inc/auth_drupal_user.php

   1 <?php
   2 /** @file
   3  * Restrict usage, based on drupal db.
   4  * @author David Konsumer <konsumer@jetboystudio.com>
   5  */
   6
   7 require_once($conf['drupal_site_config']);
   8
   9 // bad user, no cookie.
  10 function auth_norights($message = 'You need to be logged in to use this site.')
  11 {
  12         global $conf;
  13         header('WWW-Authenticate: Basic realm="'.$conf['app_title'].'"');
  14         header('HTTP/1.0 401 Unauthorized');
  15         die($message);
  16 }
  17
  18 // do authentication.
  19 // your auth function should get the user/pass for itself ($_REQUEST, $_SERVER['PHP_AUTH_USER'], etc)
  20 // and should do the denying itself (die(), maybe a redirect to a registration page, etc)
  21
  22 // only this function will be called, with no arguments.
  23 function auth_check()
  24 {
  25         global $conf;
  26         global $db_url, $db_prefix;
  27         @$login_user = $_SERVER['PHP_AUTH_USER'];
  28         @$login_pass = $_SERVER['PHP_AUTH_PW'];
  29
  30         if (empty($login_user)){
  31                 auth_norights();
  32         }
  33
  34         // parse drupal connect string
  35         preg_match_all("|(.+)://(.+)@(.+)/(.+)|", $db_url, $out);
  36
  37         $type = $out[1][0];
  38         $user = $out[2][0];
  39         $passwd = '';
  40         $host = $out[3][0];
  41         $db = $out[4][0];
  42
  43         $u = explode(':',$user);
  44         if (count($u)){
  45                 $user = $u[0];
  46                 @$passwd = $u[1];
  47         }
  48
  49         if($type =='mysqli'){
  50                 $type = 'mysql';
  51         }
  52
  53         try {
  54                 $dbh = new PDO("$type:host=$host;dbname=$db", $user, $passwd);
  55                 $sth = $dbh->prepare("SELECT * FROM {$db_prefix}users WHERE name=? AND pass=?");
  56                 $sth->execute(array($login_user, md5($login_pass)));
  57                 $users = $sth->fetchAll();
  58                 if (!count($users)){
  59                         auth_norights();
  60                 }
  61         } catch (Exception $e) {
  62                 auth_norights('A database exception occured!');
  63         }
  64
  65 }
  66