405 } |
405 } |
406 |
406 |
407 |
407 |
408 $realm = 'Polemictweet restricted area'; |
408 $realm = 'Polemictweet restricted area'; |
409 |
409 |
|
410 /*function authenticate($users, $translate) { |
|
411 if (!isset($_SESSION['user_id'])) |
|
412 { |
|
413 // Fetch current URL |
|
414 $this_url = $_SERVER['REQUEST_URI']; |
|
415 |
|
416 // Redirect to login page passing current URL |
|
417 header('Location: login.php?return_url=' . urlencode($this_url)); |
|
418 exit; |
|
419 } |
|
420 }*/ |
|
421 |
410 function authenticate($users, $translate) { |
422 function authenticate($users, $translate) { |
411 |
423 |
412 global $realm; |
424 global $realm; |
413 |
425 |
414 if (empty($_SERVER['PHP_AUTH_DIGEST'])) { |
426 |
|
427 if (empty($_SERVER['PHP_AUTH_DIGEST']) || !isset($_SESSION['http_digest_nonce'])) { |
415 $_SESSION['http_digest_nonce'] = uniqid(); |
428 $_SESSION['http_digest_nonce'] = uniqid(); |
416 header('HTTP/1.1 401 Unauthorized'); |
429 header('HTTP/1.1 401 Unauthorized'); |
417 header('WWW-Authenticate: Digest realm="'.$realm. |
430 header('WWW-Authenticate: Digest realm="'.$realm. |
418 '",qop="auth",nonce="'.$_SESSION['http_digest_nonce'].'",opaque="'.md5($realm).'"'); |
431 '",qop="auth",nonce="'.$_SESSION['http_digest_nonce'].'",opaque="'.md5($realm).'"'); |
419 |
|
420 return array('error' => $translate->_('This area is restricted, please authenticate')); |
432 return array('error' => $translate->_('This area is restricted, please authenticate')); |
421 } |
433 } |
422 |
434 |
423 |
435 |
424 //analyze the PHP_AUTH_DIGEST variable |
436 //analyze the PHP_AUTH_DIGEST variable |
425 if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) || |
437 if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) || |
426 !isset($users[$data['username']])) { |
438 !isset($users[$data['username']])) { |
427 $_SERVER['PHP_AUTH_DIGEST'] = ''; |
439 $_SERVER['PHP_AUTH_DIGEST'] = ''; |
|
440 unset($_SESSION['auth']); |
|
441 unset($_SESSION['http_digest_nonce']); |
428 return array('error' => $translate->_('Wrong Credentials!')); |
442 return array('error' => $translate->_('Wrong Credentials!')); |
429 } |
443 } |
430 |
444 |
431 |
445 |
432 //generate the valid response |
446 //generate the valid response |
434 $A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']); |
448 $A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']); |
435 $valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2); |
449 $valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2); |
436 |
450 |
437 if ($data['response'] != $valid_response) { |
451 if ($data['response'] != $valid_response) { |
438 $_SERVER['PHP_AUTH_DIGEST'] = ''; |
452 $_SERVER['PHP_AUTH_DIGEST'] = ''; |
|
453 unset($_SESSION['http_digest_nonce']); |
|
454 unset($_SESSION['auth']); |
439 return array('error' => $translate->_('Wrong Credentials!')); |
455 return array('error' => $translate->_('Wrong Credentials!')); |
440 } |
456 } |
441 |
457 |
442 // ok, valid username & password |
458 // ok, valid username & password |
443 $_SESSION['auth'] = $data; |
459 $_SESSION['auth'] = $data['username']; |
444 return $data; |
460 return $data; |
445 } |
461 } |
446 |
462 |
447 function logout() { |
463 function logout() { |
448 global $realm; |
464 global $realm; |
449 |
465 |
450 $_SESSION['auth'] = null; |
466 unset($_SESSION['auth']); |
451 header('HTTP/1.1 401 Unauthorized'); |
467 unset($_SESSION['http_digest_nonce']); |
452 header('WWW-Authenticate: Digest realm="'.$realm.'",qop="auth",nonce="'.$_SESSION['http_digest_nonce'].'",opaque="'.md5($realm).'"'); |
|
453 } |
468 } |
454 |
469 |
455 |
470 |
456 //function to parse the http auth header |
471 //function to parse the http auth header |
457 function http_digest_parse($txt) |
472 function http_digest_parse($txt) |