/[docman]/htusers_header.php
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Contents of /htusers_header.php

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.2 - (show annotations)
Wed Sep 26 14:43:35 2001 UTC (17 years, 9 months ago) by dpavlin
Branch: MAIN
Changes since 1.1: +1 -1 lines
htusers_union can be used to auth users using more than one method (e.g.
first try by http headers, then from file and at the end from SQL database)

1 <?
2
3 /*
4 Document manager handling for authentification of users
5 based on:
6 * refearer header from remote browser (it's really easy to forge this)
7 * remote IP address
8 * remote DNS hostname
9
10 Written by Dobrica Pavlinusic <dpavlin@rot13.org>
11
12 Usage example:
13
14 docman.conf:
15
16 $gblUsers = "htusers_header";
17
18 .htusers examples:
19
20 REMOTE_ADDR=10.0.0.3:Dobrica (client ip):auth_header:dpavlin@foo.bar
21 will match exact IP adress
22 remote_hostname=hbreyer2:Dobrica (hostname):auth_header:dpavlin@foo.bar
23 will match exact hostname
24 http_referer=test.foo.bar:Dobrica (by referer):auth_header:dpavlin@foo.bar
25 will match user which comes from site test.foo.bar
26
27 */
28
29 global $PHP_AUTH_USER,$PHP_AUTH_PW;
30
31 $htusers_file=dirname($SCRIPT_FILENAME)."/.htusers";
32
33 $cookie_name="docman_autologin";
34 $cookie_val=md5($htusers_file.$GLOBALS[REMOTE_ADDR]);
35
36 if (isset($HTTP_COOKIE_VARS[$cookie_name]) && $HTTP_COOKIE_VARS[$cookie_name] == $cookie_val) {
37 $login_allowed=1;
38 } else {
39 $login_allowed=0;
40 }
41
42 $htusers=fopen($htusers_file,"r");
43 while($user = fgetcsv($htusers,255,":")) {
44 if ( $user[2]=="auth_header" ) {
45 $tmp = explode("=",$user[0]);
46 if (stristr($tmp[0],"REMOTE_ADDR") && $tmp[1] == $GLOBALS[REMOTE_ADDR]) $login_allowed=1;
47 elseif (stristr($tmp[0],"REMOTE_hostname")) {
48 $remote_hostname=gethostbyaddr($GLOBALS[REMOTE_ADDR]);
49 // remove everything after first dot
50 $remote_hostname=substr($remote_hostname,0,strpos($remote_hostname,"."));
51 if ($tmp[1] == $remote_hostname) $login_allowed=1;
52 } elseif (stristr($tmp[0],"http_referer")) {
53 error_log("$tmp[0]: $tmp[1] ?? $GLOBALS[HTTP_REFERER]",0);
54 if (isset($GLOBALS[HTTP_REFERER]) && stristr($GLOBALS[HTTP_REFERER],$tmp[1])) {
55 setcookie($cookie_name,$cookie_val,time()+3600);
56 $login_allowed=1;
57 error_log("$tmp[0]: $tmp[1] == $GLOBALS[HTTP_REFERER]",0);
58 }
59
60 }
61 if ($login_allowed && !isset($PHP_AUTH_PW)) {
62 $gblUserName=$user[1];
63 // make fake login credentials
64 $PHP_AUTH_PW=$PHP_AUTH_USER=$user[0];
65 $gblPw=md5($PHP_AUTH_USER.$PHP_AUTH_PW);
66 $gblEmail=$user[3];
67 continue ;
68 }
69 }
70 }
71 fclose($htusers);
72
73 ?>

  ViewVC Help
Powered by ViewVC 1.1.26