/[docman]/htusers_header.php
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Annotation of /htusers_header.php

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.4 - (hide annotations)
Fri Dec 7 18:20:22 2001 UTC (22 years, 3 months ago) by dpavlin
Branch: MAIN
Changes since 1.3: +17 -2 lines
htusers_header module can "inherit" logon credentials from apache

1 dpavlin 1.1 <?
2    
3     /*
4     Document manager handling for authentification of users
5     based on:
6     * refearer header from remote browser (it's really easy to forge this)
7     * remote IP address
8     * remote DNS hostname
9    
10     Written by Dobrica Pavlinusic <dpavlin@rot13.org>
11    
12     Usage example:
13    
14     docman.conf:
15    
16     $gblUsers = "htusers_header";
17    
18     .htusers examples:
19    
20     REMOTE_ADDR=10.0.0.3:Dobrica (client ip):auth_header:dpavlin@foo.bar
21     will match exact IP adress
22     remote_hostname=hbreyer2:Dobrica (hostname):auth_header:dpavlin@foo.bar
23     will match exact hostname
24     http_referer=test.foo.bar:Dobrica (by referer):auth_header:dpavlin@foo.bar
25     will match user which comes from site test.foo.bar
26 dpavlin 1.4 remote_user=dpavlin:Dobrica (by server http auth):auth_header:dpavlin@foo.bar
27     will match user "dpavlin" which is authetificated using .htaccess
28 dpavlin 1.1
29     */
30    
31     global $PHP_AUTH_USER,$PHP_AUTH_PW;
32    
33     $htusers_file=dirname($SCRIPT_FILENAME)."/.htusers";
34    
35     $cookie_name="docman_autologin";
36     $cookie_val=md5($htusers_file.$GLOBALS[REMOTE_ADDR]);
37 dpavlin 1.4 $cookie_val_force=md5($htusers_file.$GLOBALS[REMOTE_USER]);
38 dpavlin 1.1
39     if (isset($HTTP_COOKIE_VARS[$cookie_name]) && $HTTP_COOKIE_VARS[$cookie_name] == $cookie_val) {
40 dpavlin 1.4 // no PHP_AUTH_PW set
41 dpavlin 1.1 $login_allowed=1;
42 dpavlin 1.4 } elseif (isset($HTTP_COOKIE_VARS[$cookie_name]) && $HTTP_COOKIE_VARS[$cookie_name] == $cookie_val_force) {
43     // PHP_AUTH_PW is set, force login!
44     $force_login_allowed=1;
45 dpavlin 1.1 } else {
46     $login_allowed=0;
47     }
48    
49 dpavlin 1.4 $force_login_allowed=0;
50    
51 dpavlin 1.1 $htusers=fopen($htusers_file,"r");
52     while($user = fgetcsv($htusers,255,":")) {
53     if ( $user[2]=="auth_header" ) {
54     $tmp = explode("=",$user[0]);
55     if (stristr($tmp[0],"REMOTE_ADDR") && $tmp[1] == $GLOBALS[REMOTE_ADDR]) $login_allowed=1;
56     elseif (stristr($tmp[0],"REMOTE_hostname")) {
57     $remote_hostname=gethostbyaddr($GLOBALS[REMOTE_ADDR]);
58     // remove everything after first dot
59     $remote_hostname=substr($remote_hostname,0,strpos($remote_hostname,"."));
60     if ($tmp[1] == $remote_hostname) $login_allowed=1;
61     } elseif (stristr($tmp[0],"http_referer")) {
62 dpavlin 1.3 //error_log("$tmp[0]: $tmp[1] ?? $GLOBALS[HTTP_REFERER]",0);
63 dpavlin 1.1 if (isset($GLOBALS[HTTP_REFERER]) && stristr($GLOBALS[HTTP_REFERER],$tmp[1])) {
64 dpavlin 1.4 setcookie($cookie_name,$cookie_val_force,time()+3600);
65 dpavlin 1.1 $login_allowed=1;
66 dpavlin 1.3 //error_log("$tmp[0]: $tmp[1] == $GLOBALS[HTTP_REFERER]",0);
67 dpavlin 1.1 }
68 dpavlin 1.4 } elseif (stristr($tmp[0],"remote_user") && isset($GLOBALS[AUTH_TYPE]) && isset($GLOBALS[REMOTE_USER])) {
69     if ($GLOBALS[REMOTE_USER] == $tmp[1]) {
70     $force_login_allowed=1;
71     }
72 dpavlin 1.1
73     }
74 dpavlin 1.4 error_log("$tmp[0]: $tmp[1] == $GLOBALS[REMOTE_USER] go!go!go! $login_allowed|$force_login_allowed|$PHP_AUTH_PW",0);
75     if (($login_allowed && !isset($PHP_AUTH_PW)) || ($force_login_allowed && isset($PHP_AUTH_PW))) {
76     error_log("boink!",0);
77 dpavlin 1.1 $gblUserName=$user[1];
78     // make fake login credentials
79     $PHP_AUTH_PW=$PHP_AUTH_USER=$user[0];
80     $gblPw=md5($PHP_AUTH_USER.$PHP_AUTH_PW);
81     $gblEmail=$user[3];
82     continue ;
83     }
84     }
85     }
86     fclose($htusers);
87    
88     ?>

  ViewVC Help
Powered by ViewVC 1.1.26