<?php /** * Checks if the user is logged on and sends a HTTP basic auth * request to the browser if not. In that case the script ends. * If username and password are available, the user service's * login method is used to log the user in. * * SemanticScuttle - your social bookmark manager. * * PHP version 5. * * @category Bookmarking * @package SemanticScuttle * @author Benjamin Huynh-Kim-Bang <mensonge@users.sourceforge.net> * @author Christian Weiske <cweiske@cweiske.de> * @author Eric Dane <ericdane@users.sourceforge.net> * @license GPL http://www.gnu.org/licenses/gpl.html * @link http://sourceforge.net/projects/semanticscuttle */ require_once '../www-header.php'; /** * Sends HTTP auth headers to the browser */ function authenticate() { header('WWW-Authenticate: Basic realm="SemanticScuttle API"'); header('HTTP/1.0 401 Unauthorized'); die(T_("Use of the API calls requires authentication.")); } if (!$userservice->isLoggedOn()) { /* Maybe we have caught authentication data in $_SERVER['REMOTE_USER'] ( Inspired by http://www.yetanothercommunitysystem.com/article-321-regle-comment-utiliser-l-authentification-http-en-php-chez-ovh ) */ if ((!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) && isset($_SERVER['REMOTE_USER']) && preg_match('/Basic\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches) ) { list($name, $password) = explode(':', base64_decode($matches[1])); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } if (!isset($_SERVER['PHP_AUTH_USER'])) { authenticate(); } else { $login = $userservice->login( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ); if ($login) { $currentUser = $userservice->getCurrentObjectUser(); } else { authenticate(); } } } ?>