diff options
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/.htaccess | 10 | ||||
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 1 | ||||
| -rw-r--r-- | phpBB/feed.php | 9 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_board.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 97 | ||||
| -rw-r--r-- | phpBB/includes/questionnaire/questionnaire.php | 1 | ||||
| -rw-r--r-- | phpBB/install/database_update.php | 1 | ||||
| -rw-r--r-- | phpBB/install/schemas/schema_data.sql | 1 | ||||
| -rw-r--r-- | phpBB/language/en/acp/board.php | 2 |
9 files changed, 123 insertions, 0 deletions
diff --git a/phpBB/.htaccess b/phpBB/.htaccess index 41fb129175..474f9774c2 100644 --- a/phpBB/.htaccess +++ b/phpBB/.htaccess @@ -1,3 +1,13 @@ +# +# Uncomment the statement below if you want to make use of +# HTTP authentication and it does not already work. +# This could be required if you are for example using PHP via Apache CGI. +# +#<IfModule mod_rewrite.c> +#RewriteEngine on +#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] +#</IfModule> + <Files "config.php"> Order Allow,Deny Deny from All diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index d7cc184f17..e701683db9 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -152,6 +152,7 @@ <li>[Change] SQLite is no longer autoloaded by the installer. (Bug #56105)</li> <li>[Change] Friends and foes will not show up as private message rule options if their respective UCP modules are disabled. (Bug #51155)</li> <li>[Change] Offer for guests to log in for egosearch and unreadposts search before the search permissions check. (Bug #51585)</li> + <li>[Feature] Ability to use HTTP authentication in ATOM feeds by passing the GET parameter "auth=http".</li> </ul> <a name="v305"></a><h3>1.ii. Changes since 3.0.5</h3> diff --git a/phpBB/feed.php b/phpBB/feed.php index a783f83ffd..812b667868 100644 --- a/phpBB/feed.php +++ b/phpBB/feed.php @@ -30,6 +30,15 @@ if (!$config['feed_enable']) // Start session $user->session_begin(); + +if (!empty($config['feed_http_auth']) && request_var('auth', '') == 'http') +{ + phpbb_http_login(array( + 'auth_message' => 'Feed', + 'viewonline' => request_var('viewonline', true), + )); +} + $auth->acl($user->data); $user->setup(); diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 71ea7408fd..20a63e646e 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -267,6 +267,7 @@ class acp_board 'legend1' => 'ACP_FEED_GENERAL', 'feed_enable' => array('lang' => 'ACP_FEED_ENABLE', 'validate' => 'bool', 'type' => 'radio:enabled_disabled', 'explain' => true ), 'feed_item_statistics' => array('lang' => 'ACP_FEED_ITEM_STATISTICS', 'validate' => 'bool', 'type' => 'radio:enabled_disabled', 'explain' => true), + 'feed_http_auth' => array('lang' => 'ACP_FEED_HTTP_AUTH', 'validate' => 'bool', 'type' => 'radio:enabled_disabled', 'explain' => true), 'legend2' => 'ACP_FEED_POST_BASED', 'feed_limit_post' => array('lang' => 'ACP_FEED_LIMIT', 'validate' => 'int:5', 'type' => 'text:3:4', 'explain' => true), diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 9c294c81af..af94f3f041 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3921,6 +3921,103 @@ function phpbb_optionset($bit, $set, $data) } /** +* Login using http authenticate. +* +* @param array $param Parameter array, see $param_defaults array. +* +* @return void +*/ +function phpbb_http_login($param) +{ + global $auth, $user; + global $config; + + $param_defaults = array( + 'auth_message' => '', + + 'autologin' => false, + 'viewonline' => true, + 'admin' => false, + ); + + // Overwrite default values with passed values + $param = array_merge($param_defaults, $param); + + // User is already logged in + // We will not overwrite his session + if (!empty($user->data['is_registered'])) + { + return; + } + + // $_SERVER keys to check + $username_keys = array( + 'PHP_AUTH_USER', + 'Authorization', + 'REMOTE_USER', 'REDIRECT_REMOTE_USER', + 'HTTP_AUTHORIZATION', 'REDIRECT_HTTP_AUTHORIZATION', + 'REMOTE_AUTHORIZATION', 'REDIRECT_REMOTE_AUTHORIZATION', + 'AUTH_USER', + ); + + $password_keys = array( + 'PHP_AUTH_PW', + 'REMOTE_PASSWORD', + 'AUTH_PASSWORD', + ); + + $username = null; + foreach ($username_keys as $k) + { + if (isset($_SERVER[$k])) + { + $username = $_SERVER[$k]; + break; + } + } + + $password = null; + foreach ($password_keys as $k) + { + if (isset($_SERVER[$k])) + { + $password = $_SERVER[$k]; + break; + } + } + + // Decode encoded information (IIS, CGI, FastCGI etc.) + if (!is_null($username) && is_null($password) && strpos($username, 'Basic ') === 0) + { + list($username, $password) = explode(':', base64_decode(substr($username, 6)), 2); + } + + if (!is_null($username) && !is_null($password)) + { + set_var($username, $username, 'string', true); + set_var($password, $password, 'string', true); + + $auth_result = $auth->login($username, $password, $param['autologin'], $param['viewonline'], $param['admin']); + + if ($auth_result['status'] == LOGIN_SUCCESS) + { + return; + } + } + + // Prepend sitename to auth_message + $param['auth_message'] = ($param['auth_message'] === '') ? $config['sitename'] : $config['sitename'] . ' - ' . $param['auth_message']; + + // We should probably filter out non-ASCII characters - RFC2616 + $param['auth_message'] = preg_replace('/[\x80-\xFF]/', '?', $param['auth_message']); + + header('WWW-Authenticate: Basic realm="' . $param['auth_message'] . '"'); + header('HTTP/1.0 401 Unauthorized'); + + trigger_error('NOT_AUTHORISED'); +} + +/** * Generate page header */ function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum') diff --git a/phpBB/includes/questionnaire/questionnaire.php b/phpBB/includes/questionnaire/questionnaire.php index 34fffffc8f..cbd7638809 100644 --- a/phpBB/includes/questionnaire/questionnaire.php +++ b/phpBB/includes/questionnaire/questionnaire.php @@ -350,6 +350,7 @@ class phpbb_questionnaire_phpbb_data_provider 'enable_pm_icons' => true, 'enable_post_confirm' => true, 'feed_enable' => true, + 'feed_http_auth' => true, 'feed_limit_post' => true, 'feed_limit_topic' => true, 'feed_overall' => true, diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php index 41fd9a2136..21767c20da 100644 --- a/phpBB/install/database_update.php +++ b/phpBB/install/database_update.php @@ -1578,6 +1578,7 @@ function change_database_data(&$no_updates, $version) // ATOM Feeds set_config('feed_overall', '1'); + set_config('feed_http_auth', '0'); set_config('feed_limit_post', (string) (isset($config['feed_limit']) ? (int) $config['feed_limit'] : 15)); set_config('feed_limit_topic', (string) (isset($config['feed_overall_topics_limit']) ? (int) $config['feed_overall_topics_limit'] : 10)); set_config('feed_topics_new', (!empty($config['feed_overall_topics']) ? '1' : '0')); diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index 2f3b60b7a0..b8455f3347 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -99,6 +99,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_confirm', ' INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_pm_icons', '1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_post_confirm', '1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_enable', '0'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_http_auth', '0'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_limit_post', '15'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_limit_topic', '10'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_overall_forums', '0'); diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php index 5724b9b65c..9bb76cd354 100644 --- a/phpBB/language/en/acp/board.php +++ b/phpBB/language/en/acp/board.php @@ -276,6 +276,8 @@ $lang = array_merge($lang, array( 'ACP_FEED_OVERALL_FORUMS' => 'Enable forums feed', 'ACP_FEED_OVERALL_FORUMS_EXPLAIN' => 'Enables the “All forums” feed, which displays a list of forums.', + 'ACP_FEED_HTTP_AUTH' => 'Allow HTTP Authentication', + 'ACP_FEED_HTTP_AUTH_EXPLAIN' => 'Enables HTTP authentication, which allows users to receive content that is hidden to guest users by adding the <samp>auth=http</samp> parameter to the feed URL. Please note that some PHP setups require additional changes to the .htaccess file. Instructions can be found in that file.', 'ACP_FEED_ITEM_STATISTICS' => 'Item statistics', 'ACP_FEED_ITEM_STATISTICS_EXPLAIN' => 'Display individual statistics underneath feed items<br />(e.g. posted by, date and time, replies, views)', 'ACP_FEED_EXCLUDE_ID' => 'Exclude these forums', |