Adds HTTP basic authentication for private RSS 1.0 feeds

1 files changed, 34 insertions, 0 deletions

diff --git a/lib/rssaction.php b/lib/rssaction.php
index fe3fd6f4a..dceabcbec 100644
--- a/lib/rssaction.php
+++ b/lib/rssaction.php
@@ -96,6 +96,28 @@ class Rss10Action extends Action
     {
         // Parent handling, including cache check
         parent::handle($args);
+
+        if (common_config('site', 'private')) {
+            if (!isset($_SERVER['PHP_AUTH_USER'])) {
+
+                # This header makes basic auth go
+                header('WWW-Authenticate: Basic realm="Laconica RSS"');
+
+                # If the user hits cancel -- bam!
+                $this->show_basic_auth_error();
+                return;
+            } else {
+                $nickname = $_SERVER['PHP_AUTH_USER'];
+                $password = $_SERVER['PHP_AUTH_PW'];
+
+                if (!common_check_user($nickname, $password)) {
+                    # basic authentication failed
+                    $this->show_basic_auth_error();
+                    return;
+                }
+            }
+        }
+
         // Get the list of notices
         if (empty($this->tag)) {
             $this->notices = $this->getNotices($this->limit);
@@ -105,6 +127,18 @@ class Rss10Action extends Action
         $this->showRss();
     }
 
+    function show_basic_auth_error()
+    {
+        header('HTTP/1.1 401 Unauthorized');
+        header('Content-Type: application/xml; charset=utf-8');
+        $this->startXML();
+        $this->elementStart('hash');
+        $this->element('error', null, 'Could not authenticate you.');
+        $this->element('request', null, $_SERVER['REQUEST_URI']);
+        $this->elementEnd('hash');
+        $this->endXML();
+    }
+
     /**
      * Get the notices to output in this stream
      *