From 53d2f454a65e794dd1e56d52c1ae16614abab134 Mon Sep 17 00:00:00 2001 From: Bartek Fabiszewski Date: Thu, 16 Mar 2017 14:11:01 +0100 Subject: [PATCH] Allow for authentication in case of public access --- auth.php | 24 +++++++++++++++--------- index.php | 2 ++ 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/auth.php b/auth.php index 7888ca2..8ca9908 100755 --- a/auth.php +++ b/auth.php @@ -34,16 +34,21 @@ if ($mysqli->connect_errno) { exit(); } $mysqli->set_charset("utf8"); -$auth = NULL; -$admin = NULL; -if ($require_authentication || defined('headless')) { - /* authentication */ - session_name('ulogger'); - session_start(); - $sid = session_id(); - $auth = (isset($_SESSION['auth']) ? $_SESSION['auth'] : ""); - $admin = (isset($_SESSION['admin']) ? $_SESSION['admin'] : ""); +session_name('ulogger'); +session_start(); +$sid = session_id(); + +// check for forced login to authorize admin in case of public access +$force_login = (isset($_REQUEST['force_login']) ? $_REQUEST['force_login'] : 0); +if ($force_login) { + $require_authentication = 1; +} + +$auth = (isset($_SESSION['auth']) ? $_SESSION['auth'] : NULL); +$admin = (isset($_SESSION['admin']) ? $_SESSION['admin'] : NULL); +if ($auth || $require_authentication || defined('headless')) { + /* authentication */ $user = (isset($_REQUEST['user']) ? $_REQUEST['user'] : ""); $pass = (isset($_REQUEST['pass']) ? $_REQUEST['pass'] : ""); $ssl = ((!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "" || $_SERVER['HTTPS'] == "off") ? "http" : "https"); @@ -80,6 +85,7 @@ if ($require_authentication || defined('headless')) {

+ '.(($force_login==1) ? "" : "").'
'.(($auth_error==1) ? $lang_authfail : "").'
diff --git a/index.php b/index.php index ddc1237..343cb35 100755 --- a/index.php +++ b/index.php @@ -40,6 +40,8 @@ else { '.$lang_user.' '; if ($auth) { $user_form .= ' '.$user.' ('.$lang_logout.')'; + } else { + $user_form .= ' '.$lang_login.''; } $user_form .= '