X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=http_auth.php;h=62c99115560ccbcfbb9675af25ecca21b38e459c;hb=2fa64919a3ceea723bf035e3c88709caaecaf389;hp=3a6e1209427e4c2b9bfc2316534cd2696e466cff;hpb=ca88871f4c51e904ec23305abf2fd1aa17226103;p=mirrors%2FJukeBox.git
diff --git a/http_auth.php b/http_auth.php
index 3a6e120..62c9911 100755
--- a/http_auth.php
+++ b/http_auth.php
@@ -1 +1,78 @@
-harvie.ath.cx';
$banner = "Harvie's PHP HTTP-Auth script (v$ver)";
$hbanner = "
$banner\n-\n$link\n";
$cbanner = "\n";
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//MANUAL/////////////////////////////////////////////////////////////////////////////////////////////////////////
/* HOWTO
* To each file, you want to lock add this line (at begin of first line - Header-safe):
* //Password Protection 8')
* Protected file have to be php script (if it's html, simply rename it to .php)
* Server needs to have PHP as module (not CGI).
* You need HTTP Basic auth enabled on server and php.
*/
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////CODE/////////////////////////////////////////////////////////////////////////////////////////////////////////
function send_auth_headers($realm='') {
Header('WWW-Authenticate: Basic realm="'.$realm.'"');
Header('HTTP/1.0 401 Unauthorized');
}
function check_auth($PHP_AUTH_USER, $PHP_AUTH_PW) { //Check if login is succesfull (U can modify this to use DB, or anything else)
return (($PHP_AUTH_USER == $GLOBALS['user']) && ($PHP_AUTH_PW == $GLOBALS['passwd']));
}
function unauth() { //Do this when login fails
$cbanner = $GLOBALS['cbanner'];
$hbanner = $GLOBALS['hbanner'];
die("$cbanner401 - Forbidden\n401 - Forbidden
\nLogin...\n$hbanner"); //Show warning and die
die(); //Don't forget!!!
}
//Back-Compatibility
if(isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];
if(isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW'];
//Logout
if(isset($_GET['logout'])) { //script.php?logout
if(isset($PHP_AUTH_USER) || isset($PHP_AUTH_PW)) {
Header('WWW-Authenticate: Basic realm="'.$realm.'"');
Header('HTTP/1.0 401 Unauthorized');
} else {
if($_GET['logout'] != '') $location = $_GET['logout'];
if(trim($location) != '401') Header('Location: '.$location);
die("$cbanner401 - Log out successfull\n401 - Log out successfull
\nContinue...\n$hbanner");
}
}
if($require_login) {
if(!isset($PHP_AUTH_USER)) { //Storno or first visit of page
send_auth_headers($realm);
unauth();
} else { //Login sent
if (check_auth($PHP_AUTH_USER, $PHP_AUTH_PW)) { //Login succesfull - probably do nothing
} else { //Bad login
send_auth_headers($realm);
unauth();
}
}
}
//Rest of file will be displayed only if login is correct
+ 'passw'
+);
+//Misc
+$require_login = true; //Require login? (if false, no login needed) - WARNING!!!
+$location = '401'; //Location after logout - 401 = default logout page (can be overridden by ?logout=[LOCATION])
+//CopyLeft
+$ver = '2o1o-3.9';
+$link = 'blog.harvie.cz';
+$banner = "Harvie's PHP HTTP-Auth script (v$ver)";
+$hbanner = "
$banner\n-\n$link\n";
+$cbanner = "\n";
+//Config file
+@include('./_config.php');
+/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+//MANUAL/////////////////////////////////////////////////////////////////////////////////////////////////////////
+/* HOWTO
+ * To each file, you want to lock add this line (at begin of first line - Header-safe):
+ * //Password Protection 8')
+ * Protected file have to be php script (if it's html, simply rename it to .php)
+ * Server needs to have PHP as module (not CGI).
+ * You need HTTP Basic auth enabled on server and php.
+ */
+/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+////CODE/////////////////////////////////////////////////////////////////////////////////////////////////////////
+ function send_auth_headers($realm='') {
+ Header('WWW-Authenticate: Basic realm="'.$realm.'"');
+ Header('HTTP/1.0 401 Unauthorized');
+ }
+
+ function check_auth($PHP_AUTH_USER, $PHP_AUTH_PW) { //Check if login is succesfull (U can modify this to use DB, or anything else)
+ return (isset($GLOBALS['users'][$PHP_AUTH_USER]) && ($GLOBALS['users'][$PHP_AUTH_USER] == $PHP_AUTH_PW));
+ }
+
+ function unauth() { //Do this when login fails
+ $cbanner = $GLOBALS['cbanner'];
+ $hbanner = $GLOBALS['hbanner'];
+ die("$cbanner401 - Forbidden\n401 - Forbidden
\nLogin...\n$hbanner"); //Show warning and die
+ die(); //Don't forget!!!
+ }
+
+//Backward compatibility
+if(isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];
+if(isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW'];
+
+//Logout
+if(isset($_GET['logout'])) { //script.php?logout
+ if(isset($PHP_AUTH_USER) || isset($PHP_AUTH_PW)) {
+ Header('WWW-Authenticate: Basic realm="'.$realm.'"');
+ Header('HTTP/1.0 401 Unauthorized');
+ } else {
+ if($_GET['logout'] != '') $location = $_GET['logout'];
+ if(trim($location) != '401') Header('Location: '.$location);
+ die("$cbanner401 - Log out successfull\n401 - Log out successfull
\nContinue...\n$hbanner");
+ }
+}
+
+if($require_login) {
+ if(!isset($PHP_AUTH_USER)) { //Storno or first visit of page
+ send_auth_headers($realm);
+ unauth();
+ } else { //Login sent
+
+ if (check_auth($PHP_AUTH_USER, $PHP_AUTH_PW)) { //Login succesfull - probably do nothing
+ } else { //Bad login
+ send_auth_headers($realm);
+ unauth();
+ }
+
+ }
+}
+//Rest of file will be displayed only if login is correct