summaryrefslogtreecommitdiff
path: root/www/api/httpauth.inc.php
diff options
context:
space:
mode:
authorcweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>2009-10-03 14:00:33 +0000
committercweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>2009-10-03 14:00:33 +0000
commit29422fa55379aa61a61019b832c83dab6d450264 (patch)
treee5884ce6fed2cf1d02165a1b5667b99cd80262e5 /www/api/httpauth.inc.php
parentb8b1d06b2d899658fae64d0de506439ca0ea067c (diff)
downloadsemanticscuttle-29422fa55379aa61a61019b832c83dab6d450264.tar.gz
semanticscuttle-29422fa55379aa61a61019b832c83dab6d450264.tar.bz2
move files to new locations
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@386 b3834d28-1941-0410-a4f8-b48e95affb8f
Diffstat (limited to 'www/api/httpauth.inc.php')
-rw-r--r--www/api/httpauth.inc.php33
1 files changed, 33 insertions, 0 deletions
diff --git a/www/api/httpauth.inc.php b/www/api/httpauth.inc.php
new file mode 100644
index 0000000..5dd7444
--- /dev/null
+++ b/www/api/httpauth.inc.php
@@ -0,0 +1,33 @@
+<?php
+require_once('../header.inc.php');
+
+// Provides HTTP Basic authentication of a user, and sets two variables, sId and username,
+// with the user's info.
+
+function authenticate() {
+ header('WWW-Authenticate: Basic realm="SemanticScuttle API"');
+ header('HTTP/1.0 401 Unauthorized');
+
+ die(T_("Use of the API calls requires authentication."));
+}
+
+if(!$userservice->isLoggedOn()) {
+ /* Maybe we have caught authentication data in $_SERVER['REMOTE_USER']
+ ( Inspired by http://www.yetanothercommunitysystem.com/article-321-regle-comment-utiliser-l-authentification-http-en-php-chez-ovh ) */
+ if((!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']))
+ && preg_match('/Basic\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches)) {
+ list($name, $password) = explode(':', base64_decode($matches[1]));
+ $_SERVER['PHP_AUTH_USER'] = strip_tags($name);
+ $_SERVER['PHP_AUTH_PW'] = strip_tags($password);
+ }
+
+ if (!isset($_SERVER['PHP_AUTH_USER'])) {
+ authenticate();
+ } else {
+ $login = $userservice->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
+ if (!$login) {
+ authenticate();
+ }
+ }
+}
+?>