lib/HTTP_Auth.class.php

   1 <?php
   2 /*
   3  * Harvie's PHP HTTP-Auth script
   4  * Copyright (C) 2oo7-2o11  Thomas Mudrunka
   5  *
   6  * This program is free software: you can redistribute it and/or modify
   7  * it under the terms of the GNU Affero General Public License as
   8  * published by the Free Software Foundation, either version 3 of the
   9  * License, or (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU Affero General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Affero General Public License
  17  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18  */
  19
  20 ///SETTINGS//////////////////////////////////////////////////////////////////////////////////////////////////////
  21 //Login
  22 $require_login = false; //Require login? (if false, no login needed) - WARNING!!!
  23 $realm = 'music'; //This is used by browser to identify protected area and saving passwords (one_site+one_realm==one_user+one_password)
  24 $users = array( //You can specify multiple users in this array
  25         'music' => 'passw'
  26 );
  27 /////////////////////////////////////////////////////////////////////////////////////////////////////////////////
  28 //MANUAL/////////////////////////////////////////////////////////////////////////////////////////////////////////
  29 /* HOWTO
  30  * To each file, you want to lock add this line (at begin of first line - Header-safe):
  31  * <?php require_once('http_auth.php'); ?> //Password Protection 8')
  32  * Protected file have to be php script (if it's html, simply rename it to .php)
  33  * Server needs to have PHP as module (not CGI).
  34  * You need HTTP Basic auth enabled on server and php.
  35  */
  36 /////////////////////////////////////////////////////////////////////////////////////////////////////////////////
  37 ////CODE/////////////////////////////////////////////////////////////////////////////////////////////////////////
  38 class HTTP_Auth {
  39
  40         function send_auth_headers($realm='') {
  41                 Header('WWW-Authenticate: Basic realm="'.$realm.'"');
  42                 Header('HTTP/1.0 401 Unauthorized');
  43         }
  44
  45         function get_current_url($login='logout@') {
  46                 $proto = empty($_SERVER['HTTPS']) ? $proto = 'http' : $proto = 'https';
  47                 return $proto.'://'.$login.$_SERVER['HTTP_HOST'].':'.$_SERVER['SERVER_PORT'].$_SERVER['PHP_SELF'];
  48         }
  49
  50         static function check_auth_internal($user, $pass) { //Check if login is succesfull
  51                 //(U can modify this to use DB, or anything else)
  52                 return (isset($GLOBALS['users'][$user]) && ($GLOBALS['users'][$user] == $pass));
  53         }
  54
  55         function check_auth($user, $pass) {
  56                 return call_user_func($this->auth_function, $user, $pass);
  57         }
  58
  59         function unauthorized() { //Do this when login fails
  60                 //Show warning and die
  61                 die("$this->cbanner<title>401 - Forbidden</title>\n<h1>401 - Forbidden</h1>\n<a href=\"?\">Login...</a>\n$this->hbanner");
  62                 die(); //Don't forget!!!
  63         }
  64
  65
  66         function auth($realm) {
  67                 //Backward compatibility
  68                 if(isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];
  69                 if(isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW'];
  70
  71                 //Logout
  72                 if(isset($_GET['logout'])) { //script.php?logout
  73                         Header('HTTP/1.0 302 Found');
  74                         Header('Location: '.$this->get_current_url());
  75                 }
  76
  77                 if(!isset($PHP_AUTH_USER)) {
  78                         //Storno or first visit of page
  79                         $this->send_auth_headers($realm);
  80                         $this->unauthorized();
  81                 } else {
  82                         //Login sent
  83                         if($this->check_auth($PHP_AUTH_USER, $PHP_AUTH_PW)) {
  84                                 //Login succesfull - probably do nothing here
  85                         } else {
  86                                 //Bad login
  87                                 $this->send_auth_headers($realm);
  88                                 $this->unauthorized();
  89                         }
  90                 }
  91                 //Rest of file will be displayed only if login is correct
  92         }
  93
  94         function __construct($realm='private', $require_login=true, $auth_function=false) {
  95                 //CopyLeft
  96                 $ver = '2o11-5.0';
  97                 $link = '<a href="https://blog.harvie.cz/">blog.harvie.cz</a>';
  98                 $banner = "Harvie's PHP HTTP-Auth script (v$ver)";
  99                 $this->hbanner = "<hr /><i>$banner\n-\n$link</i>\n";
 100                 $this->cbanner = "<!-- $banner -->\n";
 101
 102                 $this->auth_function=array($this,'check_auth_internal');
 103                 if($auth_function) $this->auth_function=$auth_function;
 104
 105                 if($require_login) {
 106                         $this->auth($realm);
 107                 }
 108         }
 109
 110 }
 111
 112 if($require_login) new HTTP_Auth($realm);