4 This auth plugin queries authentication data via the HTTP Basic AUTH
5 method, which usually popups the ugly-looking browser login boxes. This
6 is more professional than login <forms> and has the advantage, that the
7 authentication infos aren't stored by browsers (unless you use a TCPA-
8 enabled IE which may of course transmit authentication data to third
12 - EWIKI_PROTECTED_MODE
13 - plugins/auth_perm_ring.php (or another one)
14 - plugins/userdb_array.php (or others)
15 - a binary-safe ewiki/yoursite setup (see the
16 section on uploads and images in the README)
18 You can only load __one__ auth method plugin!
20 Note: if you want your Wiki to be accessible to a small group of
21 people only, then you should favour the http authentication mechanism
22 of your webserver! This is just a very poor implementation of the HTTP
24 (all in here borrowed from the fragments/auth.php)
29 $ewiki_plugins["auth_query"][0] = "ewiki_auth_query_http";
30 define("EWIKI_AUTH_QUERY_SAFE", "always");
34 $ewiki_t["en"]["RESTRICTED_ACCESS"] = "You must be authenticated to use this part of the wiki.";
38 function ewiki_auth_query_http(&$data, $force_query=0) {
40 global $ewiki_plugins, $ewiki_errmsg, $ewiki_author, $ewiki_ring;
42 #-- fetch user:password
43 if ($uu = trim($_SERVER["HTTP_AUTHORIZATION"])) {
44 $auth_method = strtolower(strtok($uu, " "));
45 if ($auth_method=="basic") {
47 $uu = base64_decode($uu);
48 list($_a_u, $_a_p) = explode(":", $uu, 2);
51 #-- invalid response, ignore
54 elseif (strlen($_a_u = trim($_SERVER["PHP_AUTH_USER"]))) {
55 $_a_p = trim($_SERVER["PHP_AUTH_PW"]);
59 $_success = ewiki_auth_user($_a_u, $_a_p);
61 #-- request HTTP Basic authentication otherwise
62 if (!$_success && $force_query || ($force_query >= 2)) {
63 $realm = ewiki_t("RESTRICTED_ACCESS");
65 if ($uu = $ewiki_config["login_notice"]) {
68 if ($uu = $ewiki_config["http_auth_add"]) {
69 $addmethod = ", $uu realm=\"$realm\"";
71 header('HTTP/1.1 401 Authentication Required');
72 header('Status: 401 Authentication Required');
73 header('WWW-Authenticate: Basic realm="'.$realm.'"'.$addmethod);