Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**
- * The class for the access spark
- */
- class Access
- {
- /* The list of URLs to include or exclude from prompt */
- private $_forceList = array();
- /**
- * Contructor. Prompt the user for their credentials
- * if configured to do so.
- */
- public function __construct()
- {
- $this->_forceList = config_item('access_force_list');
- if(config_item('access_site_protection_enabled'))
- {
- $this->prompt();
- }
- }
- /**
- * Prompt the user for their credentials. Issues a basic HTTP Auth
- * challenge.
- */
- public function prompt()
- {
- $force_list = $this->_forceList;
- if($force_list && !$this->shouldPrompt())
- return;
- $user = @$_SERVER['PHP_AUTH_USER'];
- $pass = @$_SERVER['PHP_AUTH_PW'];
- $logins = config_item('access_logins');
- $realm = config_item('access_realm');
- if(!array_key_exists($user, $logins) || $logins[$user] != $pass)
- {
- $delay = config_item('access_delay');
- # Is a delay configured for failed logins?
- if($delay) sleep($delay);
- header('HTTP/1.0 401 Unauthorized');
- header('WWW-Authenticate: Basic realm="'.$realm.'"');
- //die("<h1>Unauthorized</h1>\n");
- }
- }
- /**
- * Should the user see an auth prompt?
- * @return bool
- */
- public function shouldPrompt()
- {
- $url = $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
- $in = FALSE;
- foreach($this->_forceList as $pattern)
- {
- if(preg_match("#$pattern#", $url))
- {
- $in = TRUE;
- break;
- }
- }
- # If the list is an INCLUDE list and the url is in it, prompt.
- # If the list is an EXCLUDE list and the url isn't in it, prompt.
- return (config_item('access_force_list_include') === $in);
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement