identification-fake-apache-authentication.php

<?php
/* fake htaccess authentication 
Fred Radeff (aka FR), radeff@akademia.ch, www.akademia.ch, 21.02.2007
adapted from: http://www.grappa.univ-lille3.fr/polys/reseaux-2004/reseaux020.html

note:
if you want to keep a trace of the logins, put a file login.txt
in the same directory, which will be writable by the webserver or chmod 777
and uncomment lines after "//authentication ok, keep a trace in file login.txt"
*/

/*restricted user list (login/password) */
$liste=array(
"toto/toto",
"mao.zedong@china.com/manifest",
"fred/fred"
);
  #create table from array $liste
    for ($i=0;$i<count($liste);$i++) {
      $l=explode("/",trim($liste[$i]));
      $user[$i]=$l[0]; 
      $pass[$i]=$l[1]; 
    }
    $nbusers=count($liste);
    //check ID
    $ok=-1; //start with no ID
    for ($i=0;$i<$nbusers;$i++) {
      if (($_SERVER['PHP_AUTH_USER']==$user[$i]) && ($_SERVER['PHP_AUTH_PW']==$pass[$i])) {
        //USER ok, keep id
        $ok=$i;
      }
    }
 //if check KO, $ok is still -1
    //ask login+password
    if ($ok==-1) {
	header("WWW-Authenticate: Basic realm='Restricted Area'");
	print("<H1>Authorization Required</H1>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.<hr>");
	exit;      
    }
    //authentication ok, keep a trace in file login.txt
//uncomment if you want to keep a trace
/*	$filename = 'login.txt';
if (!$handle = fopen($filename, 'a')) {
         echo "Impossible d'ouvrir le fichier ($filename)";
         exit;
   }
	$somecontent = $_SERVER['PHP_AUTH_USER'] .";" .date("Y-m-d h:i:s") ."\n";
	fwrite($handle, $somecontent);
	fclose($handle);
*/
/*OK end authentication */

?>