/
HttpBasicAuth.php
89 lines (85 loc) · 2.88 KB
/
HttpBasicAuth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
<?php
/**
* HTTP Basic Authentication
*
* Use this middleware with your Slim Framework application
* to require HTTP basic auth for all routes.
*
* @author Josh Lockhart <info@slimframework.com>
* @version 1.0
* @copyright 2012 Josh Lockhart
*
* USAGE
*
* $app = new Slim();
* $app->add(new HttpBasicAuth('theUsername', 'thePassword'));
*
* MIT LICENSE
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
* LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
class HttpBasicAuth extends Slim_Middleware {
/**
* @var string
*/
protected $realm;
/**
* @var string
*/
protected $username;
/**
* @var string
*/
protected $password;
/**
* Constructor
*
* @param string $username The HTTP Authentication username
* @param string $password The HTTP Authentication password
* @param string $realm The HTTP Authentication realm
* @return void
*/
public function __construct( $username, $password, $realm = 'Protected Area' ) {
$this->username = $username;
$this->password = $password;
$this->realm = $realm;
}
/**
* Call
*
* This method will check the HTTP request headers for previous authentication. If
* the request has already authenticated, the next middleware is called. Otherwise,
* a 401 Authentication Required response is returned to the client.
*
* @return void
*/
public function call() {
$req = $this->app->request();
$res = $this->app->response();
$authUser = $req->headers('PHP_AUTH_USER');
$authPass = $req->headers('PHP_AUTH_PW');
if ( $authUser && $authPass && $authUser === $this->username && $authPass === $this->password ) {
$this->next->call();
} else {
$res->status(401);
$res->header('WWW-Authenticate', sprintf('Basic realm="%s"', $this->realm));
}
}
}