aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--phpBB/.htaccess10
-rw-r--r--phpBB/docs/CHANGELOG.html1
-rw-r--r--phpBB/feed.php9
-rw-r--r--phpBB/includes/acp/acp_board.php1
-rw-r--r--phpBB/includes/functions.php97
-rw-r--r--phpBB/includes/questionnaire/questionnaire.php1
-rw-r--r--phpBB/install/database_update.php1
-rw-r--r--phpBB/install/schemas/schema_data.sql1
-rw-r--r--phpBB/language/en/acp/board.php2
9 files changed, 123 insertions, 0 deletions
diff --git a/phpBB/.htaccess b/phpBB/.htaccess
index 41fb129175..474f9774c2 100644
--- a/phpBB/.htaccess
+++ b/phpBB/.htaccess
@@ -1,3 +1,13 @@
+#
+# Uncomment the statement below if you want to make use of
+# HTTP authentication and it does not already work.
+# This could be required if you are for example using PHP via Apache CGI.
+#
+#<IfModule mod_rewrite.c>
+#RewriteEngine on
+#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
+#</IfModule>
+
<Files "config.php">
Order Allow,Deny
Deny from All
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index d7cc184f17..e701683db9 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -152,6 +152,7 @@
<li>[Change] SQLite is no longer autoloaded by the installer. (Bug #56105)</li>
<li>[Change] Friends and foes will not show up as private message rule options if their respective UCP modules are disabled. (Bug #51155)</li>
<li>[Change] Offer for guests to log in for egosearch and unreadposts search before the search permissions check. (Bug #51585)</li>
+ <li>[Feature] Ability to use HTTP authentication in ATOM feeds by passing the GET parameter &quot;auth=http&quot;.</li>
</ul>
<a name="v305"></a><h3>1.ii. Changes since 3.0.5</h3>
diff --git a/phpBB/feed.php b/phpBB/feed.php
index a783f83ffd..812b667868 100644
--- a/phpBB/feed.php
+++ b/phpBB/feed.php
@@ -30,6 +30,15 @@ if (!$config['feed_enable'])
// Start session
$user->session_begin();
+
+if (!empty($config['feed_http_auth']) && request_var('auth', '') == 'http')
+{
+ phpbb_http_login(array(
+ 'auth_message' => 'Feed',
+ 'viewonline' => request_var('viewonline', true),
+ ));
+}
+
$auth->acl($user->data);
$user->setup();
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php
index 71ea7408fd..20a63e646e 100644
--- a/phpBB/includes/acp/acp_board.php
+++ b/phpBB/includes/acp/acp_board.php
@@ -267,6 +267,7 @@ class acp_board
'legend1' => 'ACP_FEED_GENERAL',
'feed_enable' => array('lang' => 'ACP_FEED_ENABLE', 'validate' => 'bool', 'type' => 'radio:enabled_disabled', 'explain' => true ),
'feed_item_statistics' => array('lang' => 'ACP_FEED_ITEM_STATISTICS', 'validate' => 'bool', 'type' => 'radio:enabled_disabled', 'explain' => true),
+ 'feed_http_auth' => array('lang' => 'ACP_FEED_HTTP_AUTH', 'validate' => 'bool', 'type' => 'radio:enabled_disabled', 'explain' => true),
'legend2' => 'ACP_FEED_POST_BASED',
'feed_limit_post' => array('lang' => 'ACP_FEED_LIMIT', 'validate' => 'int:5', 'type' => 'text:3:4', 'explain' => true),
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 9c294c81af..af94f3f041 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -3921,6 +3921,103 @@ function phpbb_optionset($bit, $set, $data)
}
/**
+* Login using http authenticate.
+*
+* @param array $param Parameter array, see $param_defaults array.
+*
+* @return void
+*/
+function phpbb_http_login($param)
+{
+ global $auth, $user;
+ global $config;
+
+ $param_defaults = array(
+ 'auth_message' => '',
+
+ 'autologin' => false,
+ 'viewonline' => true,
+ 'admin' => false,
+ );
+
+ // Overwrite default values with passed values
+ $param = array_merge($param_defaults, $param);
+
+ // User is already logged in
+ // We will not overwrite his session
+ if (!empty($user->data['is_registered']))
+ {
+ return;
+ }
+
+ // $_SERVER keys to check
+ $username_keys = array(
+ 'PHP_AUTH_USER',
+ 'Authorization',
+ 'REMOTE_USER', 'REDIRECT_REMOTE_USER',
+ 'HTTP_AUTHORIZATION', 'REDIRECT_HTTP_AUTHORIZATION',
+ 'REMOTE_AUTHORIZATION', 'REDIRECT_REMOTE_AUTHORIZATION',
+ 'AUTH_USER',
+ );
+
+ $password_keys = array(
+ 'PHP_AUTH_PW',
+ 'REMOTE_PASSWORD',
+ 'AUTH_PASSWORD',
+ );
+
+ $username = null;
+ foreach ($username_keys as $k)
+ {
+ if (isset($_SERVER[$k]))
+ {
+ $username = $_SERVER[$k];
+ break;
+ }
+ }
+
+ $password = null;
+ foreach ($password_keys as $k)
+ {
+ if (isset($_SERVER[$k]))
+ {
+ $password = $_SERVER[$k];
+ break;
+ }
+ }
+
+ // Decode encoded information (IIS, CGI, FastCGI etc.)
+ if (!is_null($username) && is_null($password) && strpos($username, 'Basic ') === 0)
+ {
+ list($username, $password) = explode(':', base64_decode(substr($username, 6)), 2);
+ }
+
+ if (!is_null($username) && !is_null($password))
+ {
+ set_var($username, $username, 'string', true);
+ set_var($password, $password, 'string', true);
+
+ $auth_result = $auth->login($username, $password, $param['autologin'], $param['viewonline'], $param['admin']);
+
+ if ($auth_result['status'] == LOGIN_SUCCESS)
+ {
+ return;
+ }
+ }
+
+ // Prepend sitename to auth_message
+ $param['auth_message'] = ($param['auth_message'] === '') ? $config['sitename'] : $config['sitename'] . ' - ' . $param['auth_message'];
+
+ // We should probably filter out non-ASCII characters - RFC2616
+ $param['auth_message'] = preg_replace('/[\x80-\xFF]/', '?', $param['auth_message']);
+
+ header('WWW-Authenticate: Basic realm="' . $param['auth_message'] . '"');
+ header('HTTP/1.0 401 Unauthorized');
+
+ trigger_error('NOT_AUTHORISED');
+}
+
+/**
* Generate page header
*/
function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum')
diff --git a/phpBB/includes/questionnaire/questionnaire.php b/phpBB/includes/questionnaire/questionnaire.php
index 34fffffc8f..cbd7638809 100644
--- a/phpBB/includes/questionnaire/questionnaire.php
+++ b/phpBB/includes/questionnaire/questionnaire.php
@@ -350,6 +350,7 @@ class phpbb_questionnaire_phpbb_data_provider
'enable_pm_icons' => true,
'enable_post_confirm' => true,
'feed_enable' => true,
+ 'feed_http_auth' => true,
'feed_limit_post' => true,
'feed_limit_topic' => true,
'feed_overall' => true,
diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php
index 41fd9a2136..21767c20da 100644
--- a/phpBB/install/database_update.php
+++ b/phpBB/install/database_update.php
@@ -1578,6 +1578,7 @@ function change_database_data(&$no_updates, $version)
// ATOM Feeds
set_config('feed_overall', '1');
+ set_config('feed_http_auth', '0');
set_config('feed_limit_post', (string) (isset($config['feed_limit']) ? (int) $config['feed_limit'] : 15));
set_config('feed_limit_topic', (string) (isset($config['feed_overall_topics_limit']) ? (int) $config['feed_overall_topics_limit'] : 10));
set_config('feed_topics_new', (!empty($config['feed_overall_topics']) ? '1' : '0'));
diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql
index 2f3b60b7a0..b8455f3347 100644
--- a/phpBB/install/schemas/schema_data.sql
+++ b/phpBB/install/schemas/schema_data.sql
@@ -99,6 +99,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_confirm', '
INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_pm_icons', '1');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_post_confirm', '1');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_enable', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_http_auth', '0');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_limit_post', '15');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_limit_topic', '10');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_overall_forums', '0');
diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php
index 5724b9b65c..9bb76cd354 100644
--- a/phpBB/language/en/acp/board.php
+++ b/phpBB/language/en/acp/board.php
@@ -276,6 +276,8 @@ $lang = array_merge($lang, array(
'ACP_FEED_OVERALL_FORUMS' => 'Enable forums feed',
'ACP_FEED_OVERALL_FORUMS_EXPLAIN' => 'Enables the “All forums” feed, which displays a list of forums.',
+ 'ACP_FEED_HTTP_AUTH' => 'Allow HTTP Authentication',
+ 'ACP_FEED_HTTP_AUTH_EXPLAIN' => 'Enables HTTP authentication, which allows users to receive content that is hidden to guest users by adding the <samp>auth=http</samp> parameter to the feed URL. Please note that some PHP setups require additional changes to the .htaccess file. Instructions can be found in that file.',
'ACP_FEED_ITEM_STATISTICS' => 'Item statistics',
'ACP_FEED_ITEM_STATISTICS_EXPLAIN' => 'Display individual statistics underneath feed items<br />(e.g. posted by, date and time, replies, views)',
'ACP_FEED_EXCLUDE_ID' => 'Exclude these forums',