fix http basic authentication

19 years ago · 8cb7480484
parent 2317ffaae7
commit 8cb7480484
5 changed files with 32 additions and 8 deletions
--- a/functions.php
+++ b/functions.php
@ -604,9 +604,9 @@

 	}

-	function http_authenticate_user($link) {
+	function http_authenticate_user($link, $force_logout) {

-		if (!$_SERVER['PHP_AUTH_USER']) {
+		if (!$_SERVER['PHP_AUTH_USER'] || $force_logout) {

 			header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"');
 			header('HTTP/1.0 401 Unauthorized');
--- a/logout.php
+++ b/logout.php
@ -1,12 +1,17 @@
 <?
 	session_start();

+	require_once "config.php";
+
 	$_SESSION["uid"] = null;
 	$_SESSION["name"] = null;
 	$_SESSION["access_level"] = null;

 	session_destroy();

-	header("Location: login.php");
-
+	if (!USE_HTTP_AUTH) {
+		header("Location: login.php");
+	} else {
+		header("Location: tt-rss.php");
+	}
 ?>
--- a/prefs.php
+++ b/prefs.php
@ -12,11 +12,12 @@

 		if (!USE_HTTP_AUTH) {
 			if (!$_SESSION["uid"]) {
-				header("Location: login.php?rt=prefs.php");
+				header("Location: login.php?rt=tt-rss.php");
 				exit;
 			}
 		} else {
-			authenticate_user($link);
+			$force_logout = $_POST["ForceLogout"];
+			http_authenticate_user($link, $force_logout == "yes");
 		}
 	} else {
 		$_SESSION["uid"] = 1;
--- a/tt-rss.css
+++ b/tt-rss.css
@ -587,6 +587,12 @@ td.welcomePrompt {

 }

+td.httpWelcomePrompt {
+	font-size : small;
+	color : gray;
+	text-align : right;
+}
+
 table.loginForm {
 	background-image : url("images/vgrad_light_rev.png");
 	background-color : white;
--- a/tt-rss.php
+++ b/tt-rss.php
@ -16,7 +16,8 @@
 				exit;
 			}
 		} else {
-			authenticate_user($link);
+			$force_logout = $_POST["ForceLogout"];
+			http_authenticate_user($link, $force_logout == "yes");
 		}
 	} else {
 		$_SESSION["uid"] = 1;
@ -77,7 +78,18 @@

 		</tr><tr><td class="welcomePrompt">
 			<? if (!SINGLE_USER_MODE) { ?>
-			Hello, <b><?= $_SESSION["name"] ?></b> (<a href="logout.php">Logout</a>)</td>
+			<? if (USE_HTTP_AUTH) { ?>
+				<table align="right"><tr>
+				<td class="httpWelcomePrompt">Hello, <b><?= $_SESSION["name"] ?></b></td>
+				<td><form action="tt-rss.php" method="POST">
+					<input type="hidden" name="ForceLogout" value="yes">
+					<input type="submit" class="button" value="Logout">
+				</form>
+				</td></tr></table>
+			<? } else { ?>
+				Hello, <b><?= $_SESSION["name"] ?></b>(<a href="logout.php">Logout</a>)
+			<? } ?>
+			</td>			
 			<? } ?>
 		</tr></table>
 	</td>