0byt3m1n1
Path:
/
data
/
applications
/
aps
/
gallery
/
2.2-08
/
standard
/
htdocs
/
modules
/
httpauth
/
classes
/
[
Home
]
File: HttpAuthPlugin.class
<?php /* * Gallery - a web based photo album viewer and editor * Copyright (C) 2000-2007 Bharat Mediratta * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at * your option) any later version. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ GalleryCoreApi::requireOnce('modules/httpauth/classes/HttpAuthHelper.class'); /** * Get active user from username and password in HTTP headers. * * HTTP authentication is handled between the user-agent and Gallery. Gallery is responsible to * authenticate a user-supplied username / password pair. * * @package HttpAuth * @subpackage Classes * @author Jack Bates <ms419@freezone.co.uk> * @version $Revision: 15759 $ */ class HttpAuthPlugin /* extends GalleryAuthPlugin */ { /** * @see GalleryAuthPlugin::getUser */ function getUser() { list ($authtype, $username, $password) = HttpAuthHelper::getHttpAuth(); list ($ret, $user) = HttpAuthHelper::getUser($authtype, $username); if ($ret) { return array($ret, null); } /* * We are effectively logging in on every request when we use this plugin. We can't * post a login event each time we do this, but we need to post FailedLogin events. */ if (isset($user) && $user->isCorrectPassword($password)) { $ret = HttpAuthHelper::regenerateSessionIfNecessary($user); if ($ret) { return array($ret, null); } return array(null, $user); } else if (!empty($username) && strpos($username, '__LOGOUT__') !== 0) { /* * Don't post an event if the username starts with __logout__ since that is used when we * try to force the user-agent to clear its auth cache. */ $event = GalleryCoreApi::newEvent('Gallery::FailedLogin'); $event->setData(array('userName' => $username)); list ($ret, $ignored) = GalleryCoreApi::postEvent($event); if ($ret) { return array($ret, null); } } return array(null, null); } } ?>