351,41 → 351,47 |
} |
|
protected function authentifier() { |
if (!isset($_SERVER['PHP_AUTH_USER'])) { |
header('WWW-Authenticate: Basic realm="www.tela-botanica.org"'); |
header('HTTP/1.0 401 Unauthorized'); |
header('Content-type: text/html; charset=UTF-8'); |
echo 'Accès interdit'; |
exit; |
} else { |
if ($this->verifierAcces()) { |
return ; |
} else { |
if (JRest::$cgi === false) { // si on est en CGI, accès libre pour tous (pas trouvé mieux) |
if (!isset($_SERVER['PHP_AUTH_USER'])) { |
header('WWW-Authenticate: Basic realm="www.tela-botanica.org"'); |
header('HTTP/1.0 401 Unauthorized'); |
header('Content-type: text/html; charset=UTF-8'); |
echo 'Accès interdit'; |
exit ; |
exit; |
} else { |
if ($this->verifierAcces()) { |
return ; |
} else { |
header('WWW-Authenticate: Basic realm="www.tela-botanica.org"'); |
header('HTTP/1.0 401 Unauthorized'); |
header('Content-type: text/html; charset=UTF-8'); |
echo 'Accès interdit'; |
exit ; |
} |
} |
} |
} |
|
protected function verifierAcces($id = null, $mdp = null) { |
$id = is_null($id) ? $_SERVER['PHP_AUTH_USER'] : $id; |
$mdp = is_null($mdp) ? $_SERVER['PHP_AUTH_PW'] : $mdp; |
|
$requete = 'SELECT '.$this->config['database_ident']['ann_id'].' AS courriel '. |
'FROM '.$this->config['database_ident']['database'].'.'.$this->config['database_ident']['annuaire'].' '. |
'WHERE '.$this->config['database_ident']['ann_id'].' = '.$this->bdd->quote($id).' '. |
' AND '.$this->config['database_ident']['ann_pwd'].' = '.$this->config['database_ident']['pass_crypt_funct'].'('.$this->bdd->quote($mdp).')' ; |
|
$resultat = $this->bdd->query($requete)->fetch(); |
|
$identifie = false; |
if (isset($resultat['courriel'])) { |
$identifie = true; |
if (JRest::$cgi === false) { // si on est en CGI, accès libre pour tous (pas trouvé mieux) |
$id = is_null($id) ? $_SERVER['PHP_AUTH_USER'] : $id; |
$mdp = is_null($mdp) ? $_SERVER['PHP_AUTH_PW'] : $mdp; |
|
$requete = 'SELECT '.$this->config['database_ident']['ann_id'].' AS courriel '. |
'FROM '.$this->config['database_ident']['database'].'.'.$this->config['database_ident']['annuaire'].' '. |
'WHERE '.$this->config['database_ident']['ann_id'].' = '.$this->bdd->quote($id).' '. |
' AND '.$this->config['database_ident']['ann_pwd'].' = '.$this->config['database_ident']['pass_crypt_funct'].'('.$this->bdd->quote($mdp).')' ; |
|
$resultat = $this->bdd->query($requete)->fetch(); |
|
$identifie = false; |
if (isset($resultat['courriel'])) { |
$identifie = true; |
} |
return $identifie; |
} else { |
return true; // ça fait un peu mal... |
} |
return $identifie; |
} |
|
/** |
398,9 → 404,11 |
protected function authentificationHttpSimple() { |
$autorise = true; |
// contrôle d'accès |
$nomUtil = $_SERVER['PHP_AUTH_USER']; |
$mdp = $_SERVER['PHP_AUTH_PW']; |
$autorise = (($nomUtil == $this->config['database_ident']['username']) && ($mdp == $this->config['database_ident']['password'])); |
if (JRest::$cgi === false) { // si on est en CGI, accès libre pour tous (pas trouvé mieux) |
$nomUtil = $_SERVER['PHP_AUTH_USER']; |
$mdp = $_SERVER['PHP_AUTH_PW']; |
$autorise = (($nomUtil == $this->config['database_ident']['username']) && ($mdp == $this->config['database_ident']['password'])); |
} |
// entêtes HTTP |
if (! $autorise) { |
header('WWW-Authenticate: Basic realm="Annuaire de Tela Botanica"'); |