WebSVN – Sites.obs-saisons.fr – Diff – /trunk/applications/jrest/lib/ControleUtilisateur.php

 <?php
 //+----------------------------------------------------------------------------------------------------------------+
 // GESTION DE L'IDENTIFICATION
 Class ControleUtilisateur extends JRestService {
+	private function envoyerMessageNonAutorise() {
+		header('HTTP/1.0 401 Unauthorized');
+		echo 'Accès interdit';
+		exit(0);
+	}
 	private function envoyerAuth($message_accueil, $message_echec) {
 		header('HTTP/1.0 401 Unauthorized');
 		header('WWW-Authenticate: Basic realm="www.obs-saisons.fr"');
 		header('Content-type: text/plain; charset=UTF-8');
 	public function etreUtilisateurAutorise() {
 		$identifiant = $this->getAuthIdentifiant();
 		$mdp = md5($this->getAuthMotDePasse());
-		$requete = 'SELECT COUNT(*) as existe FROM ods_redesign.drupal_users du '.
+		$requete = 'SELECT COUNT(*) as existe FROM drupal_users du '.
 		           'WHERE name = '.$this->proteger($identifiant).' '.
 		$existe = $this->executerRequete($requete);
 		$autorisation = (!empty($existe) && $existe[0]['existe'] > 0) ? true :false;
 		return $autorisation;
+	}
+	public function controleAppelIpAutorisee() {
+		$ips_autorisees = explode(',', $this->config['jrest_admin']['ip_autorisees']);
+		$ip_appelante = $_SERVER['REMOTE_ADDR'];
+		if(!in_array($ip_appelante, $ips_autorisees) && $ip_appelante != $SERVER['SERVER_ADDR']) {
+			$this->envoyerMessageNonAutorise();
+		}
+		return true;
+	}
+}
 ?>

Subversion Repositories Sites.obs-saisons.fr