From: Patrick Canterino Date: Thu, 27 Jun 2024 10:31:46 +0000 (+0200) Subject: Merge branch 'multi-http-admins' into next-release X-Git-Tag: 4.6.0~14 X-Git-Url: https://git.p6c8.net/jirafeau_project.git/commitdiff_plain/93d87c13b5169a0a61e3906af13cf07ec8ae2a58?hp=3882c28c0dbf26dbd7be4b4abe2695084d67ecc5 Merge branch 'multi-http-admins' into next-release --- diff --git a/admin.php b/admin.php index 0f8967f..09bded5 100644 --- a/admin.php +++ b/admin.php @@ -64,7 +64,8 @@ if (php_sapi_name() == "cli") { if (!jirafeau_admin_session_logged()) { /* Test HTTP authentication. */ if (!empty($cfg['admin_http_auth_user']) && - $cfg['admin_http_auth_user'] == $_SERVER['PHP_AUTH_USER']) { + ((is_array($cfg['admin_http_auth_user']) && in_array($_SERVER['PHP_AUTH_USER'], $cfg['admin_http_auth_user'])) || + (($cfg['admin_http_auth_user'] == $_SERVER['PHP_AUTH_USER'])))) { jirafeau_admin_session_start(); } /* Test web password authentication. */ diff --git a/lib/config.original.php b/lib/config.original.php index 1543089..bfa76af 100644 --- a/lib/config.original.php +++ b/lib/config.original.php @@ -100,13 +100,15 @@ $cfg['upload_ip_nopassword'] = array(); */ $cfg['admin_password'] = ''; -/* If set, let the user be authenticated as administrator. - * The user provided here is the user authenticated by HTTP authentication. +/* If set, let the users be authenticated as administrator. + * The users provided here are authenticated by HTTP authentication. * Note that Jirafeau does not manage the HTTP login part, it just checks - * that the provided user is logged in. + * that one of the provided users is logged in. + * May be an array for multiple users or a string for a single user. + * The option to provide a string is for backward compatibility. * If »admin_password« parameter is set, then the »admin_password« is ignored. */ -$cfg['admin_http_auth_user'] = ''; +$cfg['admin_http_auth_user'] = array(); /* List of IP allowed to access the admin interface. * If the list is empty, then there is no admin interface restriction based on IP.