Created
October 29, 2018 02:23
-
-
Save BananaAcid/401d27f41adbabd8648508799d8869e4 to your computer and use it in GitHub Desktop.
simple basic auth for gateway index.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| in case you got a server config, that routes all calls through this index.php | |
| will not protect files, except you check the header with the server and re route to this script for validation. | |
| ... used this on IIS server. Apache, Nginx, Lightttpd, ... have simple onboard means. | |
| */ | |
| // simple auth | |
| @session_start(); | |
| if ( !@$_SESSIOM['authed'] && !(@$_SERVER['PHP_AUTH_USER'] == 'admin' && @$_SERVER['PHP_AUTH_PW'] == 'password')) { | |
| header('WWW-Authenticate: Basic realm="Log in"'); | |
| header('HTTP/1.0 401 Unauthorized'); | |
| echo 'Sorry, you must authorize yourself.'; | |
| exit; | |
| } else { | |
| if (@$_SERVER['PHP_AUTH_USER']) | |
| $_SESSIOM['authed'] = true; | |
| } | |
| // ... regular stuff |
Author
BananaAcid
commented
Feb 10, 2019
- if you destroy the session, the user has to re-authorize! This is by purpose.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment