diff options
Diffstat (limited to 'functions.php')
| -rw-r--r-- | functions.php | 73 |
1 files changed, 19 insertions, 54 deletions
diff --git a/functions.php b/functions.php index 244c41682..170696352 100644 --- a/functions.php +++ b/functions.php @@ -1159,22 +1159,6 @@ return preg_replace('/\/[^\/]*$/', "", $_SERVER["REQUEST_URI"]); } - function get_login_redirect() { - $server = $_SERVER["SERVER_NAME"]; - - if (ENABLE_LOGIN_SSL) { - $protocol = "https"; - } else { - $protocol = "http"; - } - - $url_path = get_script_urlpath(); - - $redirect_uri = "$protocol://$server$url_path/login.php"; - - return $redirect_uri; - } - function validate_session($link) { if (SESSION_CHECK_ADDRESS && $_SESSION["uid"]) { if ($_SESSION["ip_address"]) { @@ -1186,17 +1170,6 @@ return true; } - function basic_nosid_redirect_check() { - if (!SINGLE_USER_MODE) { - if (!$_COOKIE[get_session_cookie_name()]) { - $redirect_uri = get_login_redirect(); - $return_to = preg_replace('/.*?\//', '', $_SERVER["REQUEST_URI"]); - header("Location: $redirect_uri?rt=$return_to"); - exit; - } - } - } - function login_sequence($link) { if (!SINGLE_USER_MODE) { @@ -1210,38 +1183,26 @@ if (!validate_session($link)) { logout_user(); - $redirect_uri = get_login_redirect(); - $return_to = preg_replace('/.*?\//', '', $_SERVER["REQUEST_URI"]); - header("Location: $redirect_uri?rt=$return_to"); + render_login_form($link); exit; } - if (!USE_HTTP_AUTH) { - if (!$_SESSION["uid"]) { - $redirect_uri = get_login_redirect(); - $return_to = preg_replace('/.*?\//', '', $_SERVER["REQUEST_URI"]); - header("Location: $redirect_uri?rt=$return_to"); - exit; - } - } else { - if (!$_SESSION["uid"]) { - if (!$_SERVER["PHP_AUTH_USER"]) { + $login_action = $_POST["login_action"]; - header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"'); - header('HTTP/1.0 401 Unauthorized'); - exit; - - } else { - $auth_result = authenticate_user($link, - $_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"]); + # try to authenticate user if called from login form + if ($login_action == "do_login") { + $login = $_POST["login"]; + $password = $_POST["password"]; - if (!$auth_result) { - header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"'); - header('HTTP/1.0 401 Unauthorized'); - exit; - } - } - } + if (authenticate_user($link, $login, $password)) { + $_POST["password"] = ""; + return; + } + } + + if (!$_SESSION["uid"]) { + render_login_form($link); + exit; } } else { return authenticate_user($link, "admin", null); @@ -3180,4 +3141,8 @@ return true; } + function render_login_form($link) { + require_once "login_form.php"; + } + ?> |