]>
Commit | Line | Data |
---|---|---|
0d421af8 | 1 | <?php |
0f28f81f AD |
2 | class Auth_Remote extends Plugin implements IAuthModule { |
3 | ||
0f28f81f | 4 | private $host; |
b431d525 | 5 | /* @var Auth_Base $base */ |
0f28f81f AD |
6 | private $base; |
7 | ||
8 | function about() { | |
9 | return array(1.0, | |
10 | "Authenticates against remote password (e.g. supplied by Apache)", | |
11 | "fox", | |
12 | true); | |
13 | } | |
14 | ||
b431d525 AD |
15 | /* @var PluginHost $host */ |
16 | function init($host ) { | |
0f28f81f | 17 | $this->host = $host; |
a0ed0d38 | 18 | $this->base = new Auth_Base(); |
0f28f81f AD |
19 | |
20 | $host->add_hook($host::HOOK_AUTH_USER, $this); | |
21 | } | |
22 | ||
0d421af8 | 23 | function get_login_by_ssl_certificate() { |
b431d525 | 24 | $cert_serial = get_ssl_certificate_id(); |
0d421af8 AD |
25 | |
26 | if ($cert_serial) { | |
b431d525 AD |
27 | $sth = $this->pdo->prepare("SELECT login FROM ttrss_user_prefs, ttrss_users |
28 | WHERE pref_name = 'SSL_CERT_SERIAL' AND value = ? AND | |
0d421af8 | 29 | owner_uid = ttrss_users.id"); |
b431d525 | 30 | $sth->execute([$cert_serial]); |
0d421af8 | 31 | |
b431d525 AD |
32 | if ($row = $sth->fetch()) { |
33 | return $row['login']; | |
0d421af8 AD |
34 | } |
35 | } | |
36 | ||
37 | return ""; | |
38 | } | |
39 | ||
21ce7d9e AD |
40 | /** |
41 | * @SuppressWarnings(PHPMD.UnusedFormalParameter) | |
42 | */ | |
0d421af8 | 43 | function authenticate($login, $password) { |
b431d525 | 44 | $try_login = $_SERVER["REMOTE_USER"]; |
0d421af8 | 45 | |
23923ca7 | 46 | // php-cgi |
b431d525 AD |
47 | if (!$try_login) $try_login = $_SERVER["REDIRECT_REMOTE_USER"]; |
48 | if (!$try_login) $try_login = $_SERVER["PHP_AUTH_USER"]; | |
23923ca7 | 49 | |
0d421af8 | 50 | if (!$try_login) $try_login = $this->get_login_by_ssl_certificate(); |
0d421af8 AD |
51 | |
52 | if ($try_login) { | |
6f7798b6 | 53 | $user_id = $this->base->auto_create_user($try_login, $password); |
0d421af8 AD |
54 | |
55 | if ($user_id) { | |
56 | $_SESSION["fake_login"] = $try_login; | |
57 | $_SESSION["fake_password"] = "******"; | |
58 | $_SESSION["hide_hello"] = true; | |
59 | $_SESSION["hide_logout"] = true; | |
60 | ||
61 | // LemonLDAP can send user informations via HTTP HEADER | |
62 | if (defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE){ | |
63 | // update user name | |
64 | $fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN']; | |
65 | if ($fullname){ | |
b431d525 AD |
66 | $sth = $this->pdo->prepare("UPDATE ttrss_users SET full_name = ? WHERE id = ?"); |
67 | $sth->execute([$fullname, $user_id]); | |
0d421af8 AD |
68 | } |
69 | // update user mail | |
70 | $email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL']; | |
71 | if ($email){ | |
b431d525 AD |
72 | $sth = $this->pdo->prepare("UPDATE ttrss_users SET email = ? WHERE id = ?"); |
73 | $sth->execute([$email, $user_id]); | |
0d421af8 AD |
74 | } |
75 | } | |
76 | ||
77 | return $user_id; | |
78 | } | |
79 | } | |
80 | ||
81 | return false; | |
82 | } | |
106a3de9 AD |
83 | |
84 | function api_version() { | |
85 | return 2; | |
86 | } | |
87 | ||
0d421af8 | 88 | } |