2 /////////////////////////////////////////////////
3 // PukiWiki - Yet another WikiWikiWeb clone.
5 // $Id: auth.php,v 1.3 2003/12/02 09:31:18 arino Exp $
8 // ÊÔ½¸ÉÔ²Äǽ¤Ê¥Ú¡¼¥¸¤òÊÔ½¸¤·¤è¤¦¤È¤·¤¿¤È¤
9 function check_editable($page,$auth_flag=TRUE,$exit_flag=TRUE)
11 global $script,$_title_cannotedit,$_msg_unfreeze;
13 if (edit_auth($page,$auth_flag,$exit_flag) and is_editable($page))
21 $body = $title = str_replace('$1',htmlspecialchars(strip_bracket($page)),$_title_cannotedit);
24 $body .= "(<a href=\"$script?cmd=unfreeze&page=".
25 rawurlencode($page)."\">$_msg_unfreeze</a>)";
28 $page = str_replace('$1',make_search($page),$_title_cannotedit);
30 catbody($title,$page,$body);
34 // ±ÜÍ÷ÉÔ²Äǽ¤Ê¥Ú¡¼¥¸¤ò±ÜÍ÷¤·¤è¤¦¤È¤·¤¿¤È¤ (¡©)
35 function check_readable($page,$auth_flag=TRUE,$exit_flag=TRUE)
37 return read_auth($page,$auth_flag,$exit_flag);
41 function edit_auth($page,$auth_flag=TRUE,$exit_flag=TRUE)
43 global $edit_auth,$edit_auth_pages,$_title_cannotedit;
45 // ÊÔ½¸Ç§¾Ú¥Õ¥é¥°¤ò¥Á¥§¥Ã¥¯
47 basic_auth($page,$auth_flag,$exit_flag,$edit_auth_pages,$_title_cannotedit) : TRUE;
51 function read_auth($page,$auth_flag=TRUE,$exit_flag=TRUE)
53 global $read_auth,$read_auth_pages,$_title_cannotread;
55 // ±ÜÍ÷ǧ¾Ú¥Õ¥é¥°¤ò¥Á¥§¥Ã¥¯
57 basic_auth($page,$auth_flag,$exit_flag,$read_auth_pages,$_title_cannotread) : TRUE;
61 function basic_auth($page,$auth_flag,$exit_flag,$auth_pages,$title_cannot)
63 global $auth_users,$auth_method_type;
66 // ǧ¾ÚÍ×ÈÝȽÃÇÂоÝʸ»úÎó¤ò¼èÆÀ¤¹¤ë
68 // ¥Ú¡¼¥¸Ì¾¤Ç¥Á¥§¥Ã¥¯¤¹¤ë¾ì¹ç
69 if ($auth_method_type == 'pagename')
73 // ¥Ú¡¼¥¸Æâ¤Îʸ»úÎó¤Ç¥Á¥§¥Ã¥¯¤¹¤ë¾ì¹ç
74 else if ($auth_method_type == 'contents')
76 $target_str = join('',get_source($page));
78 // ¹çÃפ·¤¿¥Ñ¥¿¡¼¥ó¤ÇÄêµÁ¤µ¤ì¤¿¥æ¡¼¥¶¤Î¥ê¥¹¥È
80 foreach($auth_pages as $key=>$val)
82 if (preg_match($key,$target_str))
84 $user_list = array_merge($user_list,explode(',',$val));
87 if (count($user_list) == 0)
92 // PHP_AUTH* ÊÑ¿ô¤¬Ì¤ÄêµÁ¤Î¾ì¹ç
93 if (!isset($_SERVER['PHP_AUTH_USER'])
94 and !isset($_SERVER ['PHP_AUTH_PW'])
95 and isset($_SERVER['HTTP_AUTHORIZATION'])
96 and preg_match('/^Basic (.*)$/', $_SERVER['HTTP_AUTHORIZATION'],$matches))
98 // HTTP_AUTHORIZATION ÊÑ¿ô¤ò»ÈÍѤ·¤¿ Basic ǧ¾Ú
99 list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode($matches[1]));
101 // ¥æ¡¼¥¶¥ê¥¹¥È¤Ë´Þ¤Þ¤ì¤ë¤¤¤º¤ì¤«¤Î¥æ¡¼¥¶¤Èǧ¾Ú¤µ¤ì¤ì¤ÐOK
102 if (!isset($_SERVER['PHP_AUTH_USER'])
103 or !in_array($_SERVER['PHP_AUTH_USER'],$user_list)
104 or !array_key_exists($_SERVER['PHP_AUTH_USER'],$auth_users)
105 or $auth_users[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])
109 header('WWW-Authenticate: Basic realm="'.$_msg_auth.'"');
110 header('HTTP/1.0 401 Unauthorized');
114 $body = $title = str_replace('$1',htmlspecialchars(strip_bracket($page)),$title_cannot);
115 $page = str_replace('$1',make_search($page),$title_cannot);
116 catbody($title,$page,$body);