_login) $try_login = $this->get_login_by_ssl_certificate();
	45	# if (!$try_login) $try_login = "test_qqq";
	46
	47	if ($try_login) {
0f28f81f	48	$user_id = $this->base->auto_create_user($try_login);
0d421af8 AD	49
	50	if ($user_id) {
	51	$_SESSION["fake_login"] = $try_login;
	52	$_SESSION["fake_password"] = "******";
	53	$_SESSION["hide_hello"] = true;
	54	$_SESSION["hide_logout"] = true;
	55
	56	// LemonLDAP can send user informations via HTTP HEADER
	57	if (defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE){
	58	// update user name
	59	$fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN'];
	60	if ($fullname){
6322ac79 AD	61	$fullname = db_escape_string( $fullname);
6322ac79 AD	62	db_query( "UPDATE ttrss_users SET full_name = '$fullname' WHERE id = " .
0d421af8 AD	63	$user_id);
	64	}
	65	// update user mail
	66	$email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL'];
	67	if ($email){
6322ac79 AD	68	$email = db_escape_string( $email);
6322ac79 AD	69	db_query( "UPDATE ttrss_users SET email = '$email' WHERE id = " .
0d421af8 AD	70	$user_id);
	71	}
	72	}
	73
	74	return $user_id;
	75	}
	76	}
	77
	78	return false;
	79	}
	80	}
	81
	82	?>