From 3006bac2ce274ed8ef40f91bf8d84bdb5714b674 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Lucas?= <sebastien@slucas.fr>
Date: Tue, 11 Nov 2014 21:15:55 +0100
Subject: [PATCH] Add full PHP password check (without any need from specific
 webserver configuration). Heavily based on a patch from Mark Bond.

---
 config.php         | 15 +++++++++++++++
 config_default.php |  8 ++++++++
 2 files changed, 23 insertions(+)

diff --git a/config.php b/config.php
index 112e352..ae41523 100644
--- a/config.php
+++ b/config.php
@@ -9,3 +9,18 @@
     require_once 'config_default.php';
     if (file_exists(dirname(__FILE__). '/config_local.php') && (php_sapi_name() !== 'cli'))
         require_once 'config_local.php';
+
+if(!is_null($config['cops_basic_authentication']) &&
+    is_array($config['cops_basic_authentication']))
+{
+    if (!isset($_SERVER['PHP_AUTH_USER']) ||
+        (isset($_SERVER['PHP_AUTH_USER']) &&
+        ($_SERVER['PHP_AUTH_USER']!=$config['cops_basic_authentication']['username'] ||
+        $_SERVER['PHP_AUTH_PW'] != $config['cops_basic_authentication']['password'])))
+    {
+        header('WWW-Authenticate: Basic realm="COPS Authentication"');
+        header('HTTP/1.0 401 Unauthorized');
+        echo 'Text to send if user hits Cancel button';
+        exit;
+    }
+}
diff --git a/config_default.php b/config_default.php
index d802669..02ab113 100644
--- a/config_default.php
+++ b/config_default.php
@@ -265,3 +265,11 @@
      * 0 : No
      */
     $config ['cops_normalized_search'] = "0";
+
+    /*
+     * Enable PHP password protection (You can use if htpasswd is not possible for you)
+     * If possible prefer htpasswd !
+     * array( "username" => "xxx", "password" => "secret") : Enable PHP password protection
+     * NULL : Disable PHP password protection (You can still use htpasswd)
+     */
+    $config['cops_basic_authentication'] = NULL;