| 1 | <?php |
| 2 | /* |
| 3 | * Harvie's PHP HTTP-Auth script |
| 4 | * Copyright (C) 2oo7-2o11 Thomas Mudrunka |
| 5 | * |
| 6 | * This program is free software: you can redistribute it and/or modify |
| 7 | * it under the terms of the GNU Affero General Public License as |
| 8 | * published by the Free Software Foundation, either version 3 of the |
| 9 | * License, or (at your option) any later version. |
| 10 | * |
| 11 | * This program is distributed in the hope that it will be useful, |
| 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 14 | * GNU Affero General Public License for more details. |
| 15 | * |
| 16 | * You should have received a copy of the GNU Affero General Public License |
| 17 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 18 | */ |
| 19 | |
| 20 | ///SETTINGS////////////////////////////////////////////////////////////////////////////////////////////////////// |
| 21 | //Login |
| 22 | $require_login = false; //Require login? (if false, no login needed) - WARNING!!! |
| 23 | $realm = 'music'; //This is used by browser to identify protected area and saving passwords (one_site+one_realm==one_user+one_password) |
| 24 | $users = array( //You can specify multiple users in this array |
| 25 | 'music' => 'passw' |
| 26 | ); |
| 27 | ///////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
| 28 | //MANUAL///////////////////////////////////////////////////////////////////////////////////////////////////////// |
| 29 | /* HOWTO |
| 30 | * To each file, you want to lock add this line (at begin of first line - Header-safe): |
| 31 | * <?php require_once('http_auth.php'); ?> //Password Protection 8') |
| 32 | * Protected file have to be php script (if it's html, simply rename it to .php) |
| 33 | * Server needs to have PHP as module (not CGI). |
| 34 | * You need HTTP Basic auth enabled on server and php. |
| 35 | */ |
| 36 | ///////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
| 37 | ////CODE///////////////////////////////////////////////////////////////////////////////////////////////////////// |
| 38 | class HTTP_Auth { |
| 39 | |
| 40 | function send_auth_headers($realm='') { |
| 41 | Header('WWW-Authenticate: Basic realm="'.$realm.'"'); |
| 42 | Header('HTTP/1.0 401 Unauthorized'); |
| 43 | } |
| 44 | |
| 45 | static function check_auth_internal($user, $pass) { //Check if login is succesfull |
| 46 | //(U can modify this to use DB, or anything else) |
| 47 | return (isset($GLOBALS['users'][$user]) && ($GLOBALS['users'][$user] == $pass)); |
| 48 | } |
| 49 | |
| 50 | function check_auth($user, $pass) { |
| 51 | return call_user_func($this->auth_function, $user, $pass); |
| 52 | } |
| 53 | |
| 54 | function unauthorized() { //Do this when login fails |
| 55 | //Show warning and die |
| 56 | die("$this->cbanner<title>401 - Forbidden</title>\n<h1>401 - Forbidden</h1>\n<a href=\"?\">Login...</a>\n$this->hbanner"); |
| 57 | die(); //Don't forget!!! |
| 58 | } |
| 59 | |
| 60 | |
| 61 | function auth($realm) { |
| 62 | //Backward compatibility |
| 63 | if(isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER']; |
| 64 | if(isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW']; |
| 65 | |
| 66 | //Logout |
| 67 | if(isset($_GET['logout'])) { //script.php?logout |
| 68 | if(isset($PHP_AUTH_USER) || isset($PHP_AUTH_PW)) { |
| 69 | Header('WWW-Authenticate: Basic realm="'.$realm.'"'); |
| 70 | Header('HTTP/1.0 401 Unauthorized'); |
| 71 | } else { |
| 72 | $location=$this->location; |
| 73 | if($_GET['logout'] != '') $location = $_GET['logout']; |
| 74 | if(trim($location) != '401') Header('Location: '.$location); |
| 75 | die("$this->cbanner<title>401 - Log out successfull</title>\n<h1>401 - Log out successfull</h1>\n<a href=\"?\">Continue...</a>\n$this->hbanner"); |
| 76 | } |
| 77 | } |
| 78 | |
| 79 | if(!isset($PHP_AUTH_USER)) { |
| 80 | //Storno or first visit of page |
| 81 | $this->send_auth_headers($realm); |
| 82 | $this->unauthorized(); |
| 83 | } else { |
| 84 | //Login sent |
| 85 | if($this->check_auth($PHP_AUTH_USER, $PHP_AUTH_PW)) { |
| 86 | //Login succesfull - probably do nothing here |
| 87 | } else { |
| 88 | //Bad login |
| 89 | $this->send_auth_headers($realm); |
| 90 | $this->unauthorized(); |
| 91 | } |
| 92 | } |
| 93 | //Rest of file will be displayed only if login is correct |
| 94 | } |
| 95 | |
| 96 | function __construct($realm='private', $require_login=true, $auth_function=false) { |
| 97 | //Misc |
| 98 | $this->location = '401'; //Location after logout - 401 = default logout page (can be overridden by ?logout=[LOCATION]) |
| 99 | //CopyLeft |
| 100 | $ver = '2o1o-4.0'; |
| 101 | $link = '<a href="https://blog.harvie.cz/">blog.harvie.cz</a>'; |
| 102 | $banner = "Harvie's PHP HTTP-Auth script (v$ver)"; |
| 103 | $this->hbanner = "<hr /><i>$banner\n-\n$link</i>\n"; |
| 104 | $this->cbanner = "<!-- $banner -->\n"; |
| 105 | |
| 106 | $this->auth_function=array($this,'check_auth_internal'); |
| 107 | if($auth_function) $this->auth_function=$auth_function; |
| 108 | |
| 109 | if($require_login) { |
| 110 | $this->auth($realm); |
| 111 | } |
| 112 | } |
| 113 | |
| 114 | } |
| 115 | |
| 116 | if($require_login) new HTTP_Auth($realm); |