| 351,41 → 351,47 |
|---|
| } |
| |
| protected function authentifier() { |
| if (!isset($_SERVER['PHP_AUTH_USER'])) { |
| header('WWW-Authenticate: Basic realm="www.tela-botanica.org"'); |
| header('HTTP/1.0 401 Unauthorized'); |
| header('Content-type: text/html; charset=UTF-8'); |
| echo 'Accès interdit'; |
| exit; |
| } else { |
| if ($this->verifierAcces()) { |
| return ; |
| } else { |
| if (JRest::$cgi === false) { // si on est en CGI, accès libre pour tous (pas trouvé mieux) |
| if (!isset($_SERVER['PHP_AUTH_USER'])) { |
| header('WWW-Authenticate: Basic realm="www.tela-botanica.org"'); |
| header('HTTP/1.0 401 Unauthorized'); |
| header('Content-type: text/html; charset=UTF-8'); |
| echo 'Accès interdit'; |
| exit ; |
| exit; |
| } else { |
| if ($this->verifierAcces()) { |
| return ; |
| } else { |
| header('WWW-Authenticate: Basic realm="www.tela-botanica.org"'); |
| header('HTTP/1.0 401 Unauthorized'); |
| header('Content-type: text/html; charset=UTF-8'); |
| echo 'Accès interdit'; |
| exit ; |
| } |
| } |
| } |
| } |
| |
| protected function verifierAcces($id = null, $mdp = null) { |
| $id = is_null($id) ? $_SERVER['PHP_AUTH_USER'] : $id; |
| $mdp = is_null($mdp) ? $_SERVER['PHP_AUTH_PW'] : $mdp; |
| |
| $requete = 'SELECT '.$this->config['database_ident']['ann_id'].' AS courriel '. |
| 'FROM '.$this->config['database_ident']['database'].'.'.$this->config['database_ident']['annuaire'].' '. |
| 'WHERE '.$this->config['database_ident']['ann_id'].' = '.$this->bdd->quote($id).' '. |
| ' AND '.$this->config['database_ident']['ann_pwd'].' = '.$this->config['database_ident']['pass_crypt_funct'].'('.$this->bdd->quote($mdp).')' ; |
| |
| $resultat = $this->bdd->query($requete)->fetch(); |
| |
| $identifie = false; |
| if (isset($resultat['courriel'])) { |
| $identifie = true; |
| if (JRest::$cgi === false) { // si on est en CGI, accès libre pour tous (pas trouvé mieux) |
| $id = is_null($id) ? $_SERVER['PHP_AUTH_USER'] : $id; |
| $mdp = is_null($mdp) ? $_SERVER['PHP_AUTH_PW'] : $mdp; |
| |
| $requete = 'SELECT '.$this->config['database_ident']['ann_id'].' AS courriel '. |
| 'FROM '.$this->config['database_ident']['database'].'.'.$this->config['database_ident']['annuaire'].' '. |
| 'WHERE '.$this->config['database_ident']['ann_id'].' = '.$this->bdd->quote($id).' '. |
| ' AND '.$this->config['database_ident']['ann_pwd'].' = '.$this->config['database_ident']['pass_crypt_funct'].'('.$this->bdd->quote($mdp).')' ; |
| |
| $resultat = $this->bdd->query($requete)->fetch(); |
| |
| $identifie = false; |
| if (isset($resultat['courriel'])) { |
| $identifie = true; |
| } |
| return $identifie; |
| } else { |
| return true; // ça fait un peu mal... |
| } |
| return $identifie; |
| } |
| |
| /** |
| 398,9 → 404,11 |
|---|
| protected function authentificationHttpSimple() { |
| $autorise = true; |
| // contrôle d'accès |
| $nomUtil = $_SERVER['PHP_AUTH_USER']; |
| $mdp = $_SERVER['PHP_AUTH_PW']; |
| $autorise = (($nomUtil == $this->config['database_ident']['username']) && ($mdp == $this->config['database_ident']['password'])); |
| if (JRest::$cgi === false) { // si on est en CGI, accès libre pour tous (pas trouvé mieux) |
| $nomUtil = $_SERVER['PHP_AUTH_USER']; |
| $mdp = $_SERVER['PHP_AUTH_PW']; |
| $autorise = (($nomUtil == $this->config['database_ident']['username']) && ($mdp == $this->config['database_ident']['password'])); |
| } |
| // entêtes HTTP |
| if (! $autorise) { |
| header('WWW-Authenticate: Basic realm="Annuaire de Tela Botanica"'); |