--- /dev/null
+<?php\r
+///SETTINGS//////////////////////////////////////////////////////////////////////////////////////////////////////\r
+//Login\r
+$realm = 'secret_zone'; //This is used by browser to identify protected area and saving passwords (one_site+one_realm==one_user+one_password)\r
+$user = 'root'; //User\r
+$passwd = 'toor'; //Password\r
+//Misc\r
+$require_login = true; //Require login? (if false, no login needed) - WARNING!!!\r
+$location = '401'; //Location after logout - 401 = default logout page (can be overridden by ?logout=[LOCATION])\r
+//CopyLeft\r
+$ver = '3.7.1';\r
+$link = '<a href="https://harvie.ath.cx/">harvie.ath.cx</a>';\r
+$banner = "Harvie's PHP HTTP-Auth script (v$ver)";\r
+$hbanner = "<hr /><i>$banner\n$link</i>\n";\r
+$cbanner = "<!-- $banner -->\n";\r
+/////////////////////////////////////////////////////////////////////////////////////////////////////////////////\r
+//MANUAL/////////////////////////////////////////////////////////////////////////////////////////////////////////\r
+/* HOWTO\r
+ * To each file, you want to lock add this line (at begin of first line):\r
+ * <?php include('http_auth.php'); ?>\r
+ * This file have to be php script (if it's html, simply rename it to .php)\r
+ * Server have to run PHP (not CGI).\r
+ * You need HTTP Basic auth enabled on server and in php.ini\r
+ */\r
+/////////////////////////////////////////////////////////////////////////////////////////////////////////////////\r
+////CODE/////////////////////////////////////////////////////////////////////////////////////////////////////////\r
+ function send_auth_headers($realm='') {\r
+ Header('WWW-Authenticate: Basic realm="'.$realm.'"');\r
+ Header('HTTP/1.0 401 Unauthorized');\r
+ }\r
+ \r
+ function check_auth($PHP_AUTH_USER, $PHP_AUTH_PW) { //Check if login is succesfull (U can modify to use DB, or anything else)\r
+ return (($PHP_AUTH_USER == $GLOBALS['user']) && ($PHP_AUTH_PW == $GLOBALS['passwd']));\r
+ }\r
+ \r
+ function unauth() { //Do this when login fails\r
+ $cbanner = $GLOBALS['cbanner'];\r
+ $hbanner = $GLOBALS['hbanner'];\r
+ die("$cbanner<title>401 - Forbidden</title>\n<h1>401 - Forbidden</h1>\n<a href=\"?\">Login...</a>\n$hbanner"); //Show warning and die\r
+ die(); //Don't forget!!!\r
+ }\r
+\r
+//Back-Compatibility\r
+if(isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];\r
+if(isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW'];\r
+\r
+//Logout\r
+if(isset($_GET['logout'])) { //script.php?logout\r
+ if(isset($PHP_AUTH_USER) || isset($PHP_AUTH_PW)) {\r
+ Header('WWW-Authenticate: Basic realm="'.$realm.'"');\r
+ Header('HTTP/1.0 401 Unauthorized');\r
+ } else {\r
+ if($_GET['logout'] != '') $location = $_GET['logout'];\r
+ if(trim($location) != '401') Header('Location: '.$location);\r
+ die("$cbanner<title>401 - Log out successfull</title>\n<h1>401 - Log out successfull</h1>\n<a href=\"?\">Continue...</a>\n$hbanner");\r
+ }\r
+}\r
+\r
+if($require_login) {\r
+ if(!isset($PHP_AUTH_USER)) { //Storno or first visit of page\r
+ send_auth_headers($realm);\r
+ unauth();\r
+ } else { //Login sent\r
+ \r
+ if (check_auth($PHP_AUTH_USER, $PHP_AUTH_PW)) { //Login succesfull - probably do nothing\r
+ } else { //Bad login\r
+ send_auth_headers($realm);\r
+ unauth();\r
+ }\r
+ \r
+ }\r
+}\r
+//Rest of file will be displayed only if login is correct\r
+\r
GIT.Harvie.CZ / mirrors / Programs.git / blobdiff