[pLog-svn] Request for comments on site-wide HTTP auth patch

Oscar Renalias oscar at renalias.net
Wed Mar 22 06:44:25 GMT 2006 

This looks  very good to me, good work.

If I created an account for you in thr wiki, would you mind putting  
this there? Other people might find it interesting!

Oscar

On 22 Mar 2006, at 07:36, Jesse Peterson wrote:

> Hello everyone,
>
> I've modified LifeType to have _very_ rough support for HTTP Auth for
> anything that uses a Controller.  This is pretty naughty in that it
> limits any use of a Controller to an HTTP page with authentication but
> it works well enough for my use.  While I realize this won't be useful
> to probably most of LifeType's users I thought I'd submit it for  
> review
> and comments anyway.  Thanks in advance for any reply!
>
> Modified from release version 1.0.3 of LifeType:
>
> Index: class/action/admin/adminaction.class.php
> ===================================================================
> --- class/action/admin/adminaction.class.php	(revision 4)
> +++ class/action/admin/adminaction.class.php	(working copy)
> @@ -86,10 +86,12 @@
>           */
>          function _getBlogInfo()
>          {
> -            $session = HttpVars::getSession();
> -            $sessionInfo = $session["SessionInfo"];
> -
> -            $this->_blogInfo = $sessionInfo->getValue( "blogInfo" );
> +			if (!$this->_userInfo)
> +				$this->_getUserInfo ();
> +				
> +			$users = new Users;
> +			$this->_blogInfo = end ($users->getUsersBlogs
> ( $this->_userInfo->getId(), BLOG_STATUS_ACTIVE ));
> +			unset ($unset);
>          }
>
>          /**
> @@ -98,9 +100,9 @@
>           */
>          function _getUserInfo()
>          {
> -            $session = HttpVars::getSession();
> -            $sessionInfo = $session["SessionInfo"];
> -            $this->_userInfo = $sessionInfo->getValue("userInfo");
> +			$users = new Users;
> +			$this->_userInfo = $users->getUserInfo
> ( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] );
> +			unset ($users);
>          }
>
>          /**
> Index: class/controller/controller.class.php
> ===================================================================
> --- class/controller/controller.class.php	(revision 4)
> +++ class/controller/controller.class.php	(working copy)
> @@ -20,6 +20,8 @@
>      include_once
> ( PLOG_CLASS_PATH."class/action/actioninfo.class.php" ); include_once
> ( PLOG_CLASS_PATH."class/controller/resourceclassloader.class.php" );
> +   // include_once( PLOG_CLASS_PATH."class/dao/users.class.php" );
> +
>      //
>      // various constants that will come handy
>      //
> @@ -39,6 +41,34 @@
>      //
>      $_plogController_forwardAction = array();
>
> +	class HttpAuthController extends Object {
> +		function HttpAuthController () {
> +			include_once
> ( PLOG_CLASS_PATH."class/dao/users.class.php" ); +
> +			if (!$this->suppliedCredentials ())
> +				$this->requireAuthentication ();
> +			else {
> +				// check credentials
> +				$users = new Users;
> +				if( !$users->authenticateUser( $_SERVER
> ['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ))
> +					$this->requireAuthentication
> ();
> +			}
> +		}
> +
> +		function requireAuthentication () {
> +			header ('WWW-Authenticate: Basic
> realm="LifeType"');
> +			header ('HTTP/1.0 401 Unauthorized');
> +			echo '<html><body><h1>AUTHENTICATION
> REQUIRED</h1></body></html>';
> +			exit;
> +		}
> +		
> +		function suppliedCredentials () {
> +			return isset ($_SERVER['PHP_AUTH_USER']);
> +		}
> +	}
> +
> +	
> +
>      /**
>       * \ingroup Controller
>       *
> @@ -121,7 +151,7 @@
>       * @see FormValidator
>       * @see Validator
>       */
> -    class Controller extends Object
> +    class Controller extends HttpAuthController
>      {
>          var $_actionParam;
>  		
> @@ -150,7 +180,7 @@
>           */
>          function Controller( $actionMap, $actionParam =
> DEFAULT_ACTION_PARAM ) {
> -            $this->Object();
> +			parent::HttpAuthController ();
>
>              global $_plogController_actionMap;
>              if( !is_array($_plogController_actionMap))
> Index: class/controller/admincontrollermap.properties.php
> ===================================================================
> --- class/controller/admincontrollermap.properties.php	(revision
> 4) +++ class/controller/admincontrollermap.properties.php
> (working copy) @@ -7,7 +7,7 @@
>       */
>
>      // default action that is used if no other
> -    $actions["Default"]    = "AdminDefaultAction";
> +    $actions["Default"]    = "AdminMainAction";
>      // after logging in, this is the action called
>      $actions["Login"]      = "AdminLoginAction";
>      // this action is called after we have verified that the user is
> valid
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn
>

More information about the pLog-svn mailing list