<?php /** @file * Restrict usage, based on drupal db. * @author David Konsumer <konsumer@jetboystudio.com> */ require_once($conf['drupal_site_config']); // bad user, no cookie. function auth_norights($message = 'You need to be logged in to use this site.') { global $conf; header('WWW-Authenticate: Basic realm="'.$conf['app_title'].'"'); header('HTTP/1.0 401 Unauthorized'); die($message); } // do authentication. // your auth function should get the user/pass for itself ($_REQUEST, $_SERVER['PHP_AUTH_USER'], etc) // and should do the denying itself (die(), maybe a redirect to a registration page, etc) // only this function will be called, with no arguments. function auth_check() { global $conf; global $db_url, $db_prefix; @$login_user = $_SERVER['PHP_AUTH_USER']; @$login_pass = $_SERVER['PHP_AUTH_PW']; if (empty($login_user)){ auth_norights(); } // parse drupal connect string preg_match_all("|(.+)://(.+)@(.+)/(.+)|", $db_url, $out); $type = $out[1][0]; $user = $out[2][0]; $passwd = ''; $host = $out[3][0]; $db = $out[4][0]; $u = explode(':',$user); if (count($u)){ $user = $u[0]; @$passwd = $u[1]; } if($type =='mysqli'){ $type = 'mysql'; } try { $dbh = new PDO("$type:host=$host;dbname=$db", $user, $passwd); $sth = $dbh->prepare("SELECT * FROM {$db_prefix}users WHERE name=? AND pass=?"); $sth->execute(array($login_user, md5($login_pass))); $users = $sth->fetchAll(); if (!count($users)){ auth_norights(); } } catch (Exception $e) { auth_norights('A database exception occured!'); } }