more http auth related fixes, unified login sequence function

19 years ago · b8aa49bc97
parent bffdddd0b0
commit b8aa49bc97
4 changed files with 37 additions and 37 deletions
--- a/functions.php
+++ b/functions.php
@ -608,9 +608,12 @@

 		if (!$_SERVER['PHP_AUTH_USER'] || $force_logout) {

+			if ($force_logout) logout_user();
+
 			header('WWW-Authenticate: Basic realm="Tiny Tiny RSS"');
 			header('HTTP/1.0 401 Unauthorized');
 			print "<h1>401 Unathorized</h1>";
+			
 			exit;
 			
 		} else {
@ -619,7 +622,7 @@
 			$password = db_escape_string($_SERVER['PHP_AUTH_PW']);

 			return authenticate_user($link, $login, $password);
-		}		
+		}
 	}

 	function make_password($length = 8) {
@ -659,4 +662,33 @@
 		
 		}

+	function logout_user() {
+		$_SESSION["uid"] = null;
+		$_SESSION["name"] = null;
+		$_SESSION["access_level"] = null;
+		session_destroy();
+	}
+
+	function login_sequence($link) {
+		if (!SINGLE_USER_MODE) {
+	
+			if (!USE_HTTP_AUTH) {
+				if (!$_SESSION["uid"]) {
+					header("Location: login.php?rt=tt-rss.php");
+					exit;
+				}
+			} else {
+				$force_logout = $_POST["ForceLogout"];
+	
+				if (!http_authenticate_user($link, $force_logout == "yes")) {
+					if (!http_authenticate_user($link, true)) {
+						exit;
+					}
+				}
+			}
+		} else {
+			$_SESSION["uid"] = 1;
+			$_SESSION["name"] = "admin";
+		}
+	}
 ?>
--- a/logout.php
+++ b/logout.php
@ -2,12 +2,9 @@
 	session_start();

 	require_once "config.php";
+	require_once "functions.php";

-	$_SESSION["uid"] = null;
-	$_SESSION["name"] = null;
-	$_SESSION["access_level"] = null;
-
-	session_destroy();
+	logout_user();

 	if (!USE_HTTP_AUTH) {
 		header("Location: login.php");
--- a/prefs.php
+++ b/prefs.php
@ -8,22 +8,7 @@

 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	

-	if (!SINGLE_USER_MODE) {
-
-		if (!USE_HTTP_AUTH) {
-			if (!$_SESSION["uid"]) {
-				header("Location: login.php?rt=tt-rss.php");
-				exit;
-			}
-		} else {
-			$force_logout = $_POST["ForceLogout"];
-			http_authenticate_user($link, $force_logout == "yes");
-		}
-	} else {
-		$_SESSION["uid"] = 1;
-		$_SESSION["name"] = "admin";
-	}
-
+	login_sequence($link);
 ?>
 <html>
 <head>
--- a/tt-rss.php
+++ b/tt-rss.php
@ -8,21 +8,7 @@

 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	

-	if (!SINGLE_USER_MODE) {
-
-		if (!USE_HTTP_AUTH) {
-			if (!$_SESSION["uid"]) {
-				header("Location: login.php?rt=tt-rss.php");
-				exit;
-			}
-		} else {
-			$force_logout = $_POST["ForceLogout"];
-			http_authenticate_user($link, $force_logout == "yes");
-		}
-	} else {
-		$_SESSION["uid"] = 1;
-		$_SESSION["name"] = "admin";
-	}
+	login_sequence($link);

 ?>
 <html>