diff options
-rw-r--r-- | config.php-dist | 3 | ||||
-rw-r--r-- | functions.php | 31 | ||||
-rw-r--r-- | login.php | 23 | ||||
-rw-r--r-- | prefs.php | 10 | ||||
-rw-r--r-- | tt-rss.php | 12 |
5 files changed, 61 insertions, 18 deletions
diff --git a/config.php-dist b/config.php-dist index eeb1961bc..8e34e7b2c 100644 --- a/config.php-dist +++ b/config.php-dist @@ -13,5 +13,8 @@ define(WEB_DEMO_MODE, false); + + define(USE_HTTP_AUTH, false); + // use HTTP Basic authentication ?> diff --git a/functions.php b/functions.php index fc9818021..67575cbb2 100644 --- a/functions.php +++ b/functions.php @@ -515,8 +515,26 @@ db_query($link, "COMMIT"); } + + function authenticate_user($link, $login, $password) { + + $pwd_hash = 'SHA1:' . sha1($password); + + $result = db_query($link, "SELECT id,login FROM ttrss_users WHERE + login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')"); + + if (db_num_rows($result) == 1) { + $_SESSION["uid"] = db_fetch_result($result, 0, "id"); + $_SESSION["name"] = db_fetch_result($result, 0, "login"); + + return true; + } - function authenticate_user($link) { + return false; + + } + + function http_authenticate_user($link) { if (!$_SERVER['PHP_AUTH_USER']) { @@ -529,16 +547,9 @@ $login = db_escape_string($_SERVER['PHP_AUTH_USER']); $password = db_escape_string($_SERVER['PHP_AUTH_PW']); - $pwd_hash = 'SHA1:' . sha1($password); - - $result = db_query($link, "SELECT id,login FROM ttrss_users WHERE - login = '$login' AND (pwd_hash = '$password' OR pwd_hash = '$pwd_hash')"); - if (db_num_rows($result) == 1) { - $_SESSION["uid"] = db_fetch_result($result, 0, "id"); - $_SESSION["name"] = db_fetch_result($result, 0, "login"); - } - } + return authenticate_user($link, $login, $password); + } } ?> @@ -3,9 +3,18 @@ require_once "version.php"; require_once "config.php"; + require_once "functions.php"; - $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder - $_SESSION["name"] = PLACEHOLDER_NAME; + $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); + + $login = $_POST["login"]; + $password = $_POST["password"]; + + if ($login && $password) { + if (authenticate_user($link, $login, $password)) { + header("Location: tt-rss.php"); + } + } ?> <html> @@ -20,6 +29,8 @@ <body> +<form action="login.php" method="POST"> + <table width='100%' height='100%' class="loginForm"> <tr><td align='center' valign='middle'> @@ -34,9 +45,17 @@ <td><input name="login"></td></tr> <tr><td align="right">Password:</td> <td><input type="password" name="password"></td></tr> + + <tr><td colspan="2" align="center"> + <input type="submit" class="button" value="Login"> + </td></tr> </table></td></tr> </table> +</form> + +<? db_close($link); ?> + </body> </html> @@ -8,8 +8,14 @@ $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); -// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder -// $_SESSION["name"] = PLACEHOLDER_NAME; + if (!USE_HTTP_AUTH) { + if (!$_SESSION["uid"]) { + header("Location: login.php"); + exit; + } + } else { + authenticate_user($link); + } initialize_user_prefs($link, $_SESSION["uid"]); // FIXME this needs to be moved somewhere after user creation diff --git a/tt-rss.php b/tt-rss.php index 7b6b11b48..9348944f6 100644 --- a/tt-rss.php +++ b/tt-rss.php @@ -8,10 +8,14 @@ $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); - authenticate_user($link); - -// $_SESSION["uid"] = PLACEHOLDER_UID; // FIXME: placeholder -// $_SESSION["name"] = PLACEHOLDER_NAME; + if (!USE_HTTP_AUTH) { + if (!$_SESSION["uid"]) { + header("Location: login.php"); + exit; + } + } else { + authenticate_user($link); + } initialize_user_prefs($link, $_SESSION["uid"]); // FIXME this needs to be moved somewhere after user creation |