1: <?php
2:
3: /**
4: * Tries to authorize user based on Apache HTTP authentication credentials
5: *
6: * The <var>PHP_AUTH_USER</var> is mapped to a Zenphoto user
7: * the <var>PHP_AUTH_PW</var> must be in cleartext and match the Zenphoto user's password
8: * (If the User validation is set to <i>trusted</i> the <var>PHP_AUTH_PW</var> password will be ignored and
9: * need not be cleartext.)
10: *
11: * Note that the HTTP logins are outside of Zenphoto so there is no security logging of
12: * them. Nor can Zenphoto "log off" the user. The normal logout links will not show for
13: * users logged in via this plugin.
14: *
15: * Apache configuration:
16: * <ul>
17: * <li>Run the Apache <var>htpasswd</var> utility to create a password file containing your first user:
18: * <i>path to apache executables</i> <var>htpasswd -cp</var> <i>path to apache folder</i> <var>passwords user1</var><br><br>
19: * <var>htpasswd</var> will prompt you for the password. You can repeat the process for each additional user
20: * or you can simply edit the <i>passwords</i> file with a text editor.<br><br>
21: * Each <i>user/password</i> must match to a Zenphoto <i>user/password</i> or access to Zenphoto will be at a <i>guest</i>
22: * level. If a user changes his password in Zenphoto someone must make the equivalent change in
23: * the Apache password file for the Zenphoto user access to succeed. (However, see the <i>User validation</i>
24: * option.)</li>
25: *
26: * <li>Create a file named "groups" in your apache folder</li>
27: * <li>Edit the "groups" file with a line similar to:
28: * <var>zenphoto: stephen george frank</var>.
29: * This creates a group named zenphoto with the list of users as members</li>
30: *
31: * <li>Add the following lines to your Zenphoto root .htaccess file after the initial comments and
32: * before the rewrite rules:
33: * <ul>
34: * <li>AuthType Basic</li>
35: * <li>AuthName "Zenphoto realm"</li>
36: * <li>AuthUserFile c:/wamp/bin/apache/passwords</li>
37: * <li>AuthGroupFile c:/wamp/bin/apache/groups</li>
38: * <li>Require group zenphoto</li>
39: * </ul>
40: * </li>
41: * </ul>
42: *
43: *
44: * @author Stephen Billard (sbillard)
45: * @package plugins
46: * @subpackage users
47: */
48: $plugin_is_filter = 5 | CLASS_PLUGIN;
49: $plugin_description = gettext('Checks for Apache HTTP authentication of authorized users.');
50: $plugin_author = "Stephen Billard (sbillard)";
51:
52: $option_interface = 'http_auth';
53:
54: zp_register_filter('authorization_cookie', 'http_auth::check');
55:
56: class http_auth {
57:
58: /**
59: * class instantiation function
60: *
61: * @return http_auth
62: */
63: function __construct() {
64: setOptionDefault('http_auth_trust', 0);
65: }
66:
67: /**
68: * Reports the supported options
69: *
70: * @return array
71: */
72: function getOptionsSupported() {
73: return array(gettext('User validation') => array('key' => 'http_auth_trust', 'type' => OPTION_TYPE_RADIO,
74: 'buttons' => array(gettext('verify') => '0', gettext('trusted') => '1'),
75: 'desc' => gettext('Set to <em>trusted</em> to presume the HTTP user is securely authorized. (This setting does not verify passwords against the Zenphoto user.)')));
76: }
77:
78: function handleOption($option, $currentValue) {
79:
80: }
81:
82: static function check($authorized) {
83: global $_zp_current_admin_obj;
84: if (!$authorized) {
85: // not logged in via normal Zenphoto handling
86: // PHP-CGI auth fixd
87: if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
88: $auth_params = explode(":", base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
89: $_SERVER['PHP_AUTH_USER'] = $auth_params[0];
90: unset($auth_params[0]);
91: $_SERVER['PHP_AUTH_PW'] = implode('', $auth_params);
92: }
93: if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
94: $auth_params = explode(":", base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
95: $_SERVER['PHP_AUTH_USER'] = $auth_params[0];
96: unset($auth_params[0]);
97: $_SERVER['PHP_AUTH_PW'] = implode('', $auth_params);
98: }
99:
100: if (array_key_exists('PHP_AUTH_USER', $_SERVER) && array_key_exists('PHP_AUTH_PW', $_SERVER)) {
101: $user = $_SERVER['PHP_AUTH_USER'];
102: $pass = $_SERVER['PHP_AUTH_PW'];
103: if (getOption('http_auth_trust')) {
104: $userobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $user, '`valid`=' => 1));
105: } else {
106: $userobj = Zenphoto_Authority::checkLogon($user, $pass);
107: }
108: if ($userobj) {
109: $_zp_current_admin_obj = $userobj;
110: $_zp_current_admin_obj->logout_link = false;
111: $authorized = $_zp_current_admin_obj->getRights();
112: }
113: }
114: }
115: return $authorized;
116: }
117:
118: }
119:
120: ?>