authenticate.php

Go to the documentation of this file.
00001 <?php
00002   /*
00003    This file is part of DocBookWiki.  DocBookWiki is a web application
00004    that displays and edits DocBook documents.
00005 
00006    Copyright (C) 2004, 2005, 2006, 2007
00007    Dashamir Hoxha, dashohoxha@users.sourceforge.net
00008 
00009    DocBookWiki is free software; you can redistribute it and/or modify
00010    it under the  terms of the GNU General  Public License as published
00011    by the Free  Software Foundation; either version 2  of the License,
00012    or (at your option) any later version.
00013 
00014    DocBookWiki is distributed in the  hope that it will be useful, but
00015    WITHOUT  ANY  WARRANTY;  without   even  the  implied  warranty  of
00016    MERCHANTABILITY or  FITNESS FOR A PARTICULAR PURPOSE.   See the GNU
00017    General Public License for more details.
00018 
00019    You should have  received a copy of the  GNU General Public License
00020    along  with  DocBookWiki;  if  not,  write  to  the  Free  Software
00021    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
00022    USA
00023   */
00024 
00025 include_once 'global.php';
00026 
00031 function valid_user()
00032 {
00033   $username = $_SERVER["PHP_AUTH_USER"];
00034   $password = $_SERVER["PHP_AUTH_PW"];
00035 
00036   if ($username=='superuser')
00037     {
00038       $crypted_passwd = shell_exec('cat .su/passwd');
00039       $crypted_passwd = trim($crypted_passwd);
00040     }
00041   else
00042     {
00043       //get the user data
00044       $get_user = "templates/scripts/users/get_user.sh";
00045       $record = shell_exec("$get_user $username");
00046       $fields = explode(':', $record);
00047       if ($fields[0]!=$username)  return false;
00048       $crypted_passwd = $fields[1];
00049       $email = $fields[3];
00050     }
00051 
00052   $valid = ($crypted_passwd == crypt($password, $crypted_passwd));
00053   if (!$valid) return false;
00054 
00055   if ($username=='superuser')
00056     {
00057       define('SU', 'true');
00058       define('USER', 'su');
00059       define('EMAIL', ADMIN_EMAIL);
00060     }
00061   else
00062     {
00063       define('SU', 'false');
00064       define('USER', $username);
00065       define('EMAIL', $email);
00066     }
00067 
00068   return true;
00069 }
00070 
00071 function authenticate()
00072 {
00073   header("WWW-Authenticate: Basic realm=\"DocBook Editor\"");
00074   header("HTTP/1.0 401 Unauthorized");
00075   $host = $_SERVER['HTTP_HOST'];
00076   $file = $_SERVER['SCRIPT_NAME'];
00077   $url = 'http://'.$host.dirname($file).'/';
00078   print "
00079 <html>
00080 <head>
00081   <title>Unauthorized</title>
00082   <meta http-equiv='refresh' content='2;url=$url'>
00083 </head>
00084 <body>
00085 <h1>Sorry, you cannot access this page.</h1>
00086 </body>
00087 ";
00088 
00089   exit;
00090 }
00091 
00092 //authenticate if the user is unknown or not valid
00093 if (!isset($_SERVER['PHP_AUTH_USER']))  authenticate();
00094  else if (!valid_user())  authenticate();
00095 ?>
Generated on Wed Jan 9 08:27:32 2008 for DokBookWiki by  doxygen 1.5.2