diff options
| author | Andrew Dolgov <[email protected]> | 2005-11-23 14:52:02 +0100 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2005-11-23 14:52:02 +0100 |
| commit | f557cd78ff5d9fba54eb2e660a2a5fa512b0bd90 (patch) | |
| tree | 96cc38909d948851475270ba586c197c02688572 | |
| parent | 81dde650b6eea3c8623e3b173d8e9bc93a69f616 (diff) | |
some http auth fixes
| -rw-r--r-- | functions.php | 49 | ||||
| -rw-r--r-- | logout.php | 26 | ||||
| -rw-r--r-- | tt-rss.css | 20 |
3 files changed, 63 insertions, 32 deletions
diff --git a/functions.php b/functions.php index 410c76eac..4ba7da748 100644 --- a/functions.php +++ b/functions.php @@ -606,6 +606,8 @@ db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]); + initialize_user_prefs($link, $_SESSION["uid"]); + return true; } @@ -613,27 +615,6 @@ } - function http_authenticate_user($link, $force_logout) { - - if (!$_SERVER['PHP_AUTH_USER'] || $force_logout) { - - if ($force_logout) logout_user(); - - header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"'); - header('HTTP/1.0 401 Unauthorized'); - print "<h1>401 Unathorized</h1>"; - - exit; - - } else { - - $login = db_escape_string($_SERVER['PHP_AUTH_USER']); - $password = db_escape_string($_SERVER['PHP_AUTH_PW']); - - return authenticate_user($link, $login, $password); - } - } - function make_password($length = 8) { $password = ""; @@ -672,10 +653,7 @@ } function logout_user() { - $_SESSION["uid"] = null; - $_SESSION["name"] = null; - $_SESSION["access_level"] = null; - session_destroy(); + session_destroy(); } function login_sequence($link) { @@ -687,9 +665,24 @@ exit; } } else { - if (!http_authenticate_user($link, false)) { - exit; - } + if (!$_SESSION["uid"]) { + if (!$_SERVER["PHP_AUTH_USER"]) { + + header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"'); + header('HTTP/1.0 401 Unauthorized'); + exit; + + } else { + $auth_result = authenticate_user($link, + $_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"]); + + if (!$auth_result) { + header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"'); + header('HTTP/1.0 401 Unauthorized'); + exit; + } + } + } } } else { $_SESSION["uid"] = 1; diff --git a/logout.php b/logout.php index 7757689dc..9af2bab61 100644 --- a/logout.php +++ b/logout.php @@ -8,7 +8,25 @@ if (!USE_HTTP_AUTH) { header("Location: login.php"); - } else { - header("Location: tt-rss.php"); - } -?> + } else { ?> + + <html> + <head> + <title>Tiny Tiny RSS : Logout</title> + <link rel="stylesheet" type="text/css" href="tt-rss.css"> + <body class="logoutBody"> + <div class="logoutContent"> + + <h1>You have been logged out.</h1> + + <p><span class="logoutWarning">Warning:</span> + As there is no way to reliably clear HTTP Authentication + credentials from your browser, it is recommended for you to close + this browser window, otherwise your browser could automatically + authenticate again using previously supplied credentials, which + is a security risk.</p> + + </div> + </body> + </html> +<? } ?> diff --git a/tt-rss.css b/tt-rss.css index 20e4d546c..aa40c7ea5 100644 --- a/tt-rss.css +++ b/tt-rss.css @@ -636,3 +636,23 @@ span.insensitive { div.prefGenericAddBox { margin : 5px; } + +body.logoutBody { + background-color : #f0f0f0; + color : black; +} + +span.logoutWarning { + color : red; + font-weight : bold; +} + +div.logoutContent { + width : 600px; + border : 1px solid #c0c0c0; + background-color : white; + margin-left : auto; + margin-right : auto; + margin-top : 20px; + padding : 10px; +} |