[pLog-svn] Request for comments on site-wide HTTP auth patch
Oscar Renalias
oscar at renalias.net
Wed Mar 22 06:44:25 GMT 2006
This looks very good to me, good work.
If I created an account for you in thr wiki, would you mind putting
this there? Other people might find it interesting!
Oscar
On 22 Mar 2006, at 07:36, Jesse Peterson wrote:
> Hello everyone,
>
> I've modified LifeType to have _very_ rough support for HTTP Auth for
> anything that uses a Controller. This is pretty naughty in that it
> limits any use of a Controller to an HTTP page with authentication but
> it works well enough for my use. While I realize this won't be useful
> to probably most of LifeType's users I thought I'd submit it for
> review
> and comments anyway. Thanks in advance for any reply!
>
> Modified from release version 1.0.3 of LifeType:
>
> Index: class/action/admin/adminaction.class.php
> ===================================================================
> --- class/action/admin/adminaction.class.php (revision 4)
> +++ class/action/admin/adminaction.class.php (working copy)
> @@ -86,10 +86,12 @@
> */
> function _getBlogInfo()
> {
> - $session = HttpVars::getSession();
> - $sessionInfo = $session["SessionInfo"];
> -
> - $this->_blogInfo = $sessionInfo->getValue( "blogInfo" );
> + if (!$this->_userInfo)
> + $this->_getUserInfo ();
> +
> + $users = new Users;
> + $this->_blogInfo = end ($users->getUsersBlogs
> ( $this->_userInfo->getId(), BLOG_STATUS_ACTIVE ));
> + unset ($unset);
> }
>
> /**
> @@ -98,9 +100,9 @@
> */
> function _getUserInfo()
> {
> - $session = HttpVars::getSession();
> - $sessionInfo = $session["SessionInfo"];
> - $this->_userInfo = $sessionInfo->getValue("userInfo");
> + $users = new Users;
> + $this->_userInfo = $users->getUserInfo
> ( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] );
> + unset ($users);
> }
>
> /**
> Index: class/controller/controller.class.php
> ===================================================================
> --- class/controller/controller.class.php (revision 4)
> +++ class/controller/controller.class.php (working copy)
> @@ -20,6 +20,8 @@
> include_once
> ( PLOG_CLASS_PATH."class/action/actioninfo.class.php" ); include_once
> ( PLOG_CLASS_PATH."class/controller/resourceclassloader.class.php" );
> + // include_once( PLOG_CLASS_PATH."class/dao/users.class.php" );
> +
> //
> // various constants that will come handy
> //
> @@ -39,6 +41,34 @@
> //
> $_plogController_forwardAction = array();
>
> + class HttpAuthController extends Object {
> + function HttpAuthController () {
> + include_once
> ( PLOG_CLASS_PATH."class/dao/users.class.php" ); +
> + if (!$this->suppliedCredentials ())
> + $this->requireAuthentication ();
> + else {
> + // check credentials
> + $users = new Users;
> + if( !$users->authenticateUser( $_SERVER
> ['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ))
> + $this->requireAuthentication
> ();
> + }
> + }
> +
> + function requireAuthentication () {
> + header ('WWW-Authenticate: Basic
> realm="LifeType"');
> + header ('HTTP/1.0 401 Unauthorized');
> + echo '<html><body><h1>AUTHENTICATION
> REQUIRED</h1></body></html>';
> + exit;
> + }
> +
> + function suppliedCredentials () {
> + return isset ($_SERVER['PHP_AUTH_USER']);
> + }
> + }
> +
> +
> +
> /**
> * \ingroup Controller
> *
> @@ -121,7 +151,7 @@
> * @see FormValidator
> * @see Validator
> */
> - class Controller extends Object
> + class Controller extends HttpAuthController
> {
> var $_actionParam;
>
> @@ -150,7 +180,7 @@
> */
> function Controller( $actionMap, $actionParam =
> DEFAULT_ACTION_PARAM ) {
> - $this->Object();
> + parent::HttpAuthController ();
>
> global $_plogController_actionMap;
> if( !is_array($_plogController_actionMap))
> Index: class/controller/admincontrollermap.properties.php
> ===================================================================
> --- class/controller/admincontrollermap.properties.php (revision
> 4) +++ class/controller/admincontrollermap.properties.php
> (working copy) @@ -7,7 +7,7 @@
> */
>
> // default action that is used if no other
> - $actions["Default"] = "AdminDefaultAction";
> + $actions["Default"] = "AdminMainAction";
> // after logging in, this is the action called
> $actions["Login"] = "AdminLoginAction";
> // this action is called after we have verified that the user is
> valid
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn
>
More information about the pLog-svn
mailing list