diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2010-01-19 19:08:51 +0000 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2010-01-19 19:08:51 +0000 |
| commit | 77af6caed7300c7498016b4b3d30d31f2bcca730 (patch) | |
| tree | 91ea4690c066c72ef8b1304df070db4c264df21a /phpBB/includes/functions.php | |
| parent | ff0b94f23886ec2ac2c8a68e4aac9d840e6c2c88 (diff) | |
| download | forums-77af6caed7300c7498016b4b3d30d31f2bcca730.tar forums-77af6caed7300c7498016b4b3d30d31f2bcca730.tar.gz forums-77af6caed7300c7498016b4b3d30d31f2bcca730.tar.bz2 forums-77af6caed7300c7498016b4b3d30d31f2bcca730.tar.xz forums-77af6caed7300c7498016b4b3d30d31f2bcca730.zip | |
[Feature] Ability to use HTTP authentication in ATOM feeds by passing the GET parameter auth=http
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10430 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 9c294c81af..af94f3f041 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3921,6 +3921,103 @@ function phpbb_optionset($bit, $set, $data) } /** +* Login using http authenticate. +* +* @param array $param Parameter array, see $param_defaults array. +* +* @return void +*/ +function phpbb_http_login($param) +{ + global $auth, $user; + global $config; + + $param_defaults = array( + 'auth_message' => '', + + 'autologin' => false, + 'viewonline' => true, + 'admin' => false, + ); + + // Overwrite default values with passed values + $param = array_merge($param_defaults, $param); + + // User is already logged in + // We will not overwrite his session + if (!empty($user->data['is_registered'])) + { + return; + } + + // $_SERVER keys to check + $username_keys = array( + 'PHP_AUTH_USER', + 'Authorization', + 'REMOTE_USER', 'REDIRECT_REMOTE_USER', + 'HTTP_AUTHORIZATION', 'REDIRECT_HTTP_AUTHORIZATION', + 'REMOTE_AUTHORIZATION', 'REDIRECT_REMOTE_AUTHORIZATION', + 'AUTH_USER', + ); + + $password_keys = array( + 'PHP_AUTH_PW', + 'REMOTE_PASSWORD', + 'AUTH_PASSWORD', + ); + + $username = null; + foreach ($username_keys as $k) + { + if (isset($_SERVER[$k])) + { + $username = $_SERVER[$k]; + break; + } + } + + $password = null; + foreach ($password_keys as $k) + { + if (isset($_SERVER[$k])) + { + $password = $_SERVER[$k]; + break; + } + } + + // Decode encoded information (IIS, CGI, FastCGI etc.) + if (!is_null($username) && is_null($password) && strpos($username, 'Basic ') === 0) + { + list($username, $password) = explode(':', base64_decode(substr($username, 6)), 2); + } + + if (!is_null($username) && !is_null($password)) + { + set_var($username, $username, 'string', true); + set_var($password, $password, 'string', true); + + $auth_result = $auth->login($username, $password, $param['autologin'], $param['viewonline'], $param['admin']); + + if ($auth_result['status'] == LOGIN_SUCCESS) + { + return; + } + } + + // Prepend sitename to auth_message + $param['auth_message'] = ($param['auth_message'] === '') ? $config['sitename'] : $config['sitename'] . ' - ' . $param['auth_message']; + + // We should probably filter out non-ASCII characters - RFC2616 + $param['auth_message'] = preg_replace('/[\x80-\xFF]/', '?', $param['auth_message']); + + header('WWW-Authenticate: Basic realm="' . $param['auth_message'] . '"'); + header('HTTP/1.0 401 Unauthorized'); + + trigger_error('NOT_AUTHORISED'); +} + +/** * Generate page header */ function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum') |