diff options
author | Andrew Dolgov <[email protected]> | 2005-11-23 14:52:02 +0100 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2005-11-23 14:52:02 +0100 |
commit | f557cd78ff5d9fba54eb2e660a2a5fa512b0bd90 (patch) | |
tree | 96cc38909d948851475270ba586c197c02688572 /functions.php | |
parent | 81dde650b6eea3c8623e3b173d8e9bc93a69f616 (diff) |
some http auth fixes
Diffstat (limited to 'functions.php')
-rw-r--r-- | functions.php | 49 |
1 files changed, 21 insertions, 28 deletions
diff --git a/functions.php b/functions.php index 410c76eac..4ba7da748 100644 --- a/functions.php +++ b/functions.php @@ -606,6 +606,8 @@ db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]); + initialize_user_prefs($link, $_SESSION["uid"]); + return true; } @@ -613,27 +615,6 @@ } - function http_authenticate_user($link, $force_logout) { - - if (!$_SERVER['PHP_AUTH_USER'] || $force_logout) { - - if ($force_logout) logout_user(); - - header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"'); - header('HTTP/1.0 401 Unauthorized'); - print "<h1>401 Unathorized</h1>"; - - exit; - - } else { - - $login = db_escape_string($_SERVER['PHP_AUTH_USER']); - $password = db_escape_string($_SERVER['PHP_AUTH_PW']); - - return authenticate_user($link, $login, $password); - } - } - function make_password($length = 8) { $password = ""; @@ -672,10 +653,7 @@ } function logout_user() { - $_SESSION["uid"] = null; - $_SESSION["name"] = null; - $_SESSION["access_level"] = null; - session_destroy(); + session_destroy(); } function login_sequence($link) { @@ -687,9 +665,24 @@ exit; } } else { - if (!http_authenticate_user($link, false)) { - exit; - } + if (!$_SESSION["uid"]) { + if (!$_SERVER["PHP_AUTH_USER"]) { + + header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"'); + header('HTTP/1.0 401 Unauthorized'); + exit; + + } else { + $auth_result = authenticate_user($link, + $_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"]); + + if (!$auth_result) { + header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"'); + header('HTTP/1.0 401 Unauthorized'); + exit; + } + } + } } } else { $_SESSION["uid"] = 1; |