-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathauth_lib.php
More file actions
41 lines (38 loc) · 1.21 KB
/
auth_lib.php
File metadata and controls
41 lines (38 loc) · 1.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<?php
/**
* Library to enable authentication (http Basic auth) based on
* one set of credentials
*
* @author Chris Baumann <c.baumann@baumann.at>
* @copyright 2020 baumann.at - concepts & solutions
* @version v0.2 - 29.9.2020: switch to sha256 hash for password
*
*/
/*
example usage:
if authOK('someUser', hash('sha256', 's3cr3tPA55')) { ... }
*/
/**
* Checks if http connection is authenticated correctly.
* if not, responds with usual http 401 headers and exists.
* Checking is only done, if requiredUser is set.
*
* @param string requiredUser (username)
* @param string requiredPassHash (sha256 hash of password)
* @return boolean (true) on successful authentication
*/
function authOK($requiredUser, $requiredPassHash, $realm = 'default realm') {
if (!isset($requiredUser)) {
return (true);
}
if (isset($_SERVER['PHP_AUTH_USER']) and isset($_SERVER['PHP_AUTH_PW'])) {
if (($_SERVER['PHP_AUTH_USER'] == $requiredUser) and (hash('sha256', $_SERVER['PHP_AUTH_PW']) == $requiredPassHash)) {
return (true);
}
}
header('WWW-Authenticate: Basic realm="' . $realm . '"');
header('HTTP/1.0 401 Unauthorized', true, 401);
echo($realm);
exit;
}
?>