From 01a87dff9efecf9070b652f59a52e55bd2db1906 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Thu, 1 Mar 2007 10:43:54 +0100 Subject: [PATCH] rework login process, drop http auth --- backend.php | 4 +- config.php-dist | 8 +- functions.js | 27 ++++++- functions.php | 73 +++++------------- login.php | 165 ---------------------------------------- login_form.php | 73 ++++++++++++++++++ logout.php | 42 ---------- mobile/tt-rss.php | 2 - modules/backend-rpc.php | 6 ++ opml.php | 1 - prefs.php | 6 +- tt-rss.php | 6 +- update.php | 3 +- utils/stats.php | 3 +- 14 files changed, 133 insertions(+), 286 deletions(-) delete mode 100644 login.php create mode 100644 login_form.php delete mode 100644 logout.php diff --git a/backend.php b/backend.php index 4aaec48ad..b4eeaf5e0 100644 --- a/backend.php +++ b/backend.php @@ -51,9 +51,9 @@

Error: Not logged in.

diff --git a/config.php-dist b/config.php-dist index 21725abc9..bbf45869a 100644 --- a/config.php-dist +++ b/config.php-dist @@ -27,9 +27,6 @@ define('ICONS_URL', "icons"); // Local and URL path to the directory, where feed favicons are stored. - define('USE_HTTP_AUTH', false); - // Use HTTP Basic authentication instead of login form. Has some problems. - define('SINGLE_USER_MODE', true); // Operate in single user mode, disables all functionality related to // multiple users. @@ -69,9 +66,6 @@ define('GLOBAL_ENABLE_LABELS', false); // Labels are a security risk, so this option can globally disable them for all users. - define('ENABLE_LOGIN_SSL', false); - // Redirect to SSL url for login - define('MAIL_RESET_PASS', true); // Send mail to user on password reset @@ -147,7 +141,7 @@ // If update daemon and update_feeds should send digests // Disable if you prefer querying special URL (see wiki) - define('CONFIG_VERSION', 5); + define('CONFIG_VERSION', 6); // Expected config version. Please update this option in config.php // if necessary (after migrating all new options from this file). diff --git a/functions.js b/functions.js index 292612919..88d750b6b 100644 --- a/functions.js +++ b/functions.js @@ -52,6 +52,17 @@ function xmlhttp_ready(obj) { return obj.readyState == 4 || obj.readyState == 0 || !obj.readyState; } +function logout_callback() { + var container = document.getElementById('notify'); + if (xmlhttp.readyState == 4) { + try { + window.location.reload(true); + } catch (e) { + exception_error("logout_callback", e); + } + } +} + function notify_callback() { var container = document.getElementById('notify'); if (xmlhttp.readyState == 4) { @@ -1527,7 +1538,7 @@ function fatalError(code, message) { try { if (code == 6) { - window.location.href = "login.php?rt=none"; + //window.location.href = "login.php?rt=none"; } else if (code == 5) { window.location.href = "update.php"; } else { @@ -1605,3 +1616,17 @@ function filterDlgCheckAction(sender) { function explainError(code) { return displayDlg("explainError", code); } + +function logoutUser() { + try { + if (xmlhttp_ready(xmlhttp_rpc)) { + xmlhttp_rpc.open("GET", "backend.php?op=rpc&subop=logout", true); + xmlhttp_rpc.onreadystatechange=logout_callback; + xmlhttp_rpc.send(null); + } else { + printLockingError(); + } + } catch (e) { + exception_error("logoutUser", e); + } +} diff --git a/functions.php b/functions.php index 244c41682..170696352 100644 --- a/functions.php +++ b/functions.php @@ -1159,22 +1159,6 @@ return preg_replace('/\/[^\/]*$/', "", $_SERVER["REQUEST_URI"]); } - function get_login_redirect() { - $server = $_SERVER["SERVER_NAME"]; - - if (ENABLE_LOGIN_SSL) { - $protocol = "https"; - } else { - $protocol = "http"; - } - - $url_path = get_script_urlpath(); - - $redirect_uri = "$protocol://$server$url_path/login.php"; - - return $redirect_uri; - } - function validate_session($link) { if (SESSION_CHECK_ADDRESS && $_SESSION["uid"]) { if ($_SESSION["ip_address"]) { @@ -1186,17 +1170,6 @@ return true; } - function basic_nosid_redirect_check() { - if (!SINGLE_USER_MODE) { - if (!$_COOKIE[get_session_cookie_name()]) { - $redirect_uri = get_login_redirect(); - $return_to = preg_replace('/.*?\//', '', $_SERVER["REQUEST_URI"]); - header("Location: $redirect_uri?rt=$return_to"); - exit; - } - } - } - function login_sequence($link) { if (!SINGLE_USER_MODE) { @@ -1210,38 +1183,26 @@ if (!validate_session($link)) { logout_user(); - $redirect_uri = get_login_redirect(); - $return_to = preg_replace('/.*?\//', '', $_SERVER["REQUEST_URI"]); - header("Location: $redirect_uri?rt=$return_to"); + render_login_form($link); exit; } - if (!USE_HTTP_AUTH) { - if (!$_SESSION["uid"]) { - $redirect_uri = get_login_redirect(); - $return_to = preg_replace('/.*?\//', '', $_SERVER["REQUEST_URI"]); - header("Location: $redirect_uri?rt=$return_to"); - exit; + $login_action = $_POST["login_action"]; + + # try to authenticate user if called from login form + if ($login_action == "do_login") { + $login = $_POST["login"]; + $password = $_POST["password"]; + + if (authenticate_user($link, $login, $password)) { + $_POST["password"] = ""; + return; } - } else { - if (!$_SESSION["uid"]) { - if (!$_SERVER["PHP_AUTH_USER"]) { + } - header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"'); - header('HTTP/1.0 401 Unauthorized'); - exit; - - } else { - $auth_result = authenticate_user($link, - $_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"]); - - if (!$auth_result) { - header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"'); - header('HTTP/1.0 401 Unauthorized'); - exit; - } - } - } + if (!$_SESSION["uid"]) { + render_login_form($link); + exit; } } else { return authenticate_user($link, "admin", null); @@ -3180,4 +3141,8 @@ return true; } + function render_login_form($link) { + require_once "login_form.php"; + } + ?> diff --git a/login.php b/login.php deleted file mode 100644 index 3609622f8..000000000 --- a/login.php +++ /dev/null @@ -1,165 +0,0 @@ - - - - Tiny Tiny RSS : Login - - - - - - - - - - - - -
- - - - - - - - - - -
- Logo -
- -
- - - - - - - - -
Login:
Password:
- - -
- - - -
-
- Tiny Tiny RSS © 2005-2007 Andrew Dolgov -
- -
- - - - - - - diff --git a/login_form.php b/login_form.php new file mode 100644 index 000000000..6139b0205 --- /dev/null +++ b/login_form.php @@ -0,0 +1,73 @@ + + + Tiny Tiny RSS : Login + + + + + + + + + + + + +
+ + + + + + + + + + + +
+ Logo +
+ +
+ + + + + + + + +
Login:
Password:
+ + +
+ + + +
+
+ Tiny Tiny RSS © 2005-2007 Andrew Dolgov +
+ +
+ diff --git a/logout.php b/logout.php deleted file mode 100644 index 249018dce..000000000 --- a/logout.php +++ /dev/null @@ -1,42 +0,0 @@ - - - - - Tiny Tiny RSS : Logout - - -
- -

- -

Warning: - As there is no way to reliably clear HTTP Authentication - credentials from your browser, it is recommended for you to close - this browser window, otherwise your browser could automatically - authenticate again using previously supplied credentials, which - is a security risk.') ?>

- -
- - - diff --git a/mobile/tt-rss.php b/mobile/tt-rss.php index a52c63f81..890c1e0a1 100644 --- a/mobile/tt-rss.php +++ b/mobile/tt-rss.php @@ -3,8 +3,6 @@ require_once "functions.php"; require_once "../functions.php"; - basic_nosid_redirect_check(); - require_once "../sessions.php"; require_once "../version.php"; diff --git a/modules/backend-rpc.php b/modules/backend-rpc.php index 212ff552e..739a43739 100644 --- a/modules/backend-rpc.php +++ b/modules/backend-rpc.php @@ -253,5 +253,11 @@ "; } + + if ($subop == "logout") { + logout_user(); + print_error_xml(6); + } + } ?> diff --git a/opml.php b/opml.php index 9341c61d4..ff888d246 100644 --- a/opml.php +++ b/opml.php @@ -1,6 +1,5 @@
- (Logout) + (Logout)
Tiny Tiny RSS diff --git a/tt-rss.php b/tt-rss.php index 2b62c1d8a..42b1bf35b 100644 --- a/tt-rss.php +++ b/tt-rss.php @@ -1,10 +1,6 @@ - (Logout) + (Logout) Error: your access level is insufficient to run this script.

"; + exit; } define('SCHEMA_VERSION', 13); diff --git a/utils/stats.php b/utils/stats.php index 5bc4355db..51dcaf59a 100644 --- a/utils/stats.php +++ b/utils/stats.php @@ -12,7 +12,8 @@ login_sequence($link); if ($_SESSION["access_level"] < 10) { - header("Location: login.php"); die; + print "

Error: your access level is insufficient to run this script.

"; + exit; } ?>