1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
<?php
namespace Intervention\Httpauth;
use Exception;
class Httpauth
{
/**
* Type of HTTP Authentication
*
* @var string
*/
public $type = 'basic';
/**
* Realm of HTTP Authentication
*
* @var string
*/
public $realm = 'Secured resource';
/**
* Username of HTTP Authentication
*
* @var string
*/
private $username;
/**
* Password of HTTP Authentication
*
* @var string
*/
private $password;
/**
* Creates new instance of Httpauth
*
* @param array $parameters set realm, username and/or password as key
*/
public function __construct($parameters = null)
{
// overwrite settings with runtime parameters (optional)
if (is_array($parameters)) {
if (array_key_exists('type', $parameters)) {
$this->type = $parameters['type'];
}
if (array_key_exists('realm', $parameters)) {
$this->realm = $parameters['realm'];
}
if (array_key_exists('username', $parameters)) {
$this->username = $parameters['username'];
}
if (array_key_exists('password', $parameters)) {
$this->password = $parameters['password'];
}
}
// check if at leat username and password is set
if ( ! $this->username || ! $this->password) {
throw new Exception('No username or password set for HttpAuthentication.');
}
}
/**
* Creates new instance of Httpaccess with given parameters
*
* @param array $parameters set realm, username and/or password
* @return Intervention\Httpauth\Httpauth
*/
public static function make($parameters = null)
{
return new Httpauth($parameters);
}
/**
* Denies access for not-authenticated users
*
* @return void
*/
public function secure()
{
if ( ! $this->validateUser($this->getUser())) {
$this->denyAccess();
}
}
/**
* Checks for valid user
*
* @param User $user
* @return bool
*/
private function validateUser(UserInterface $user)
{
return $user->isValid($this->username, $this->password, $this->realm);
}
/**
* Checks if username/password combination matches
*
* @param string $username
* @param string $password
* @return boolean
*/
public function isValid($username, $password)
{
return ($username == $this->username) && ($password == $this->password);
}
/**
* Sends HTTP 401 Header
*
* @return void
*/
private function denyAccess()
{
header('HTTP/1.0 401 Unauthorized');
switch (strtolower($this->type)) {
case 'digest':
header('WWW-Authenticate: Digest realm="' . $this->realm .'",qop="auth",nonce="' . uniqid() . '",opaque="' . md5($this->realm) . '"');
break;
default:
header('WWW-Authenticate: Basic realm="'.$this->realm.'"');
break;
}
die('<strong>HTTP/1.0 401 Unauthorized</strong>');
}
/**
* Get User according to current auth type
*
* @return Intervention\Httpauth\UserInterface
*/
private function getUser()
{
// set user based on authentication type
switch (strtolower($this->type)) {
case 'digest':
return new DigestUser;
break;
default:
return new BasicUser;
break;
}
}
}
|
