Commit | Line | Data |
---|---|---|
cdfce7c2 TM |
1 | <?php |
2 | /* | |
3 | * Harvie's PHP HTTP-Auth script | |
4 | * Copyright (C) 2oo7-2o11 Thomas Mudrunka | |
5 | * | |
6 | * This program is free software: you can redistribute it and/or modify | |
7 | * it under the terms of the GNU Affero General Public License as | |
8 | * published by the Free Software Foundation, either version 3 of the | |
9 | * License, or (at your option) any later version. | |
10 | * | |
11 | * This program is distributed in the hope that it will be useful, | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | * GNU Affero General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU Affero General Public License | |
17 | * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
18 | */ | |
19 | ||
20 | ///SETTINGS////////////////////////////////////////////////////////////////////////////////////////////////////// | |
21 | //Login | |
22 | $require_login = false; //Require login? (if false, no login needed) - WARNING!!! | |
23 | $realm = 'music'; //This is used by browser to identify protected area and saving passwords (one_site+one_realm==one_user+one_password) | |
24 | $users = array( //You can specify multiple users in this array | |
25 | 'music' => 'passw' | |
26 | ); | |
27 | ///////////////////////////////////////////////////////////////////////////////////////////////////////////////// | |
28 | //MANUAL///////////////////////////////////////////////////////////////////////////////////////////////////////// | |
29 | /* HOWTO | |
30 | * To each file, you want to lock add this line (at begin of first line - Header-safe): | |
31 | * <?php require_once('http_auth.php'); ?> //Password Protection 8') | |
32 | * Protected file have to be php script (if it's html, simply rename it to .php) | |
33 | * Server needs to have PHP as module (not CGI). | |
34 | * You need HTTP Basic auth enabled on server and php. | |
35 | */ | |
36 | ///////////////////////////////////////////////////////////////////////////////////////////////////////////////// | |
37 | ////CODE///////////////////////////////////////////////////////////////////////////////////////////////////////// | |
38 | class HTTP_Auth { | |
39 | ||
40 | function send_auth_headers($realm='') { | |
41 | Header('WWW-Authenticate: Basic realm="'.$realm.'"'); | |
42 | Header('HTTP/1.0 401 Unauthorized'); | |
43 | } | |
44 | ||
45 | static function check_auth_internal($user, $pass) { //Check if login is succesfull | |
46 | //(U can modify this to use DB, or anything else) | |
47 | return (isset($GLOBALS['users'][$user]) && ($GLOBALS['users'][$user] == $pass)); | |
48 | } | |
49 | ||
50 | function check_auth($user, $pass) { | |
51 | return call_user_func($this->auth_function, $user, $pass); | |
52 | } | |
53 | ||
54 | function unauthorized() { //Do this when login fails | |
55 | //Show warning and die | |
56 | die("$this->cbanner<title>401 - Forbidden</title>\n<h1>401 - Forbidden</h1>\n<a href=\"?\">Login...</a>\n$this->hbanner"); | |
57 | die(); //Don't forget!!! | |
58 | } | |
59 | ||
60 | ||
61 | function auth($realm) { | |
62 | //Backward compatibility | |
63 | if(isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER']; | |
64 | if(isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW']; | |
65 | ||
66 | //Logout | |
67 | if(isset($_GET['logout'])) { //script.php?logout | |
68 | if(isset($PHP_AUTH_USER) || isset($PHP_AUTH_PW)) { | |
69 | Header('WWW-Authenticate: Basic realm="'.$realm.'"'); | |
70 | Header('HTTP/1.0 401 Unauthorized'); | |
71 | } else { | |
72 | $location=$this->location; | |
73 | if($_GET['logout'] != '') $location = $_GET['logout']; | |
74 | if(trim($location) != '401') Header('Location: '.$location); | |
75 | die("$this->cbanner<title>401 - Log out successfull</title>\n<h1>401 - Log out successfull</h1>\n<a href=\"?\">Continue...</a>\n$this->hbanner"); | |
76 | } | |
77 | } | |
78 | ||
79 | if(!isset($PHP_AUTH_USER)) { | |
80 | //Storno or first visit of page | |
81 | $this->send_auth_headers($realm); | |
82 | $this->unauthorized(); | |
83 | } else { | |
84 | //Login sent | |
85 | if($this->check_auth($PHP_AUTH_USER, $PHP_AUTH_PW)) { | |
86 | //Login succesfull - probably do nothing here | |
87 | } else { | |
88 | //Bad login | |
89 | $this->send_auth_headers($realm); | |
90 | $this->unauthorized(); | |
91 | } | |
92 | } | |
93 | //Rest of file will be displayed only if login is correct | |
94 | } | |
95 | ||
96 | function __construct($realm='private', $require_login=true, $auth_function=false) { | |
97 | //Misc | |
98 | $this->location = '401'; //Location after logout - 401 = default logout page (can be overridden by ?logout=[LOCATION]) | |
99 | //CopyLeft | |
100 | $ver = '2o1o-4.0'; | |
101 | $link = '<a href="https://blog.harvie.cz/">blog.harvie.cz</a>'; | |
102 | $banner = "Harvie's PHP HTTP-Auth script (v$ver)"; | |
103 | $this->hbanner = "<hr /><i>$banner\n-\n$link</i>\n"; | |
104 | $this->cbanner = "<!-- $banner -->\n"; | |
105 | ||
106 | $this->auth_function=array($this,'check_auth_internal'); | |
107 | if($auth_function) $this->auth_function=$auth_function; | |
108 | ||
109 | if($require_login) { | |
110 | $this->auth($realm); | |
111 | } | |
112 | } | |
113 | ||
114 | } | |
115 | ||
116 | if($require_login) new HTTP_Auth($realm); |