aboutsummaryrefslogtreecommitdiff
path: root/api/httpauth.inc.php
diff options
context:
space:
mode:
authormensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f>2008-04-03 06:57:38 +0000
committermensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f>2008-04-03 06:57:38 +0000
commit836f47cf2aa2ca455875a9ebe1eb0fa7525f92eb (patch)
tree87393adc90dfe39ac4856e7de90cc49ef060aa99 /api/httpauth.inc.php
parent920f836e291705619d992839b2ab8b3447e6e027 (diff)
downloadsemanticscuttle-836f47cf2aa2ca455875a9ebe1eb0fa7525f92eb.tar.gz
semanticscuttle-836f47cf2aa2ca455875a9ebe1eb0fa7525f92eb.tar.bz2
Bug fix: correct authentification for API with CGI
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@92 b3834d28-1941-0410-a4f8-b48e95affb8f
Diffstat (limited to 'api/httpauth.inc.php')
-rw-r--r--api/httpauth.inc.php15
1 files changed, 14 insertions, 1 deletions
diff --git a/api/httpauth.inc.php b/api/httpauth.inc.php
index e33116a..3e5d464 100644
--- a/api/httpauth.inc.php
+++ b/api/httpauth.inc.php
@@ -5,16 +5,29 @@
function authenticate() {
header('WWW-Authenticate: Basic realm="SemanticScuttle API"');
header('HTTP/1.0 401 Unauthorized');
+
die("Use of the API calls requires authentication.");
}
+
+/* Maybe we have caught authentication data in $_SERVER['REMOTE_USER']
+( Inspired by http://www.yetanothercommunitysystem.com/article-321-regle-comment-utiliser-l-authentification-http-en-php-chez-ovh ) */
+if((!$_SERVER['PHP_AUTH_USER'] || !$_SERVER['PHP_AUTH_USER'])
+&& preg_match('/Basic\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches)) {
+list($name, $password) = explode(':', base64_decode($matches[1]));
+$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
+$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
+}
+
+
+
if (!isset($_SERVER['PHP_AUTH_USER'])) {
authenticate();
} else {
require_once('../header.inc.php');
$userservice =& ServiceFactory::getServiceInstance('UserService');
- $login = $userservice->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
+ $login = $userservice->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
if (!$login) {
authenticate();
}