From 73f5f114ec76d32db19f3dcc2aa571c912ed360b Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 1 Aug 2008 04:47:16 +0100 Subject: [PATCH] merge tweaks to ALLOW_REMOTE_USER_AUTH functionality from Erick Rudiak --- functions.php | 4 ++-- login_form.php | 6 ++++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/functions.php b/functions.php index e00faf6b6..f1836edd8 100644 --- a/functions.php +++ b/functions.php @@ -1682,11 +1682,11 @@ $pwd_hash2 = encrypt_password($password, $login); if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH - && $_SERVER["REMOTE_USER"]) { + && $_SERVER["REMOTE_USER"] && $login != "admin") { $login = db_escape_string($_SERVER["REMOTE_USER"]); - $query = "SELECT id,login,access_level + $query = "SELECT id,login,access_level,pwd_hash FROM ttrss_users WHERE login = '$login'"; diff --git a/login_form.php b/login_form.php index b2c6bcf59..cf764bfe8 100644 --- a/login_form.php +++ b/login_form.php @@ -101,9 +101,11 @@ window.onload = init; - + - +
">
">