Dotan Cohen wrote:

...

> Thanks for any and all input.

// here is a completely different way of doing it:

function setSimplePageProtectionDetails($login, $pwd, $makeSha1Hash = false)
{

    if (!defined('SIMPLE_AUTH_PW') && !defined('SIMPLE_AUTH_USER')) {
        if (!$login || !$pwd) {
            return 0;
        }

        define('SIMPLE_AUTH_USER',    $login);
        define('SIMPLE_AUTH_PW',      ($makeSha1Hash ? sha1($pwd) : $pwd));
    }

    return -1;
}

function simplePageProtection($token = null, $realm = null)
{
    if (!defined('SIMPLE_AUTH_PW') || !defined('SIMPLE_AUTH_USER')) {
        die('required authentication details are not configured - unable to 
grant access to anyone.');
    }

    if (($token === null) || !$bla = strval($token)) $bla = 'micrositedefault';
    $token = 'access_to_'.$bla.'_granted';

    if (! ($realm = strval($realm))) $realm = "Please login";

    if (!isset($_SESSION[ $token ]) || !$_SESSION[ $token ]) {
        $_SESSION[ $token ] = false;

        $login = isset($_SERVER[ 'PHP_AUTH_USER' ]) ? $_SERVER[ 'PHP_AUTH_USER' 
]: false;
        $pass  = isset($_SERVER[ 'PHP_AUTH_PW' ])   ? $_SERVER[ 'PHP_AUTH_PW' 
]: false;

        if (strtolower(trim($login)) == strtolower(trim(SIMPLE_AUTH_USER)) && 
sha1($pass) === SIMPLE_AUTH_PW) {
            $_SESSION[ $token ] = true;
        } else {
            header('WWW-Authenticate: Basic realm="'.$realm.'."');
            header('HTTP/1.0 401 Unauthorized');
            exit;
        }
    }
}

// configure page protection
setSimplePageProtectionDetails('your_login', 'your_pwd', true);
// alternative page protection (using literal sha1 hash of the string 
'your_pwd')
// setSimplePageProtectionDetails('your_login', 
'0eb9a6a3306220b901c7b4920cd9896899f219be');


// activate page protection
simplePageProtection('your_token', 'your_realm');

> 
> Dotan Cohen
> 
> http://nanir.com
> http://what-is-what.com/what_is/html.html
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to