<?php

/**
 * Provides an interface to HTTP basic authentication.
 */
class BasicAuth extends Object {
	/**
	 * Require basic authentication.  Will request a username and password if none is given.
	 * @param memberValidationFunction A boolean method to call on the member to validate them.
	 */
	static function requireLogin($realm, $permissionCode) {
		if(self::$disabled) return true;
		
		
		if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
			$member = Security::authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
			if($member) {
				$authenticated = true;
			}
		}
		
		// If we've failed the authentication mechanism, then show the login form
		if(!isset($authenticated)) {
			header("WWW-Authenticate: Basic realm=\"$realm\"");
			header('HTTP/1.0 401 Unauthorized');

			if(isset($_SERVER['PHP_AUTH_USER'])) {
				echo "That username / password isn't recognised";
			} else {
				echo "Please enter a username and password.";
			}
			
			die();
		}
		
		if(!Permission::checkMember($member->ID, 'ADMIN')) {
			header("WWW-Authenticate: Basic realm=\"$realm\"");
			header('HTTP/1.0 401 Unauthorized');

			if(isset($_SERVER['PHP_AUTH_USER'])) {
				echo "That user is not an administrator.";
			}
			
			die();
		}
	}
	
	static protected $disabled;
	static function disable() {
		self::$disabled = true;
	}
}