137 lines
3.2 KiB
PHP
Executable File
137 lines
3.2 KiB
PHP
Executable File
<?php
|
|
|
|
/**
|
|
* Authentication class
|
|
*
|
|
* @description Basic HTTP authentication class for RaspAP
|
|
* @author Bill Zimmerman <billzimmerman@gmail.com>
|
|
* @license https://github.com/raspap/raspap-webgui/blob/master/LICENSE
|
|
* @see https://www.php.net/manual/en/features.http-auth.php
|
|
*/
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace RaspAP\Auth;
|
|
|
|
class HTTPAuth
|
|
{
|
|
|
|
/**
|
|
* @var string $realm
|
|
*/
|
|
public $realm = 'Authentication Required';
|
|
|
|
/**
|
|
* Stored login credentials
|
|
* @var array $auth_config
|
|
*/
|
|
protected $auth_config;
|
|
|
|
/**
|
|
* Default login credentials
|
|
* @var array $auth_default
|
|
*/
|
|
private $auth_default = array(
|
|
'admin_user' => 'admin',
|
|
'admin_pass' => '$2y$10$YKIyWAmnQLtiJAy6QgHQ.eCpY4m.HCEbiHaTgN6.acNC6bDElzt.i'
|
|
);
|
|
|
|
// Constructor
|
|
public function __construct()
|
|
{
|
|
$this->auth_config = $this->getAuthConfig();
|
|
}
|
|
|
|
/*
|
|
* Determines if user is logged in
|
|
* return boolean
|
|
*/
|
|
public function isLogged()
|
|
{
|
|
return isset($_SESSION['user_id']);
|
|
}
|
|
|
|
/*
|
|
* Authenticate a user using HTTP basic auth
|
|
*/
|
|
public function authenticate()
|
|
{
|
|
if (!$this->isLogged()) {
|
|
header('HTTP/1.0 401 Unauthorized');
|
|
header('WWW-Authenticate: Basic realm="'.$this->realm.'"');
|
|
if (function_exists('http_response_code')) {
|
|
// http_response_code will respond with proper HTTP version
|
|
http_response_code(401);
|
|
} else {
|
|
header('HTTP/1.0 401 Unauthorized');
|
|
}
|
|
exit('Not authorized'.PHP_EOL);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Attempt to login a user with supplied credentials
|
|
* @var string $user
|
|
* @var string $pass
|
|
* return boolean
|
|
*/
|
|
public function login(string $user, string $pass)
|
|
{
|
|
if ($this->isValidCredentials($user, $pass)) {
|
|
$_SESSION['user_id'] = $user;
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/*
|
|
* Gets the current authentication config
|
|
* return array $config
|
|
*/
|
|
public function getAuthConfig()
|
|
{
|
|
$config = $this->auth_default;
|
|
|
|
if (file_exists(RASPI_CONFIG . '/raspap.auth')) {
|
|
if ($auth_details = fopen(RASPI_CONFIG . '/raspap.auth', 'r')) {
|
|
$config['admin_user'] = trim(fgets($auth_details));
|
|
$config['admin_pass'] = trim(fgets($auth_details));
|
|
fclose($auth_details);
|
|
}
|
|
}
|
|
return $config;
|
|
}
|
|
|
|
/*
|
|
* Validates a set of credentials
|
|
* @var string $user
|
|
* @var string $pass
|
|
* return boolean
|
|
*/
|
|
protected function isValidCredentials(string $user, string $pass)
|
|
{
|
|
return $this->validateUser($user) && $this->validatePassword($pass);
|
|
}
|
|
|
|
/**
|
|
* Validates a user
|
|
*
|
|
* @param string $user
|
|
*/
|
|
protected function validateUser(string $user)
|
|
{
|
|
return $user == $this->auth_config['admin_user'];
|
|
}
|
|
|
|
/**
|
|
* Validates a password
|
|
*
|
|
* @param string $pass
|
|
*/
|
|
protected function validatePassword(string $pass)
|
|
{
|
|
return password_verify($pass, $this->auth_config['admin_pass']);
|
|
}
|
|
|
|
}
|