diff --git a/index.php b/index.php index 5f9a048f2c..69c0bc1b23 100644 --- a/index.php +++ b/index.php @@ -165,7 +165,8 @@ function main() if (!$user && common_config('site', 'private') && !in_array($action, array('login', 'openidlogin', 'finishopenidlogin', - 'recoverpassword', 'api', 'doc', 'register'))) { + 'recoverpassword', 'api', 'doc', 'register')) && + !preg_match('/rss$/', $action)) { common_redirect(common_local_url('login')); return; } diff --git a/lib/rssaction.php b/lib/rssaction.php index fe3fd6f4a2..dceabcbec8 100644 --- a/lib/rssaction.php +++ b/lib/rssaction.php @@ -96,6 +96,28 @@ class Rss10Action extends Action { // Parent handling, including cache check parent::handle($args); + + if (common_config('site', 'private')) { + if (!isset($_SERVER['PHP_AUTH_USER'])) { + + # This header makes basic auth go + header('WWW-Authenticate: Basic realm="Laconica RSS"'); + + # If the user hits cancel -- bam! + $this->show_basic_auth_error(); + return; + } else { + $nickname = $_SERVER['PHP_AUTH_USER']; + $password = $_SERVER['PHP_AUTH_PW']; + + if (!common_check_user($nickname, $password)) { + # basic authentication failed + $this->show_basic_auth_error(); + return; + } + } + } + // Get the list of notices if (empty($this->tag)) { $this->notices = $this->getNotices($this->limit); @@ -105,6 +127,18 @@ class Rss10Action extends Action $this->showRss(); } + function show_basic_auth_error() + { + header('HTTP/1.1 401 Unauthorized'); + header('Content-Type: application/xml; charset=utf-8'); + $this->startXML(); + $this->elementStart('hash'); + $this->element('error', null, 'Could not authenticate you.'); + $this->element('request', null, $_SERVER['REQUEST_URI']); + $this->elementEnd('hash'); + $this->endXML(); + } + /** * Get the notices to output in this stream *