add optional AUTO_LOGIN for when remote authentication is allowed (closes #295)

config.php-dist

@@ -136,6 +136,11 @@
 	// option can be used to integrate tt-rss with Apache's external
 	// authentication modules.
 
+	define('AUTO_LOGIN', false);
+	// Set this to true if you use ALLOW_REMOTE_USER_AUTH and you want
+	// to skip the login form. If set to true, users won't be able to
+	// set application language and settings profile.
+
 	define('LOCK_DIRECTORY', 'lock');
 	// Directory for lockfiles, must be writable to the user you run
 	// daemon process or cronjobs under.
@@ -184,7 +189,7 @@
 	// Your OAuth instance authentication information for Twitter, visit
 	// http://twitter.com/oauth_clients to register your instance.
 
-	define('CONFIG_VERSION', 20);
+	define('CONFIG_VERSION', 21);
 	// Expected config version. Please update this option in config.php
 	// if necessary (after migrating all new options from this file).
 

functions.php

@@ -1991,9 +1991,15 @@
 			}
 
 			if (!$_SESSION["uid"] || !validate_session($link)) {
-				render_login_form($link, $mobile);
+				if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH
-				//header("Location: login.php");
+					&& $_SERVER["REMOTE_USER"] && defined('AUTO_LOGIN') && AUTO_LOGIN) {
-				exit;
+				    authenticate_user($link,$_SERVER['REMOTE_USER'],null);
+				    $_SESSION["ref_schema_version"] = get_schema_version($link, true);
+				} else {
+				    render_login_form($link, $mobile);
+				    //header("Location: login.php");
+				    exit;
+				}
 			} else {
 				/* bump login timestamp */
 				db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . 

sanity_check.php

@@ -1,7 +1,7 @@
 <?php
 	require_once "functions.php";
 
-	define('EXPECTED_CONFIG_VERSION', 20);
+	define('EXPECTED_CONFIG_VERSION', 21);
 	define('SCHEMA_VERSION', 78);
 
 	if (!file_exists("config.php")) {