Add full PHP password check (without any need from specific webserver configuration). Heavily based on a patch from Mark Bond.
This commit is contained in:
Sébastien Lucas
parent
0f280f77ac
commit
3006bac2ce
15
config.php
15
config.php
|
|
@ -9,3 +9,18 @@
|
||||||
require_once 'config_default.php';
|
require_once 'config_default.php';
|
||||||
if (file_exists(dirname(__FILE__). '/config_local.php') && (php_sapi_name() !== 'cli'))
|
if (file_exists(dirname(__FILE__). '/config_local.php') && (php_sapi_name() !== 'cli'))
|
||||||
require_once 'config_local.php';
|
require_once 'config_local.php';
|
||||||
|
|
||||||
|
if(!is_null($config['cops_basic_authentication']) &&
|
||||||
|
is_array($config['cops_basic_authentication']))
|
||||||
|
{
|
||||||
|
if (!isset($_SERVER['PHP_AUTH_USER']) ||
|
||||||
|
(isset($_SERVER['PHP_AUTH_USER']) &&
|
||||||
|
($_SERVER['PHP_AUTH_USER']!=$config['cops_basic_authentication']['username'] ||
|
||||||
|
$_SERVER['PHP_AUTH_PW'] != $config['cops_basic_authentication']['password'])))
|
||||||
|
{
|
||||||
|
header('WWW-Authenticate: Basic realm="COPS Authentication"');
|
||||||
|
header('HTTP/1.0 401 Unauthorized');
|
||||||
|
echo 'Text to send if user hits Cancel button';
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -265,3 +265,11 @@
|
||||||
* 0 : No
|
* 0 : No
|
||||||
*/
|
*/
|
||||||
$config ['cops_normalized_search'] = "0";
|
$config ['cops_normalized_search'] = "0";
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Enable PHP password protection (You can use if htpasswd is not possible for you)
|
||||||
|
* If possible prefer htpasswd !
|
||||||
|
* array( "username" => "xxx", "password" => "secret") : Enable PHP password protection
|
||||||
|
* NULL : Disable PHP password protection (You can still use htpasswd)
|
||||||
|
*/
|
||||||
|
$config['cops_basic_authentication'] = NULL;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue