- new feature : use Apache authentication. If $conf['apache_authentication']

  is set true : if no user matches $_SERVER['REMOTE_USER'] in "users" table,
  PWG automatically creates one. This way, users can customize the behaviour
  of the application.

- template : new organisation of identification menu
  (category.php). Simplification is required for Apache authentication (no
  logout link even if user is externally logged in)

- new : usernames can contain quotes (required because Apache authentication
  authorized quotes in usernames)


git-svn-id: http://piwigo.org/svn/trunk@804 68402e56-0260-453c-a942-63ccdbb3a9ee

1 files changed, 29 insertions, 0 deletions

diff --git a/include/user.inc.php b/include/user.inc.php
index b388943c0..56b36039c 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -91,6 +91,35 @@ if (!isset($user['id']))
   $user['is_the_guest'] = true;
 }
 
+// using Apache authentication override the above user search
+if ($conf['apache_authentication'] and isset($_SERVER['REMOTE_USER']))
+{
+  $query = '
+SELECT id
+  FROM '.USERS_TABLE.'
+  WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\'
+;';
+  $result = pwg_query($query);
+
+  if (mysql_num_rows($result) == 0)
+  {
+    register_user($_SERVER['REMOTE_USER'], '', '', '');
+
+    $query = '
+SELECT id
+  FROM '.USERS_TABLE.'
+  WHERE username = \''.mysql_escape_string($_SERVER['REMOTE_USER']).'\'
+;';
+    list($user['id']) = mysql_fetch_row(pwg_query($query));
+  }
+  else
+  {
+    list($user['id']) = mysql_fetch_row($result);
+  }
+
+  $user['is_the_guest'] = false;
+}
+
 $query = '
 SELECT u.*, uf.*
   FROM '.USERS_TABLE.' AS u LEFT JOIN '.USER_FORBIDDEN_TABLE.' AS uf