new option: ALLOW_REMOTE_USER_AUTH

3 files changed, 15 insertions, 4 deletions

diff --git a/config.php-dist b/config.php-dist
index 8001513d0..5edb79aa3 100644
--- a/config.php-dist
+++ b/config.php-dist
@@ -164,7 +164,13 @@
 	define('DAEMON_FEED_LIMIT', 100);
 	// Limits the amount of feeds daemon updates on one run
 
-	define('CONFIG_VERSION', 12);
+	define('ALLOW_REMOTE_USER_AUTH', false);
+   // Set to 'true' if you trust your web server's REMOTE_USER
+	// environment variable to validate that the user is logged in. This
+	// option can be used to integrate tt-rss with Apache's external
+	// authentication modules.
+
+	define('CONFIG_VERSION', 13);
 	// Expected config version. Please update this option in config.php
 	// if necessary (after migrating all new options from this file).
 
diff --git a/functions.php b/functions.php
index 3644bc25d..2df75f10a 100644
--- a/functions.php
+++ b/functions.php
@@ -1560,10 +1560,15 @@
 			$pwd_hash1 = encrypt_password($password);
 			$pwd_hash2 = encrypt_password($password, $login);
 
-			if ($force_auth && defined('_DEBUG_USER_SWITCH')) {
+			if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH 
+					&& $_SERVER["REMOTE_USER"]) {
+
+				$login = db_escape_string($_SERVER["REMOTE_USER"]);
+
 				$query = "SELECT id,login,access_level
 	            FROM ttrss_users WHERE
-		         login = '$login'";
+					login = '$login'";
+
 			} else {
 				$query = "SELECT id,login,access_level,pwd_hash
 	            FROM ttrss_users WHERE
diff --git a/sanity_check.php b/sanity_check.php
index 5c90eae74..1f0706dc0 100644
--- a/sanity_check.php
+++ b/sanity_check.php
@@ -1,7 +1,7 @@
 <?php
 	require_once "functions.php";
 
-	define('EXPECTED_CONFIG_VERSION', 12);
+	define('EXPECTED_CONFIG_VERSION', 13);
 	define('SCHEMA_VERSION', 27);
 
 	if (!file_exists("config.php")) {