Support HTTP-Authentication (especially for RSS feeds)

2006-08-16 08:28:32 +00:00 · 2006-08-16 08:28:32 +00:00 · bb7fb4e5a8
commit bb7fb4e5a8
parent e0042430f5
4 changed files with 41 additions and 2 deletions
--- a/docs/NEWS
+++ b/docs/NEWS
@ -1,5 +1,20 @@
 # $Id$

+Version 1.1-beta2 ()
+------------------------------------------------------------------------
+
+    * Added ability to use HTTP Authentication to the blog. Can be 
+      triggered by submitting HTTP Auth credentials [only supported when 
+      the server runs with mod_php, not as CGI]. Authentication can be 
+      forced URLs with the "?http_auth=true" parameter, which
+      will then send a "401 Unauthorized" header.
+      If your server does not support mod_php, you can submit REQUEST
+      variables: ?http_auth_user=XXX&http_auth_pw=YYY.
+      Note that specifying username and password in the URI will lead
+      to password disclosure in HTTP logfiles. 
+      This feature is most importantly meant for RSS-feeds, to make
+      RSS readers able to submit login credentials. (garvinhicking)
+
 Version 1.1-beta1 (August 14th, 2006)
 ------------------------------------------------------------------------

--- a/include/functions_config.inc.php
+++ b/include/functions_config.inc.php
@ -477,7 +477,7 @@ function serendipity_authenticate_author($username = '', $password = '', $is_md5
        if (is_array($row)) {
            serendipity_setCookie('old_session', session_id());
            $_SESSION['serendipityUser']        = $serendipity['serendipityUser']         = $username;
-            $_SESSION['serendipityRealname']    = $serendipity['serendipityRealname']     = $$row['realname'];
+            $_SESSION['serendipityRealname']    = $serendipity['serendipityRealname']     = $row['realname'];
            $_SESSION['serendipityPassword']    = $serendipity['serendipityPassword']     = $password;
            $_SESSION['serendipityEmail']       = $serendipity['serendipityEmail']        = $row['email'];
            $_SESSION['serendipityAuthorid']    = $serendipity['authorid']                = $row['authorid'];
--- a/rss.php
+++ b/rss.php
@ -4,6 +4,7 @@

 header('Content-Type: text/xml; charset=utf-8');
 session_cache_limiter('public');
+
 include('serendipity_config.inc.php');
 include(S9Y_INCLUDE_PATH . 'include/functions_rss.inc.php');

@ -101,6 +102,10 @@ default:
    break;
 }

+if (isset($serendipity['serendipityRealname'])) {
+    $title .= ' (' . LOGIN . ': ' . $serendipity['serendipityRealname'] . ')';
+}
+
 if (!empty($serendipity['GET']['category'])) {
    $cInfo       = serendipity_fetchCategoryInfo((int)$serendipity['GET']['category']);
    $title       = serendipity_utf8_encode(htmlspecialchars($title . ' - '. $cInfo['category_name']));
--- a/serendipity_config.inc.php
+++ b/serendipity_config.inc.php
@ -27,7 +27,7 @@ if (IS_installed === true && !defined('IN_serendipity')) {
 include(S9Y_INCLUDE_PATH . 'include/compat.inc.php');

 // The version string
-$serendipity['version']         = '1.1-beta1';
+$serendipity['version']         = '1.1-beta2';

 // Setting this to 'false' will enable debugging output. All alpa/beta/cvs snapshot versions will emit debug information by default. To increase the debug level (to enable Smarty debugging), set this flag to 'debug'.
 $serendipity['production']      = (preg_match('@\-(alpha|beta|cvs)@', $serendipity['version']) ? false : true);
@ -79,6 +79,10 @@ if (!isset($serendipity['use_PEAR'])) {
    $serendipity['use_PEAR'] = true;
 }

+if (!isset($serendipity['useHTTP-Auth'])) {
+    $serendipity['useHTTP-Auth'] = true;
+}
+
 // Should IFRAMEs be used for previewing entries and sending trackbacks?
 $serendipity['use_iframe'] = true;

@ -245,6 +249,21 @@ serendipity_load_configuration();
 */

 if (IS_installed === true) {
+    // Import HTTP auth (mostly used for RSS feeds)
+    if ($serendipity['useHTTP-Auth'] && (isset($_REQUEST['http_auth']) || isset($_SERVER['PHP_AUTH_USER']))) {
+        if (!isset($_SERVER['PHP_AUTH_USER'])) {
+            header("WWW-Authenticate: Basic realm=\"Feed Login\"");
+            header("HTTP/1.0 401 Unauthorized");
+            exit;
+        } else {
+            $serendipity['POST']['user'] = $_SERVER['PHP_AUTH_USER'];
+            $serendipity['POST']['pass'] = $_SERVER['PHP_AUTH_PW'];
+        }
+    } elseif (isset($_REQUEST['http_auth_user']) && isset($_REQUEST['http_auth_pw'])) {
+        $serendipity['POST']['user'] = $_REQUEST['http_auth_user'];
+        $serendipity['POST']['pass'] = $_REQUEST['http_auth_pw'];
+    }
+
    serendipity_login(false);
 }