-<?php
\r//Harvie's PHP HTTP-Auth script (2oo7)
\r//CopyLefted4U ;)
\r///SETTINGS//////////////////////////////////////////////////////////////////////////////////////////////////////
\r//Login
\r$realm = 'music'; //This is used by browser to identify protected area and saving passwords (one_site+one_realm==one_user+one_password)
\r$user = 'music'; //User
\r$passwd = 'passw'; //Password
\r//Misc
\r$require_login = true; //Require login? (if false, no login needed) - WARNING!!!
\r$location = '401'; //Location after logout - 401 = default logout page (can be overridden by ?logout=[LOCATION])
\r//CopyLeft
\r$ver = '2oo7-3.8';
\r$link = '<a href="https://blog.harvie.cz/">Harvie.cz</a>';
\r$banner = "Harvie's PHP HTTP-Auth script (v$ver)";
\r$hbanner = "<hr /><i>$banner\n-\n$link</i>\n";
\r$cbanner = "<!-- $banner -->\n";
\r//Config file
\r@include('./_config.php');
\r/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
\r//MANUAL/////////////////////////////////////////////////////////////////////////////////////////////////////////
\r/* HOWTO
\r * To each file, you want to lock add this line (at begin of first line - Header-safe):
\r * <?php require_once('http_auth.php'); ?> //Password Protection 8')
\r * Protected file have to be php script (if it's html, simply rename it to .php)
\r * Server needs to have PHP as module (not CGI).
\r * You need HTTP Basic auth enabled on server and php.
\r */
\r/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
\r////CODE/////////////////////////////////////////////////////////////////////////////////////////////////////////
\r function send_auth_headers($realm='') {
\r Header('WWW-Authenticate: Basic realm="'.$realm.'"');
\r Header('HTTP/1.0 401 Unauthorized');
\r }
\r \r function check_auth($PHP_AUTH_USER, $PHP_AUTH_PW) { //Check if login is succesfull (U can modify this to use DB, or anything else)
\r return (($PHP_AUTH_USER == $GLOBALS['user']) && ($PHP_AUTH_PW == $GLOBALS['passwd']));
\r }
\r \r function unauth() { //Do this when login fails
\r $cbanner = $GLOBALS['cbanner'];
\r $hbanner = $GLOBALS['hbanner'];
\r die("$cbanner<title>401 - Forbidden</title>\n<h1>401 - Forbidden</h1>\n<a href=\"?\">Login...</a>\n$hbanner"); //Show warning and die
\r die(); //Don't forget!!!
\r }
\r\r//Back-Compatibility
\rif(isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];
\rif(isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW'];
\r\r//Logout
\rif(isset($_GET['logout'])) { //script.php?logout
\r if(isset($PHP_AUTH_USER) || isset($PHP_AUTH_PW)) {
\r Header('WWW-Authenticate: Basic realm="'.$realm.'"');
\r Header('HTTP/1.0 401 Unauthorized');
\r } else {
\r if($_GET['logout'] != '') $location = $_GET['logout'];
\r if(trim($location) != '401') Header('Location: '.$location);
\r die("$cbanner<title>401 - Log out successfull</title>\n<h1>401 - Log out successfull</h1>\n<a href=\"?\">Continue...</a>\n$hbanner");
\r }
\r}
\r\rif($require_login) {
\r if(!isset($PHP_AUTH_USER)) { //Storno or first visit of page
\r send_auth_headers($realm);
\r unauth();
\r } else { //Login sent
\r \r if (check_auth($PHP_AUTH_USER, $PHP_AUTH_PW)) { //Login succesfull - probably do nothing
\r } else { //Bad login
\r send_auth_headers($realm);
\r unauth();
\r }
\r \r }
\r}
\r//Rest of file will be displayed only if login is correct
\r\ No newline at end of file
+<?php
+//Harvie's PHP HTTP-Auth script (2oo7)
+//CopyLefted4U ;)
+///SETTINGS//////////////////////////////////////////////////////////////////////////////////////////////////////
+//Login
+$realm = 'music'; //This is used by browser to identify protected area and saving passwords (one_site+one_realm==one_user+one_password)
+$users = array( //You can specify multiple users in this array
+ 'music' => 'passw'
+);
+//Misc
+$require_login = true; //Require login? (if false, no login needed) - WARNING!!!
+$location = '401'; //Location after logout - 401 = default logout page (can be overridden by ?logout=[LOCATION])
+//CopyLeft
+$ver = '2o1o-3.9';
+$link = '<a href="https://harvie.ath.cx/">harvie.ath.cx</a>';
+$banner = "Harvie's PHP HTTP-Auth script (v$ver)";
+$hbanner = "<hr /><i>$banner\n-\n$link</i>\n";
+$cbanner = "<!-- $banner -->\n";
+//Config file
+@include('./_config.php');
+/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+//MANUAL/////////////////////////////////////////////////////////////////////////////////////////////////////////
+/* HOWTO
+ * To each file, you want to lock add this line (at begin of first line - Header-safe):
+ * <?php require_once('http_auth.php'); ?> //Password Protection 8')
+ * Protected file have to be php script (if it's html, simply rename it to .php)
+ * Server needs to have PHP as module (not CGI).
+ * You need HTTP Basic auth enabled on server and php.
+ */
+/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+////CODE/////////////////////////////////////////////////////////////////////////////////////////////////////////
+ function send_auth_headers($realm='') {
+ Header('WWW-Authenticate: Basic realm="'.$realm.'"');
+ Header('HTTP/1.0 401 Unauthorized');
+ }
+
+ function check_auth($PHP_AUTH_USER, $PHP_AUTH_PW) { //Check if login is succesfull (U can modify this to use DB, or anything else)
+ return (isset($GLOBALS['users'][$PHP_AUTH_USER]) && ($GLOBALS['users'][$PHP_AUTH_USER] == $PHP_AUTH_PW));
+ }
+
+ function unauth() { //Do this when login fails
+ $cbanner = $GLOBALS['cbanner'];
+ $hbanner = $GLOBALS['hbanner'];
+ die("$cbanner<title>401 - Forbidden</title>\n<h1>401 - Forbidden</h1>\n<a href=\"?\">Login...</a>\n$hbanner"); //Show warning and die
+ die(); //Don't forget!!!
+ }
+
+//Backward compatibility
+if(isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];
+if(isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] != '') $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW'];
+
+//Logout
+if(isset($_GET['logout'])) { //script.php?logout
+ if(isset($PHP_AUTH_USER) || isset($PHP_AUTH_PW)) {
+ Header('WWW-Authenticate: Basic realm="'.$realm.'"');
+ Header('HTTP/1.0 401 Unauthorized');
+ } else {
+ if($_GET['logout'] != '') $location = $_GET['logout'];
+ if(trim($location) != '401') Header('Location: '.$location);
+ die("$cbanner<title>401 - Log out successfull</title>\n<h1>401 - Log out successfull</h1>\n<a href=\"?\">Continue...</a>\n$hbanner");
+ }
+}
+
+if($require_login) {
+ if(!isset($PHP_AUTH_USER)) { //Storno or first visit of page
+ send_auth_headers($realm);
+ unauth();
+ } else { //Login sent
+
+ if (check_auth($PHP_AUTH_USER, $PHP_AUTH_PW)) { //Login succesfull - probably do nothing
+ } else { //Bad login
+ send_auth_headers($realm);
+ unauth();
+ }
+
+ }
+}
+//Rest of file will be displayed only if login is correct
GIT.Harvie.CZ / mirrors / JukeBox.git / commitdiff
