WebFaction
Community site: login faq

First, thank you in advance for any insight or help moving in the right direction.

I'm finishing a buildout of an EE 2.7.2 site on Webfaction and have run into a wall trying to get HTTP Authentication to work for one of my templates. The authentication window appears as expected, but the credentials are not accepted. Basic HTTP Authentication, I know, is not an option because of the CGI/SuEXEC environment, and I'm trying to follow the recommendation identified here:

http://community.webfaction.com/questions/7249/is-possible-http-authentication-with-php

For the life of me I cannot get it working with EE templates. I can, however, get it to work outside of EE's templates so my sense is that it may have something to do with my htaccess RewriteRule.

This is an example of the URL I'm trying to force authentication on:

http://domain.com/testing/test

Here is what I have in .htaccess:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond $1 !\.(gif|jpe?g|png)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]

RewriteCond %{HTTP:Authorization} ^Basic.*
RewriteRule ^testing/test$ test?Authorization=%{HTTP:Authorization} [QSA,L]
</IfModule>

And here is what I have in my template (PHP enabled, of course):

$authorized = false;

if (isset($_GET['Authorization'])) {
    // Check for the HTTP authentication string in $_GET['Authorization'],
    // and put it in the $auth variable
    if (preg_match('/Basic\s+(.*)$/i', $_GET['Authorization'], $auth)) {
        // Split the string, base64 decode it, and place the values into
        // the $authName and $authPassword variables
        list($authName, $authPassword) = explode(':', base64_decode($auth[1]));
        // Check the values of $authName and $authPass using your login routine
        // (in this example, we'll just assume that the login check was successful)
        //if (do_some_sort_of_login_check($authName, $authPassword)) {
          if($authName == "test" && $authPassword == "test") {
            $authorized = true;
          }
        //}
    }
}

if ($authorized) {
    // Success!  Display your content
    echo "success! hello, ".$authName;
} else {
    // Force the browser to prompt for a username and password
    header('WWW-Authenticate: Basic realm="name of your realm"');
    header('HTTP/1.0 401 Unauthorized');
    echo "authorization failed";
}

Could anyone help me get moving in the right direction?

Cheers.

asked 23 Nov '13, 09:33

cliquenoir
114
accept rate: 0%

edited 23 Nov '13, 09:35


I would try to add some verbosity to the if statements, such as an echo or print to a log file, to determine if the header is being set and which if statement is failing. If the header is not being set send us a support ticket with the full path to the failing code and a working URL we can test in real-time so we can further investigate.

permanent link

answered 26 Nov '13, 17:31

johns
5.4k312
accept rate: 23%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×31
×28
×4

question asked: 23 Nov '13, 09:33

question was seen: 2,606 times

last updated: 26 Nov '13, 17:31

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2020 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM