Fixed hook & action calls.

[viewgit.git] / inc / auth_drupal_user.php

<?php
// restrict usage, based on drupal db

require_once($conf['drupal_site_config']);

// bad user, no cookie.
function auth_norights($message = 'You need to be logged in to use this site.')
{
        global $conf;
        header('WWW-Authenticate: Basic realm="'.$conf['app_title'].'"');
        header('HTTP/1.0 401 Unauthorized');
        die($message);
}

// do authentication.
// your auth function should get the user/pass for itself ($_REQUEST, $_SERVER['PHP_AUTH_USER'], etc)
// and should do the denying itself (die(), maybe a redirect to a registration page, etc)

// only this function will be called, with no arguments.
function auth_check()
{
        global $conf;
        global $db_url, $db_prefix;
        @$login_user = $_SERVER['PHP_AUTH_USER'];
        @$login_pass = $_SERVER['PHP_AUTH_PW'];

        if (empty($login_user)){
                auth_norights();
        }

        // parse drupal connect string
        preg_match_all("|(.+)://(.+)@(.+)/(.+)|", $db_url, $out);

        $type = $out[1][0];
        $user = $out[2][0];
        $passwd = '';
        $host = $out[3][0];
        $db = $out[4][0];

        $u = explode(':',$user);
        if (count($u)){
                $user = $u[0];
                @$passwd = $u[1];
        }

        if($type =='mysqli'){
                $type = 'mysql';
        }

        try {
                $dbh = new PDO("$type:host=$host;dbname=$db", $user, $passwd);
                $sth = $dbh->prepare("SELECT * FROM {$db_prefix}users WHERE name=? AND pass=?");
                $sth->execute(array($login_user, md5($login_pass)));
                $users = $sth->fetchAll();
                if (!count($users)){
                        auth_norights();
                }
        } catch (Exception $e) {
                auth_norights('A database exception occured!');
        }

}