/usr/share/php/Sabre/HTTP/BasicAuth.php is in php-sabre-dav 1.8.10-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 | <?php
namespace Sabre\HTTP;
/**
* HTTP Basic Authentication handler
*
* Use this class for easy http authentication setup
*
* @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/).
* @author Evert Pot (http://evertpot.com/)
* @license http://sabre.io/license/ Modified BSD License
*/
class BasicAuth extends AbstractAuth {
/**
* Returns the supplied username and password.
*
* The returned array has two values:
* * 0 - username
* * 1 - password
*
* If nothing was supplied, 'false' will be returned
*
* @return mixed
*/
public function getUserPass() {
// Apache and mod_php
if (($user = $this->httpRequest->getRawServerValue('PHP_AUTH_USER')) && ($pass = $this->httpRequest->getRawServerValue('PHP_AUTH_PW'))) {
return array($user,$pass);
}
// Most other webservers
$auth = $this->httpRequest->getHeader('Authorization');
// Apache could prefix environment variables with REDIRECT_ when urls
// are passed through mod_rewrite
if (!$auth) {
$auth = $this->httpRequest->getRawServerValue('REDIRECT_HTTP_AUTHORIZATION');
}
if (!$auth) return false;
if (strpos(strtolower($auth),'basic')!==0) return false;
return explode(':', base64_decode(substr($auth, 6)),2);
}
/**
* Returns an HTTP 401 header, forcing login
*
* This should be called when username and password are incorrect, or not supplied at all
*
* @return void
*/
public function requireLogin() {
$this->httpResponse->setHeader('WWW-Authenticate','Basic realm="' . $this->realm . '"');
$this->httpResponse->sendStatus(401);
}
}
|