From: Patrick Canterino Date: Sun, 19 Mar 2023 13:15:50 +0000 (+0100) Subject: Allow multiple usernames when using HTTP authentication for the admin interface X-Git-Tag: 4.6.0~14^2 X-Git-Url: https://git.p6c8.net/jirafeau_project.git/commitdiff_plain/45ca48c235e1ac4634799231dff0962fce2e3fbf?ds=inline;hp=--cc Allow multiple usernames when using HTTP authentication for the admin interface Changed $cfg['admin_http_auth_user'] to an array to provide multiple usernames. The option to provide a string here is preserved for backward compatibility. --- 45ca48c235e1ac4634799231dff0962fce2e3fbf diff --git a/admin.php b/admin.php index 0f8967f..09bded5 100644 --- a/admin.php +++ b/admin.php @@ -64,7 +64,8 @@ if (php_sapi_name() == "cli") { if (!jirafeau_admin_session_logged()) { /* Test HTTP authentication. */ if (!empty($cfg['admin_http_auth_user']) && - $cfg['admin_http_auth_user'] == $_SERVER['PHP_AUTH_USER']) { + ((is_array($cfg['admin_http_auth_user']) && in_array($_SERVER['PHP_AUTH_USER'], $cfg['admin_http_auth_user'])) || + (($cfg['admin_http_auth_user'] == $_SERVER['PHP_AUTH_USER'])))) { jirafeau_admin_session_start(); } /* Test web password authentication. */ diff --git a/lib/config.original.php b/lib/config.original.php index 1543089..bfa76af 100644 --- a/lib/config.original.php +++ b/lib/config.original.php @@ -100,13 +100,15 @@ $cfg['upload_ip_nopassword'] = array(); */ $cfg['admin_password'] = ''; -/* If set, let the user be authenticated as administrator. - * The user provided here is the user authenticated by HTTP authentication. +/* If set, let the users be authenticated as administrator. + * The users provided here are authenticated by HTTP authentication. * Note that Jirafeau does not manage the HTTP login part, it just checks - * that the provided user is logged in. + * that one of the provided users is logged in. + * May be an array for multiple users or a string for a single user. + * The option to provide a string is for backward compatibility. * If »admin_password« parameter is set, then the »admin_password« is ignored. */ -$cfg['admin_http_auth_user'] = ''; +$cfg['admin_http_auth_user'] = array(); /* List of IP allowed to access the admin interface. * If the list is empty, then there is no admin interface restriction based on IP.