On 23/10/06, Jochem Maas <[EMAIL PROTECTED]> wrote:
Dotan Cohen wrote:
...
> Thanks for any and all input.
// here is a completely different way of doing it:
function setSimplePageProtectionDetails($login, $pwd, $makeSha1Hash = false)
{
if (!defined('SIMPLE_AUTH_PW') && !defined('SIMPLE_AUTH_USER')) {
if (!$login || !$pwd) {
return 0;
}
define('SIMPLE_AUTH_USER', $login);
define('SIMPLE_AUTH_PW', ($makeSha1Hash ? sha1($pwd) : $pwd));
}
return -1;
}
function simplePageProtection($token = null, $realm = null)
{
if (!defined('SIMPLE_AUTH_PW') || !defined('SIMPLE_AUTH_USER')) {
die('required authentication details are not configured - unable to
grant access to anyone.');
}
if (($token === null) || !$bla = strval($token)) $bla = 'micrositedefault';
$token = 'access_to_'.$bla.'_granted';
if (! ($realm = strval($realm))) $realm = "Please login";
if (!isset($_SESSION[ $token ]) || !$_SESSION[ $token ]) {
$_SESSION[ $token ] = false;
$login = isset($_SERVER[ 'PHP_AUTH_USER' ]) ? $_SERVER[ 'PHP_AUTH_USER'
]: false;
$pass = isset($_SERVER[ 'PHP_AUTH_PW' ]) ? $_SERVER[ 'PHP_AUTH_PW'
]: false;
if (strtolower(trim($login)) == strtolower(trim(SIMPLE_AUTH_USER)) &&
sha1($pass) === SIMPLE_AUTH_PW) {
$_SESSION[ $token ] = true;
} else {
header('WWW-Authenticate: Basic realm="'.$realm.'."');
header('HTTP/1.0 401 Unauthorized');
exit;
}
}
}
// configure page protection
setSimplePageProtectionDetails('your_login', 'your_pwd', true);
// alternative page protection (using literal sha1 hash of the string
'your_pwd')
// setSimplePageProtectionDetails('your_login',
'0eb9a6a3306220b901c7b4920cd9896899f219be');
// activate page protection
simplePageProtection('your_token', 'your_realm');
Thanks, I had considered http authentication and decided against it as
I am not familiar with it. By your example, I learn. Thank you.
Dotan Cohen
http://what-is-what.com/what_is/linux.html
http://technology-sleuth.com/question/what_is_a_router.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php