mirror of
https://github.com/til-schneider/slim-wiki.git
synced 2025-10-24 13:06:04 +02:00
Add support for PHP via FastCGI (#15)
This commit is contained in:
@@ -1,5 +1,8 @@
|
||||
RewriteEngine On
|
||||
|
||||
# Forward HTTP BASIC auth headers when using FastCGI
|
||||
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
|
||||
|
||||
RewriteCond %{THE_REQUEST} !^GET\ .*?/client/([a-z]\.(js|css)|img/|libs/)
|
||||
RewriteCond %{THE_REQUEST} !^GET\ .*?/server/theme/
|
||||
RewriteCond %{REQUEST_FILENAME} !-f
|
||||
|
@@ -14,14 +14,30 @@ class EditorService {
|
||||
|| $methodName == 'createUserConfig');
|
||||
}
|
||||
|
||||
// Returns tuple of username/password or [null,null].
|
||||
private function getUserCredentials() {
|
||||
if (isset($_SERVER["REDIRECT_HTTP_AUTHORIZATION"]) && !empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
|
||||
list ($auth_type, $cred) = explode (" ", $_SERVER['REDIRECT_HTTP_AUTHORIZATION']);
|
||||
if ($auth_type == 'Basic') {
|
||||
return explode (":", base64_decode($cred));
|
||||
}
|
||||
} else if (isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
return array( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] );
|
||||
}
|
||||
return array(null, null);
|
||||
}
|
||||
|
||||
// Returns one of: 'logged-in', 'no-credentials', 'wrong-credentials'
|
||||
public function getLoginState() {
|
||||
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
list ($auth_user, $auth_pw) = $this->getUserCredentials();
|
||||
|
||||
if (!($auth_user && $auth_pw)) {
|
||||
return 'no-credentials';
|
||||
} else {
|
||||
$userInfo = $this->context->getConfig()['user.' . $_SERVER['PHP_AUTH_USER']];
|
||||
}
|
||||
|
||||
$userInfo = $this->context->getConfig()['user.' . $auth_user];
|
||||
if (isset($userInfo)) {
|
||||
$loginHash = hash($userInfo['type'], $_SERVER['PHP_AUTH_PW'] . $userInfo['salt']);
|
||||
$loginHash = hash($userInfo['type'], $auth_pw . $userInfo['salt']);
|
||||
if ($loginHash == $userInfo['hash']) {
|
||||
return 'logged-in';
|
||||
}
|
||||
@@ -29,7 +45,6 @@ class EditorService {
|
||||
|
||||
return 'wrong-credentials';
|
||||
}
|
||||
}
|
||||
|
||||
public function assertLoggedIn() {
|
||||
if ($this->getLoginState() != 'logged-in') {
|
||||
|
Reference in New Issue
Block a user