2 rcs_id('$Id: HttpAuth.php,v 1.5 2005-02-28 20:35:45 rurban Exp $');
3 /* Copyright (C) 2004 ReiniUrban
4 * This file is part of PhpWiki. Terms and Conditions see LICENSE. (GPL2)
8 * We have two possibilities here.
9 * 1) The webserver location is already HTTP protected (usually Basic). Then just
10 * use the username and do nothing.
11 * 2) The webserver location is not protected, so we enforce basic HTTP Protection
12 * by sending a 401 error and let the client display the login dialog.
13 * This makes only sense if HttpAuth is the last method in USER_AUTH_ORDER,
14 * since the other methods cannot be transparently called after this enforced
16 * Try the available auth methods (most likely Bogo) and sent this header back.
17 * header('Authorization: Basic '.base64_encode("$userid:$passwd")."\r\n";
19 class _HttpAuthPassUser
22 function _HttpAuthPassUser($UserName='',$prefs=false) {
23 if ($prefs) $this->_prefs = $prefs;
24 if (!isset($this->_prefs->_method))
25 _PassUser::_PassUser($UserName);
26 if ($UserName) $this->_userid = $UserName;
27 $this->_authmethod = 'HttpAuth';
29 // Is this double check really needed?
30 // It is not expensive so we keep it for now.
31 if ($this->userExists())
34 return $GLOBALS['ForbiddenUser'];
37 // FIXME! This doesn't work yet!
38 // Allow httpauth by other method: Admin for now only
39 function _fake_auth($userid, $passwd) {
42 header('WWW-Authenticate: Basic realm="'.WIKI_NAME.'"');
43 header("Authorization: Basic ".base64_encode($userid.":".$passwd));
45 $_SERVER =& $GLOBALS['HTTP_SERVER_VARS'];
46 $GLOBALS['REMOTE_USER'] = $userid;
47 $_SERVER['PHP_AUTH_USER'] = $userid;
48 $_SERVER['PHP_AUTH_PW'] = $passwd;
49 //$GLOBALS['request']->setStatus(200);
54 $_SERVER =& $GLOBALS['HTTP_SERVER_VARS'];
55 // Maybe we should random the realm to really force a logout.
56 // But the next login will fail.
57 // better_srand(); $realm = microtime().rand();
58 header('WWW-Authenticate: Basic realm="'.WIKI_NAME.'"');
59 if (strstr(php_sapi_name(), 'apache'))
60 header('HTTP/1.0 401 Unauthorized');
62 header("Status: 401 Access Denied"); //IIS and CGI need that
63 unset($GLOBALS['REMOTE_USER']);
64 unset($_SERVER['PHP_AUTH_USER']);
65 unset($_SERVER['PHP_AUTH_PW']);
68 function _http_username() {
70 $_SERVER =& $GLOBALS['HTTP_SERVER_VARS'];
71 if (!empty($_SERVER['PHP_AUTH_USER']))
72 return $_SERVER['PHP_AUTH_USER'];
73 if (!empty($_SERVER['REMOTE_USER']))
74 return $_SERVER['REMOTE_USER'];
75 if (!empty($GLOBALS['HTTP_ENV_VARS']['REMOTE_USER']))
76 return $GLOBALS['HTTP_ENV_VARS']['REMOTE_USER'];
77 if (!empty($GLOBALS['REMOTE_USER']))
78 return $GLOBALS['REMOTE_USER'];
80 if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
81 list($userid, $passwd) = explode(':',
82 base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
88 // force http auth authorization
89 function userExists() {
90 $username = $this->_http_username();
92 or strtolower($username) != strtolower($this->_userid))
95 $user = $GLOBALS['ForbiddenUser'];
96 $user->_userid = $this->_userid = "";
97 $this->_level = WIKIAUTH_FORBIDDEN;
101 $this->_userid = $username;
102 // we should check if he is a member of admin,
103 // because HttpAuth has its own logic.
104 $this->_level = WIKIAUTH_USER;
105 if ($this->isAdmin())
106 $this->_level = WIKIAUTH_ADMIN;
110 // ignore password for now, this is checked by apache.
111 function checkPass($submitted_password) {
112 return $this->userExists()
113 ? ($this->isAdmin() ? WIKIAUTH_ADMIN : WIKIAUTH_USER)
117 function mayChangePass() {
122 // $Log: not supported by cvs2svn $
123 // Revision 1.4 2004/12/26 17:11:16 rurban
126 // Revision 1.3 2004/12/19 00:58:02 rurban
127 // Enforce PASSWORD_LENGTH_MINIMUM in almost all PassUser checks,
128 // Provide an errormessage if so. Just PersonalPage and BogoLogin not.
129 // Simplify httpauth logout handling and set sessions for all methods.
130 // fix main.php unknown index "x" getLevelDescription() warning.
132 // Revision 1.2 2004/12/17 12:31:57 rurban
133 // better logout, fake httpauth not yet
135 // Revision 1.1 2004/11/01 10:43:58 rurban
136 // seperate PassUser methods into seperate dir (memory usage)
137 // fix WikiUser (old) overlarge data session
138 // remove wikidb arg from various page class methods, use global ->_dbi instead
146 // c-hanging-comment-ender-p: nil
147 // indent-tabs-mode: nil