[mirrors/SokoMan.git] / lib / HTTP_Auth.class.php

<?php
/*
 * Harvie's PHP HTTP-Auth script
 * Copyright (C) 2oo7-2o11  Thomas Mudrunka
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

///SETTINGS//////////////////////////////////////////////////////////////////////////////////////////////////////
//Login
$require_login = false; //Require login? (if false, no login needed) - WARNING!!!
$realm = 'music'; //This is used by browser to identify protected area and saving passwords (one_site+one_realm==one_user+one_password)
$users = array( //You can specify multiple users in this array
	'music' => 'passw'
);
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//MANUAL/////////////////////////////////////////////////////////////////////////////////////////////////////////
/* HOWTO
 * To each file, you want to lock add this line (at begin of first line - Header-safe):
 * <?php require_once('http_auth.php'); ?> //Password Protection 8')
 * Protected file have to be php script (if it's html, simply rename it to .php)
 * Server needs to have PHP as module (not CGI).
 * You need HTTP Basic auth enabled on server and php.
 */
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////CODE/////////////////////////////////////////////////////////////////////////////////////////////////////////
class HTTP_Auth {

	function send_auth_headers($realm='') {
		Header('WWW-Authenticate: Basic realm="'.$realm.'"');
		Header('HTTP/1.0 401 Unauthorized');
	}

	function get_current_url($login='logout@') {
		$proto = empty($_SERVER['HTTPS']) ? $proto = 'http' : $proto = 'https';
		return $proto.'://'.$login.$_SERVER['HTTP_HOST'].':'.$_SERVER['SERVER_PORT'].$_SERVER['PHP_SELF'];
	}

	static function check_auth_internal($user, $pass) { //Check if login is succesfull
		//(U can modify this to use DB, or anything else)
		return (isset($GLOBALS['users'][$user]) && ($GLOBALS['users'][$user] == $pass));
	}

	function check_auth($user, $pass) {
		return call_user_func($this->auth_function, $user, $pass);
	}

	function unauthorized() { //Do this when login fails
		//Show warning and die
		die("$this->cbanner<title>401 - Forbidden</title>\n<h1>401 - Forbidden</h1>\n<a href=\"?\">Login...</a>\n$this->hbanner");
		die(); //Don't forget!!!
	}


	function auth($realm) {
		//Backward compatibility
		if(isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];
		if(isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW'];

		//Logout
		if(isset($_GET['logout'])) { //script.php?logout
			Header('HTTP/1.0 302 Found');
			Header('Location: '.$this->get_current_url());
		}

		if(!isset($PHP_AUTH_USER)) {
			//Storno or first visit of page
			$this->send_auth_headers($realm);
			$this->unauthorized();
		} else {
			//Login sent
			if($this->check_auth($PHP_AUTH_USER, $PHP_AUTH_PW)) {
				//Login succesfull - probably do nothing here
			} else {
				//Bad login
				$this->send_auth_headers($realm);
				$this->unauthorized();
			}
		}
		//Rest of file will be displayed only if login is correct
	}

	function __construct($realm='private', $require_login=true, $auth_function=false) {
		//CopyLeft
		$ver = '2o11-5.0';
		$link = '<a href="https://blog.harvie.cz/">blog.harvie.cz</a>';
		$banner = "Harvie's PHP HTTP-Auth script (v$ver)";
		$this->hbanner = "<hr /><i>$banner\n-\n$link</i>\n";
		$this->cbanner = "<!-- $banner -->\n";

		$this->auth_function=array($this,'check_auth_internal');
		if($auth_function) $this->auth_function=$auth_function;

		if($require_login) {
			$this->auth($realm);
		}
	}

}

if($require_login) new HTTP_Auth($realm);
Commit	Line	Data
cdfce7c2 TM	1	<?php
	2	/*
	3	* Harvie's PHP HTTP-Auth script
	4	* Copyright (C) 2oo7-2o11 Thomas Mudrunka
	5	*
	6	* This program is free software: you can redistribute it and/or modify
	7	* it under the terms of the GNU Affero General Public License as
	8	* published by the Free Software Foundation, either version 3 of the
	9	* License, or (at your option) any later version.
	10	*
	11	* This program is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	* GNU Affero General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU Affero General Public License
	17	* along with this program. If not, see <http://www.gnu.org/licenses/>.
	18	*/
	19
	20	///SETTINGS//////////////////////////////////////////////////////////////////////////////////////////////////////
	21	//Login
	22	$require_login = false; //Require login? (if false, no login needed) - WARNING!!!
	23	$realm = 'music'; //This is used by browser to identify protected area and saving passwords (one_site+one_realm==one_user+one_password)
	24	$users = array( //You can specify multiple users in this array
	25	'music' => 'passw'
	26	);
	27	/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
	28	//MANUAL/////////////////////////////////////////////////////////////////////////////////////////////////////////
	29	/* HOWTO
	30	* To each file, you want to lock add this line (at begin of first line - Header-safe):
	31	* <?php require_once('http_auth.php'); ?> //Password Protection 8')
	32	* Protected file have to be php script (if it's html, simply rename it to .php)
	33	* Server needs to have PHP as module (not CGI).
	34	* You need HTTP Basic auth enabled on server and php.
	35	*/
	36	/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
	37	////CODE/////////////////////////////////////////////////////////////////////////////////////////////////////////
	38	class HTTP_Auth {
	39
	40	function send_auth_headers($realm='') {
	41	Header('WWW-Authenticate: Basic realm="'.$realm.'"');
	42	Header('HTTP/1.0 401 Unauthorized');
	43	}
	44
79146b24 TM	45	function get_current_url($login='logout@') {
	46	$proto = empty($_SERVER['HTTPS']) ? $proto = 'http' : $proto = 'https';
	47	return $proto.'://'.$login.$_SERVER['HTTP_HOST'].':'.$_SERVER['SERVER_PORT'].$_SERVER['PHP_SELF'];
	48	}
	49
cdfce7c2 TM	50	static function check_auth_internal($user, $pass) { //Check if login is succesfull
	51	//(U can modify this to use DB, or anything else)
	52	return (isset($GLOBALS['users'][$user]) && ($GLOBALS['users'][$user] == $pass));
	53	}
	54
	55	function check_auth($user, $pass) {
	56	return call_user_func($this->auth_function, $user, $pass);
	57	}
	58
	59	function unauthorized() { //Do this when login fails
	60	//Show warning and die
	61	die("$this->cbanner<title>401 - Forbidden</title>\n<h1>401 - Forbidden</h1>\n<a href=\"?\">Login...</a>\n$this->hbanner");
	62	die(); //Don't forget!!!
	63	}
	64
	65
	66	function auth($realm) {
	67	//Backward compatibility
	68	if(isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];
	69	if(isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW'];
	70
	71	//Logout
	72	if(isset($_GET['logout'])) { //script.php?logout
79146b24 TM	73	Header('HTTP/1.0 302 Found');
79146b24 TM	74	Header('Location: '.$this->get_current_url());
cdfce7c2 TM	75	}
	76
	77	if(!isset($PHP_AUTH_USER)) {
	78	//Storno or first visit of page
	79	$this->send_auth_headers($realm);
	80	$this->unauthorized();
	81	} else {
	82	//Login sent
	83	if($this->check_auth($PHP_AUTH_USER, $PHP_AUTH_PW)) {
	84	//Login succesfull - probably do nothing here
	85	} else {
	86	//Bad login
	87	$this->send_auth_headers($realm);
	88	$this->unauthorized();
	89	}
	90	}
	91	//Rest of file will be displayed only if login is correct
	92	}
	93
	94	function __construct($realm='private', $require_login=true, $auth_function=false) {
cdfce7c2	95	//CopyLeft
79146b24	96	$ver = '2o11-5.0';
cdfce7c2 TM	97	$link = '<a href="https://blog.harvie.cz/">blog.harvie.cz</a>';
	98	$banner = "Harvie's PHP HTTP-Auth script (v$ver)";
	99	$this->hbanner = "<hr /><i>$banner\n-\n$link</i>\n";
	100	$this->cbanner = "<!-- $banner -->\n";
	101
	102	$this->auth_function=array($this,'check_auth_internal');
	103	if($auth_function) $this->auth_function=$auth_function;
	104
	105	if($require_login) {
	106	$this->auth($realm);
	107	}
	108	}
	109
	110	}
	111
	112	if($require_login) new HTTP_Auth($realm);