[mirrors/SokoMan.git] / lib / HTTP_Auth.class.php

<?php
/*
 * Harvie's PHP HTTP-Auth script
 * Copyright (C) 2oo7-2o11  Thomas Mudrunka
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

///SETTINGS//////////////////////////////////////////////////////////////////////////////////////////////////////
//Login
$require_login = false; //Require login? (if false, no login needed) - WARNING!!!
$realm = 'music'; //This is used by browser to identify protected area and saving passwords (one_site+one_realm==one_user+one_password)
$users = array( //You can specify multiple users in this array
	'music' => 'passw'
);
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//MANUAL/////////////////////////////////////////////////////////////////////////////////////////////////////////
/* HOWTO
 * To each file, you want to lock add this line (at begin of first line - Header-safe):
 * <?php require_once('http_auth.php'); ?> //Password Protection 8')
 * Protected file have to be php script (if it's html, simply rename it to .php)
 * Server needs to have PHP as module (not CGI).
 * You need HTTP Basic auth enabled on server and php.
 */
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////CODE/////////////////////////////////////////////////////////////////////////////////////////////////////////
class HTTP_Auth {

	function send_auth_headers($realm='') {
		Header('WWW-Authenticate: Basic realm="'.$realm.'"');
		Header('HTTP/1.0 401 Unauthorized');
	}

	static function check_auth_internal($user, $pass) { //Check if login is succesfull
		//(U can modify this to use DB, or anything else)
		return (isset($GLOBALS['users'][$user]) && ($GLOBALS['users'][$user] == $pass));
	}

	function check_auth($user, $pass) {
		return call_user_func($this->auth_function, $user, $pass);
	}

	function unauthorized() { //Do this when login fails
		//Show warning and die
		die("$this->cbanner<title>401 - Forbidden</title>\n<h1>401 - Forbidden</h1>\n<a href=\"?\">Login...</a>\n$this->hbanner");
		die(); //Don't forget!!!
	}


	function auth($realm) {
		//Backward compatibility
		if(isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];
		if(isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW'];

		//Logout
		if(isset($_GET['logout'])) { //script.php?logout
			if(isset($PHP_AUTH_USER) || isset($PHP_AUTH_PW)) {
		  	Header('WWW-Authenticate: Basic realm="'.$realm.'"');
		  	Header('HTTP/1.0 401 Unauthorized');
			} else {
				$location=$this->location;
		    if($_GET['logout'] != '') $location = $_GET['logout'];
		    if(trim($location) != '401') Header('Location: '.$location);
		    die("$this->cbanner<title>401 - Log out successfull</title>\n<h1>401 - Log out successfull</h1>\n<a href=\"?\">Continue...</a>\n$this->hbanner");
			}
		}

		if(!isset($PHP_AUTH_USER)) {
			//Storno or first visit of page
			$this->send_auth_headers($realm);
			$this->unauthorized();
		} else {
			//Login sent
			if($this->check_auth($PHP_AUTH_USER, $PHP_AUTH_PW)) {
				//Login succesfull - probably do nothing here
			} else {
				//Bad login
				$this->send_auth_headers($realm);
				$this->unauthorized();
			}
		}
		//Rest of file will be displayed only if login is correct
	}

	function __construct($realm='private', $require_login=true, $auth_function=false) {
		//Misc
		$this->location = '401'; //Location after logout - 401 = default logout page (can be overridden by ?logout=[LOCATION])
		//CopyLeft
		$ver = '2o1o-4.0';
		$link = '<a href="https://blog.harvie.cz/">blog.harvie.cz</a>';
		$banner = "Harvie's PHP HTTP-Auth script (v$ver)";
		$this->hbanner = "<hr /><i>$banner\n-\n$link</i>\n";
		$this->cbanner = "<!-- $banner -->\n";

		$this->auth_function=array($this,'check_auth_internal');
		if($auth_function) $this->auth_function=$auth_function;

		if($require_login) {
			$this->auth($realm);
		}
	}

}

if($require_login) new HTTP_Auth($realm);
Commit	Line	Data
cdfce7c2 TM	1	<?php
	2	/*
	3	* Harvie's PHP HTTP-Auth script
	4	* Copyright (C) 2oo7-2o11 Thomas Mudrunka
	5	*
	6	* This program is free software: you can redistribute it and/or modify
	7	* it under the terms of the GNU Affero General Public License as
	8	* published by the Free Software Foundation, either version 3 of the
	9	* License, or (at your option) any later version.
	10	*
	11	* This program is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	* GNU Affero General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU Affero General Public License
	17	* along with this program. If not, see <http://www.gnu.org/licenses/>.
	18	*/
	19
	20	///SETTINGS//////////////////////////////////////////////////////////////////////////////////////////////////////
	21	//Login
	22	$require_login = false; //Require login? (if false, no login needed) - WARNING!!!
	23	$realm = 'music'; //This is used by browser to identify protected area and saving passwords (one_site+one_realm==one_user+one_password)
	24	$users = array( //You can specify multiple users in this array
	25	'music' => 'passw'
	26	);
	27	/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
	28	//MANUAL/////////////////////////////////////////////////////////////////////////////////////////////////////////
	29	/* HOWTO
	30	* To each file, you want to lock add this line (at begin of first line - Header-safe):
	31	* <?php require_once('http_auth.php'); ?> //Password Protection 8')
	32	* Protected file have to be php script (if it's html, simply rename it to .php)
	33	* Server needs to have PHP as module (not CGI).
	34	* You need HTTP Basic auth enabled on server and php.
	35	*/
	36	/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
	37	////CODE/////////////////////////////////////////////////////////////////////////////////////////////////////////
	38	class HTTP_Auth {
	39
	40	function send_auth_headers($realm='') {
	41	Header('WWW-Authenticate: Basic realm="'.$realm.'"');
	42	Header('HTTP/1.0 401 Unauthorized');
	43	}
	44
	45	static function check_auth_internal($user, $pass) { //Check if login is succesfull
	46	//(U can modify this to use DB, or anything else)
	47	return (isset($GLOBALS['users'][$user]) && ($GLOBALS['users'][$user] == $pass));
	48	}
	49
	50	function check_auth($user, $pass) {
	51	return call_user_func($this->auth_function, $user, $pass);
	52	}
	53
	54	function unauthorized() { //Do this when login fails
	55	//Show warning and die
	56	die("$this->cbanner<title>401 - Forbidden</title>\n<h1>401 - Forbidden</h1>\n<a href=\"?\">Login...</a>\n$this->hbanner");
	57	die(); //Don't forget!!!
	58	}
	59
	60
	61	function auth($realm) {
	62	//Backward compatibility
	63	if(isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];
	64	if(isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW'];
65
66	//Logout
67	if(isset($_GET['logout'])) { //script.php?logout
68	if(isset($PHP_AUTH_USER) \|\| isset($PHP_AUTH_PW)) {
69	Header('WWW-Authenticate: Basic realm="'.$realm.'"');
70	Header('HTTP/1.0 401 Unauthorized');
71	} else {
72	$location=$this->location;
73	if($_GET['logout'] != '') $location = $_GET['logout'];
74	if(trim($location) != '401') Header('Location: '.$location);
75	die("$this->cbanner<title>401 - Log out successfull</title>\n<h1>401 - Log out successfull</h1>\n<a href=\"?\">Continue...</a>\n$this->hbanner");
76	}
77	}
78
79	if(!isset($PHP_AUTH_USER)) {
80	//Storno or first visit of page
81	$this->send_auth_headers($realm);
82	$this->unauthorized();
83	} else {
84	//Login sent
85	if($this->check_auth($PHP_AUTH_USER, $PHP_AUTH_PW)) {
86	//Login succesfull - probably do nothing here
87	} else {
88	//Bad login
89	$this->send_auth_headers($realm);
90	$this->unauthorized();
91	}
92	}
93	//Rest of file will be displayed only if login is correct
94	}
95
96	function __construct($realm='private', $require_login=true, $auth_function=false) {
97	//Misc
98	$this->location = '401'; //Location after logout - 401 = default logout page (can be overridden by ?logout=[LOCATION])
99	//CopyLeft
100	$ver = '2o1o-4.0';
101	$link = '<a href="https://blog.harvie.cz/">blog.harvie.cz</a>';
102	$banner = "Harvie's PHP HTTP-Auth script (v$ver)";
103	$this->hbanner = "<hr /><i>$banner\n-\n$link</i>\n";
104	$this->cbanner = "<!-- $banner -->\n";
105
106	$this->auth_function=array($this,'check_auth_internal');
107	if($auth_function) $this->auth_function=$auth_function;
108
109	if($require_login) {
110	$this->auth($realm);
111	}
112	}
113
114	}
115
116	if($require_login) new HTTP_Auth($realm);