| 1 | <?php\r |
| 2 | ///SETTINGS//////////////////////////////////////////////////////////////////////////////////////////////////////\r |
| 3 | //Login\r |
| 4 | $realm = 'secret_zone'; //This is used by browser to identify protected area and saving passwords (one_site+one_realm==one_user+one_password)\r |
| 5 | $user = 'root'; //User\r |
| 6 | $passwd = 'toor'; //Password\r |
| 7 | //Misc\r |
| 8 | $require_login = true; //Require login? (if false, no login needed) - WARNING!!!\r |
| 9 | $location = '401'; //Location after logout - 401 = default logout page (can be overridden by ?logout=[LOCATION])\r |
| 10 | //CopyLeft\r |
| 11 | $ver = '3.7.1';\r |
| 12 | $link = '<a href="https://harvie.ath.cx/">harvie.ath.cx</a>';\r |
| 13 | $banner = "Harvie's PHP HTTP-Auth script (v$ver)";\r |
| 14 | $hbanner = "<hr /><i>$banner\n$link</i>\n";\r |
| 15 | $cbanner = "<!-- $banner -->\n";\r |
| 16 | /////////////////////////////////////////////////////////////////////////////////////////////////////////////////\r |
| 17 | //MANUAL/////////////////////////////////////////////////////////////////////////////////////////////////////////\r |
| 18 | /* HOWTO\r |
| 19 | * To each file, you want to lock add this line (at begin of first line):\r |
| 20 | * <?php include('http_auth.php'); ?>\r |
| 21 | * This file have to be php script (if it's html, simply rename it to .php)\r |
| 22 | * Server have to run PHP (not CGI).\r |
| 23 | * You need HTTP Basic auth enabled on server and in php.ini\r |
| 24 | */\r |
| 25 | /////////////////////////////////////////////////////////////////////////////////////////////////////////////////\r |
| 26 | ////CODE/////////////////////////////////////////////////////////////////////////////////////////////////////////\r |
| 27 | function send_auth_headers($realm='') {\r |
| 28 | Header('WWW-Authenticate: Basic realm="'.$realm.'"');\r |
| 29 | Header('HTTP/1.0 401 Unauthorized');\r |
| 30 | }\r |
| 31 | \r |
| 32 | function check_auth($PHP_AUTH_USER, $PHP_AUTH_PW) { //Check if login is succesfull (U can modify to use DB, or anything else)\r |
| 33 | return (($PHP_AUTH_USER == $GLOBALS['user']) && ($PHP_AUTH_PW == $GLOBALS['passwd']));\r |
| 34 | }\r |
| 35 | \r |
| 36 | function unauth() { //Do this when login fails\r |
| 37 | $cbanner = $GLOBALS['cbanner'];\r |
| 38 | $hbanner = $GLOBALS['hbanner'];\r |
| 39 | die("$cbanner<title>401 - Forbidden</title>\n<h1>401 - Forbidden</h1>\n<a href=\"?\">Login...</a>\n$hbanner"); //Show warning and die\r |
| 40 | die(); //Don't forget!!!\r |
| 41 | }\r |
| 42 | \r |
| 43 | //Back-Compatibility\r |
| 44 | if(isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];\r |
| 45 | if(isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW'];\r |
| 46 | \r |
| 47 | //Logout\r |
| 48 | if(isset($_GET['logout'])) { //script.php?logout\r |
| 49 | if(isset($PHP_AUTH_USER) || isset($PHP_AUTH_PW)) {\r |
| 50 | Header('WWW-Authenticate: Basic realm="'.$realm.'"');\r |
| 51 | Header('HTTP/1.0 401 Unauthorized');\r |
| 52 | } else {\r |
| 53 | if($_GET['logout'] != '') $location = $_GET['logout'];\r |
| 54 | if(trim($location) != '401') Header('Location: '.$location);\r |
| 55 | die("$cbanner<title>401 - Log out successfull</title>\n<h1>401 - Log out successfull</h1>\n<a href=\"?\">Continue...</a>\n$hbanner");\r |
| 56 | }\r |
| 57 | }\r |
| 58 | \r |
| 59 | if($require_login) {\r |
| 60 | if(!isset($PHP_AUTH_USER)) { //Storno or first visit of page\r |
| 61 | send_auth_headers($realm);\r |
| 62 | unauth();\r |
| 63 | } else { //Login sent\r |
| 64 | \r |
| 65 | if (check_auth($PHP_AUTH_USER, $PHP_AUTH_PW)) { //Login succesfull - probably do nothing\r |
| 66 | } else { //Bad login\r |
| 67 | send_auth_headers($realm);\r |
| 68 | unauth();\r |
| 69 | }\r |
| 70 | \r |
| 71 | }\r |
| 72 | }\r |
| 73 | //Rest of file will be displayed only if login is correct\r |
| 74 | \r |