3,6 → 3,12 |
// GESTION DE L'IDENTIFICATION |
Class ControleUtilisateur extends JRestService { |
|
private function envoyerMessageNonAutorise() { |
header('HTTP/1.0 401 Unauthorized'); |
echo 'Accès interdit'; |
exit(0); |
} |
|
private function envoyerAuth($message_accueil, $message_echec) { |
header('HTTP/1.0 401 Unauthorized'); |
header('WWW-Authenticate: Basic realm="www.obs-saisons.fr"'); |
48,7 → 54,7 |
$identifiant = $this->getAuthIdentifiant(); |
$mdp = md5($this->getAuthMotDePasse()); |
|
$requete = 'SELECT COUNT(*) as existe FROM ods_redesign.drupal_users du '. |
$requete = 'SELECT COUNT(*) as existe FROM drupal_users du '. |
'WHERE name = '.$this->proteger($identifiant).' '. |
'AND pass = '.$this->proteger($mdp); |
|
73,5 → 79,14 |
$autorisation = (!empty($existe) && $existe[0]['existe'] > 0) ? true :false; |
return $autorisation; |
} |
|
public function controleAppelIpAutorisee() { |
$ips_autorisees = explode(',', $this->config['jrest_admin']['ip_autorisees']); |
$ip_appelante = $_SERVER['REMOTE_ADDR']; |
if(!in_array($ip_appelante, $ips_autorisees) && $ip_appelante != $SERVER['SERVER_ADDR']) { |
$this->envoyerMessageNonAutorise(); |
} |
return true; |
} |
} |
?> |