diff options
| author | Andrew Dolgov <[email protected]> | 2011-03-28 13:03:43 +0400 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2011-03-28 13:03:43 +0400 |
| commit | bf9fc06072f2dcd5b17aec1fe6a03b046236d360 (patch) | |
| tree | 079b5c4818d70c9554c363a48c5d5429304df9ff | |
| parent | a4cd9d58ff94d6603cdd5e36870e26fdfe40ca5e (diff) | |
only use autologin with SSL certificate when AUTO_LOGIN is enabled, otherwise redirect to login form as with remote auth
| -rw-r--r-- | config.php-dist | 9 | ||||
| -rw-r--r-- | functions.php | 24 | ||||
| -rw-r--r-- | login_form.php | 4 |
3 files changed, 16 insertions, 21 deletions
diff --git a/config.php-dist b/config.php-dist index 26e8a02ff..531ce20b3 100644 --- a/config.php-dist +++ b/config.php-dist @@ -133,9 +133,12 @@ // used to integrate tt-rss with Apache's external authentication modules. define('AUTO_LOGIN', false); - // Set this to true if you use ALLOW_REMOTE_USER_AUTH and you want - // to skip the login form. If set to true, users won't be able to - // set application language and settings profile. + // Set this to true if you use ALLOW_REMOTE_USER_AUTH or client SSL + // certificate authentication and you want to skip the login form. + // If set to true, users won't be able to set application language + // and settings profile. + // Otherwise users will be redirected to login form with their login + // information pre-filled. define('LOCK_DIRECTORY', 'lock'); // Directory for lockfiles, must be writable to the user you run diff --git a/functions.php b/functions.php index dc162d7a9..974e2b9a8 100644 --- a/functions.php +++ b/functions.php @@ -1784,18 +1784,17 @@ return ""; } - function get_remote_user() { - $remote_user = ""; + function get_remote_user($link) { if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH) { - $remote_user = $_SERVER["REMOTE_USER"]; + return db_escape_string($_SERVER["REMOTE_USER"]); } - return db_escape_string($remote_user); + return db_escape_string(get_login_by_ssl_certificate($link)); } - function get_remote_fakepass() { - if (get_remote_user()) + function get_remote_fakepass($link) { + if (get_remote_user($link)) return "******"; else return ""; @@ -1809,10 +1808,7 @@ $pwd_hash2 = encrypt_password($password, $login); $login = db_escape_string($login); - $remote_user = get_remote_user(); - - if (!$remote_user) - $remote_user = get_login_by_ssl_certificate($link); + $remote_user = get_remote_user($link); if ($remote_user && $login != "admin") { @@ -2006,13 +2002,9 @@ } if (!$_SESSION["uid"] || !validate_session($link)) { - $cert_login = get_login_by_ssl_certificate($link); - if ($cert_login) { - authenticate_user($link, $cert_login, null); - $_SESSION["ref_schema_version"] = get_schema_version($link, true); - } else if (get_remote_user() && AUTO_LOGIN) { - authenticate_user($link, get_remote_user(), null); + if (get_remote_user($link) && AUTO_LOGIN) { + authenticate_user($link, get_remote_user($link), null); $_SESSION["ref_schema_version"] = get_schema_version($link, true); } else { render_login_form($link, $mobile); diff --git a/login_form.php b/login_form.php index 1dbc00549..5810c5cef 100644 --- a/login_form.php +++ b/login_form.php @@ -131,11 +131,11 @@ function validateLoginForm(f) { <tr><td align="right"><?php echo __("Login:") ?></td> <td align="right"><input name="login" onchange="fetchProfiles()" onfocus="fetchProfiles()" - value="<?php echo get_remote_user() ?>"></td></tr> + value="<?php echo get_remote_user($link) ?>"></td></tr> <tr><td align="right"><?php echo __("Password:") ?></td> <td align="right"><input type="password" name="password" onchange="fetchProfiles()" onfocus="fetchProfiles()" - value="<?php echo get_remote_fakepass() ?>"></td></tr> + value="<?php echo get_remote_fakepass($link) ?>"></td></tr> <tr><td align="right"><?php echo __("Language:") ?></td> <td align="right"> <?php |