diff options
author | Jeffery To <jeffery.to@gmail.com> | 2009-07-14 03:45:12 +0800 |
---|---|---|
committer | Jeffery To <jeffery.to@gmail.com> | 2009-07-14 03:45:12 +0800 |
commit | ae6a3e258d58c863fb54c1c2b06a426fccb5a689 (patch) | |
tree | ef2966a9e4fe28110ec12af243c411c5ca492fe5 /lib/rssaction.php | |
parent | 6a0f0e32d5e837c3f0f2041bc206fc35d69f497c (diff) |
Adds HTTP basic authentication for private RSS 1.0 feeds
Diffstat (limited to 'lib/rssaction.php')
-rw-r--r-- | lib/rssaction.php | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/lib/rssaction.php b/lib/rssaction.php index fe3fd6f4a..dceabcbec 100644 --- a/lib/rssaction.php +++ b/lib/rssaction.php @@ -96,6 +96,28 @@ class Rss10Action extends Action { // Parent handling, including cache check parent::handle($args); + + if (common_config('site', 'private')) { + if (!isset($_SERVER['PHP_AUTH_USER'])) { + + # This header makes basic auth go + header('WWW-Authenticate: Basic realm="Laconica RSS"'); + + # If the user hits cancel -- bam! + $this->show_basic_auth_error(); + return; + } else { + $nickname = $_SERVER['PHP_AUTH_USER']; + $password = $_SERVER['PHP_AUTH_PW']; + + if (!common_check_user($nickname, $password)) { + # basic authentication failed + $this->show_basic_auth_error(); + return; + } + } + } + // Get the list of notices if (empty($this->tag)) { $this->notices = $this->getNotices($this->limit); @@ -105,6 +127,18 @@ class Rss10Action extends Action $this->showRss(); } + function show_basic_auth_error() + { + header('HTTP/1.1 401 Unauthorized'); + header('Content-Type: application/xml; charset=utf-8'); + $this->startXML(); + $this->elementStart('hash'); + $this->element('error', null, 'Could not authenticate you.'); + $this->element('request', null, $_SERVER['REQUEST_URI']); + $this->elementEnd('hash'); + $this->endXML(); + } + /** * Get the notices to output in this stream * |