# $Id$
+Version 1.1-beta2 ()
+------------------------------------------------------------------------
+
+ * Added ability to use HTTP Authentication to the blog. Can be
+ triggered by submitting HTTP Auth credentials [only supported when
+ the server runs with mod_php, not as CGI]. Authentication can be
+ forced URLs with the "?http_auth=true" parameter, which
+ will then send a "401 Unauthorized" header.
+ If your server does not support mod_php, you can submit REQUEST
+ variables: ?http_auth_user=XXX&http_auth_pw=YYY.
+ Note that specifying username and password in the URI will lead
+ to password disclosure in HTTP logfiles.
+ This feature is most importantly meant for RSS-feeds, to make
+ RSS readers able to submit login credentials. (garvinhicking)
+
Version 1.1-beta1 (August 14th, 2006)
------------------------------------------------------------------------
if (is_array($row)) {
serendipity_setCookie('old_session', session_id());
$_SESSION['serendipityUser'] = $serendipity['serendipityUser'] = $username;
- $_SESSION['serendipityRealname'] = $serendipity['serendipityRealname'] = $$row['realname'];
+ $_SESSION['serendipityRealname'] = $serendipity['serendipityRealname'] = $row['realname'];
$_SESSION['serendipityPassword'] = $serendipity['serendipityPassword'] = $password;
$_SESSION['serendipityEmail'] = $serendipity['serendipityEmail'] = $row['email'];
$_SESSION['serendipityAuthorid'] = $serendipity['authorid'] = $row['authorid'];
header('Content-Type: text/xml; charset=utf-8');
session_cache_limiter('public');
+
include('serendipity_config.inc.php');
include(S9Y_INCLUDE_PATH . 'include/functions_rss.inc.php');
break;
}
+if (isset($serendipity['serendipityRealname'])) {
+ $title .= ' (' . LOGIN . ': ' . $serendipity['serendipityRealname'] . ')';
+}
+
if (!empty($serendipity['GET']['category'])) {
$cInfo = serendipity_fetchCategoryInfo((int)$serendipity['GET']['category']);
$title = serendipity_utf8_encode(htmlspecialchars($title . ' - '. $cInfo['category_name']));
include(S9Y_INCLUDE_PATH . 'include/compat.inc.php');
// The version string
-$serendipity['version'] = '1.1-beta1';
+$serendipity['version'] = '1.1-beta2';
// Setting this to 'false' will enable debugging output. All alpa/beta/cvs snapshot versions will emit debug information by default. To increase the debug level (to enable Smarty debugging), set this flag to 'debug'.
$serendipity['production'] = (preg_match('@\-(alpha|beta|cvs)@', $serendipity['version']) ? false : true);
$serendipity['use_PEAR'] = true;
}
+if (!isset($serendipity['useHTTP-Auth'])) {
+ $serendipity['useHTTP-Auth'] = true;
+}
+
// Should IFRAMEs be used for previewing entries and sending trackbacks?
$serendipity['use_iframe'] = true;
*/
if (IS_installed === true) {
+ // Import HTTP auth (mostly used for RSS feeds)
+ if ($serendipity['useHTTP-Auth'] && (isset($_REQUEST['http_auth']) || isset($_SERVER['PHP_AUTH_USER']))) {
+ if (!isset($_SERVER['PHP_AUTH_USER'])) {
+ header("WWW-Authenticate: Basic realm=\"Feed Login\"");
+ header("HTTP/1.0 401 Unauthorized");
+ exit;
+ } else {
+ $serendipity['POST']['user'] = $_SERVER['PHP_AUTH_USER'];
+ $serendipity['POST']['pass'] = $_SERVER['PHP_AUTH_PW'];
+ }
+ } elseif (isset($_REQUEST['http_auth_user']) && isset($_REQUEST['http_auth_pw'])) {
+ $serendipity['POST']['user'] = $_REQUEST['http_auth_user'];
+ $serendipity['POST']['pass'] = $_REQUEST['http_auth_pw'];
+ }
+
serendipity_login(false);
}
projects / s9y.git / commitdiff