here's code snippets of one of my PHP5 scripts.
If you understand it it would be easy to use in PHP4 as well.
Code:
<?php
if (!Visitor::is_admin()) {
if (Visitor::is_member()) { Report::error('You have no access', 403); }
Report::error('no access', 401);
}
private function login_http()
{
if (isset($_SERVER['PHP_AUTH_USER'])) {
$name = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
} elseif (substr(php_sapi_name(), 0, 3) == 'cgi' && isset($_SERVER['REMOTE_USER'])) {
$a = base64_decode(substr($_SERVER['REMOTE_USER'],6));
if (strlen($a) > 6 && $a != ':') { list($name, $password) = explode(':', $a); }
}
if (!isset($name, $password)) { Report::error('no access', 401); }
global $CONFIG;
$member = Member::get($name, moo_hash($password, true));
if (empty($member) || !is_array($member) || ctype_digit($name) || intval($member['user_level']) < 2) {
// no such member or no admin account
Report::error('no access', 401);
}
self::member($member, !empty($_POST['remember']));
}
class Report {
public function error($message, $title='ERROR', $redirect=false)
{
global $MOO, $TPL, $CONFIG, $PAGE;
if ($redirect) { URL::refresh($redirect); }
if ($title == 401) {
$title = (defined('_ACCESSDENIED') ? _ACCESSDENIED : 'Access Denied');
header('WWW-Authenticate: Basic realm="CMS"');
header('HTTP/1.0 401 Unauthorized');
} elseif ($title == 403) {
// We understood the request, but we refuse to fulfill it.
// Authorization will not help & the request SHOULD NOT be repeated.
$title = 'Forbidden';
header("$_SERVER[SERVER_PROTOCOL] 403 Forbidden");
}
# etc.
}
}
The 'cgi' mode only works in apache with the following in .htaccess
Code:
RewriteRule ^(.*)$ $1 [E=REMOTE_USER:%{HTTP:Authorization},L]