Bug fix: correct authentification for API with CGI

git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@92 b3834d28-1941-0410-a4f8-b48e95affb8f
This commit is contained in:
mensonge 2008-04-03 06:57:38 +00:00
parent 920f836e29
commit 836f47cf2a
2 changed files with 24 additions and 2 deletions

View file

@ -8,3 +8,12 @@ RewriteRule ^posts/update posts_update.php
RewriteRule ^posts/add posts_add.php RewriteRule ^posts/add posts_add.php
RewriteRule ^posts/delete posts_delete.php RewriteRule ^posts/delete posts_delete.php
RewriteRule ^tags/rename tags_rename.php RewriteRule ^tags/rename tags_rename.php
# Allow PHP_AUTH_USER with CGI script
# (Sinpired by http://www.yetanothercommunitysystem.com/article-321-regle-comment-utiliser-l-authentification-http-en-php-chez-ovh )
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]
</IfModule>

View file

@ -5,9 +5,22 @@
function authenticate() { function authenticate() {
header('WWW-Authenticate: Basic realm="SemanticScuttle API"'); header('WWW-Authenticate: Basic realm="SemanticScuttle API"');
header('HTTP/1.0 401 Unauthorized'); header('HTTP/1.0 401 Unauthorized');
die("Use of the API calls requires authentication."); die("Use of the API calls requires authentication.");
} }
/* Maybe we have caught authentication data in $_SERVER['REMOTE_USER']
( Inspired by http://www.yetanothercommunitysystem.com/article-321-regle-comment-utiliser-l-authentification-http-en-php-chez-ovh ) */
if((!$_SERVER['PHP_AUTH_USER'] || !$_SERVER['PHP_AUTH_USER'])
&& preg_match('/Basic\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]));
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
if (!isset($_SERVER['PHP_AUTH_USER'])) { if (!isset($_SERVER['PHP_AUTH_USER'])) {
authenticate(); authenticate();
} else { } else {