silverstripe-framework/security/BasicAuth.php
Andrew O'Neil e46e5e73c9 Allow logging in via BasicAuth, so the publish site script can login before doing a db/build (merged from 2.1.0 branch, r41535)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@42909 467b73ca-7a2a-4603-9d3b-597d59a354a9
2007-10-02 04:32:11 +00:00

54 lines
1.4 KiB
PHP
Executable File

<?php
/**
* Provides an interface to HTTP basic authentication.
*/
class BasicAuth extends Object {
/**
* Require basic authentication. Will request a username and password if none is given.
* @param memberValidationFunction A boolean method to call on the member to validate them.
*/
static function requireLogin($realm, $permissionCode) {
if(self::$disabled) return true;
if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
$member = Security::authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
if($member) {
$authenticated = true;
}
}
// If we've failed the authentication mechanism, then show the login form
if(!isset($authenticated)) {
header("WWW-Authenticate: Basic realm=\"$realm\"");
header('HTTP/1.0 401 Unauthorized');
if(isset($_SERVER['PHP_AUTH_USER'])) {
echo "That username / password isn't recognised";
} else {
echo "Please enter a username and password.";
}
die();
}
if(!Permission::checkMember($member->ID, $permissionCode)) {
header("WWW-Authenticate: Basic realm=\"$realm\"");
header('HTTP/1.0 401 Unauthorized');
if(isset($_SERVER['PHP_AUTH_USER'])) {
echo "That user is not an administrator.";
}
die();
}
return $member;
}
static protected $disabled;
static function disable() {
self::$disabled = true;
}
}