Allow use of authenticated RSS in External Feed block

How about using 'secret' RSS feeds similar to the existing 'secret' URLs in Mahara and the secret RSS feeds in Moodle 2.0

Geoff, that would indeed be a good approach, as long as these "secret feeds" can be revoked and recreated (for example if one is accidentally disclosed).

Unfortunately, that doesn't solve the original request, which was to import authenticated RSS feeds into Mahara. But it's a good idea for importing Mahara into other systems.

Ah, I see, we should indeed split that into a different bug.

Attached is a patch against Mahara 1.3.6 that adds two new optional configuration fields, Authenticated RSS Username and Authenticated RSS Password. It also modifies lib/web.php to supply the CURLOPT_USERPWD when a username and password are set (This modification can also be used by other blocks that require access to web-based resources behind HTTPAuth).

This patch affects the following files:

htdocs/lib/web.php
htdocs/blocktype/externalfeed/lib.php
htdocs/blocktype/externalfeed/lang/en.utf8/blocktype.externalfeed.php

This patch has been tested against Mahara 1.3.6, but will likely need to be tweaked to match Mahara's coding guidelines and styles.

Shortly after posting this, I realized there's a small but critical problem, in that individual feeds and the block instances that use them are stored separately in the database.

This is fine when initially adding the authenticated RSS feed, but it fails when attempting to refresh the feed, as login credentials are not necessarily stored with the feeds themselves. This causes problems when it's time for cron to refresh the feeds. (I also realized that I had added the httpauthuser and httpauthpassword fields to the blocktype_externalfeed_data table, but did not include the install.xml & upgrade.xml files in the patch).

So, please ignore the above patch, or consider it a jumping off point for the full solution. I'll update with a new patch when I have a chance to solve the cron problem.

Apologies for the bugspam, was trying to get patch format correct (and failed).

Wow, this was much harder than I had anticipated.

My full solution is up for review here: https://reviews.mahara.org/#change,707

Reviewed: https://reviews.mahara.org/707
Committed: http://gitorious.org/mahara/mahara/commit/aa41d175dc18c766cb1b1afc9b2ed51323c65908
Submitter: Richard Mansfield (<email address hidden>)
Branch: master

commit aa41d175dc18c766cb1b1afc9b2ed51323c65908
Author: Francois Marier <email address hidden>
Date: Wed Sep 14 15:29:03 2011 +1200

    Add HTTP basic auth options to RSS block (bug #740326)

    These new per-block options allow the use of authenticated (through
    HTTP basic auth) feeds in Mahara.

    Thanks to Darren James Harkness for the initial patch.

    Change-Id: I8c916c31698ae3b32dd826d14fd475cbbad61b02
    Signed-off-by: Francois Marier <email address hidden>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

status fixreleased
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPjqdlAAoJECXBtiziiXdcxeoH/iQi1ljFCaDUrA07cq6IAZga
p3Tw7VRtZBy6Cl5NwOFg1b4/DsqFIM9fQPb+WpJqUAcTVP6B44QElOCtb0ldeZCw
cgWlkkSj1jk/gpCdKhCZ2MMHkRjMao5ZpUyF4vSO26tIiYcvPIhRoF6uWu0Z40xe
1wee4ZKGEEvO13bujMyuu4nEQSd9TK5VWPn+PbIKFEyJgCY19Zw62fWBXoanPbWj
LDuO9AnaQOPyVEx2qtoH8M5LFra2zq+dZ9Ac7oAiLffcWJAB9MqL8o2zbQHpOuVi
Ynrh6BIyUYaqdt1BhALrJ6/MQ0h7mDKGy8CVg0z4e2VHyxecYwc84kwzrItH7I0=
=mdeb
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 status fixreleased
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPjrRzAAoJECXBtiziiXdcggYH/39bWTAPjHe9fUi3ve11K6iW
/R7j+mSc51e/47Cx0Z1Xv1HkDY0ymFLyRU/4CgErzWLWtrlSVhDx/r3gf8aHj+A+
ICmHRmTTCRBij5sKZVZbzZDN/t9drPvJ1u1dWcagGR2DiXoxAa9Kd2LUXKScRvS6
DqhQWj42JiOoo1R1FGFLa8dpPwlzwuLKyQQ6gvdDutva0E3RqktUUBy8w6ieMG6E
UM/K4sdgx7AAhfBxg91349DOjKeHE/69Vb1gbJXE9UtY/xwe+3sgBtAM7aN4e5US
PhBcGckRLkgxpwLwDzTNGuDHFp51OjIdqXaoRAxXx3tgOonY2bs/eqg42RJBcR4=
=dLjM
-----END PGP SIGNATURE-----