2 // restrict usage, based on drupal db
4 require_once($conf['drupal_site_config']);
6 // bad user, no cookie.
7 function auth_norights($message = 'You need to be logged in to use this site.')
10 header('WWW-Authenticate: Basic realm="'.$conf['app_title'].'"');
11 header('HTTP/1.0 401 Unauthorized');
16 // your auth function should get the user/pass for itself ($_REQUEST, $_SERVER['PHP_AUTH_USER'], etc)
17 // and should do the denying itself (die(), maybe a redirect to a registration page, etc)
19 // only this function will be called, with no arguments.
23 global $db_url, $db_prefix;
24 @$login_user = $_SERVER['PHP_AUTH_USER'];
25 @$login_pass = $_SERVER['PHP_AUTH_PW'];
27 if (empty($login_user)){
31 // parse drupal connect string
32 preg_match_all("|(.+)://(.+)@(.+)/(.+)|", $db_url, $out);
40 $u = explode(':',$user);
51 $dbh = new PDO("$type:host=$host;dbname=$db", $user, $passwd);
52 $sth = $dbh->prepare("SELECT * FROM {$db_prefix}users WHERE name=? AND pass=?");
53 $sth->execute(array($login_user, md5($login_pass)));
54 $users = $sth->fetchAll();
58 } catch (Exception
$e) {
59 auth_norights('A database exception occured!');