PHP Classes
elePHPant
Icontem

File: radius.www.authenticate.php

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Classes of André Liechti  >  Pure PHP radius class  >  radius.www.authenticate.php  >  Download  
File: radius.www.authenticate.php
Role: Application script
Content type: text/plain
Description: Additional file to implement WWW Authentication using a Radius server
Class: Pure PHP radius class
Authenticate users with a RADIUS server
Author: By
Last change:
Date: 7 years ago
Size: 5,176 bytes
 

Contents

Class file image Download
<?php

/*********************************************************************
 *
 * Pure PHP radius class, WWW Authentication file to be required
 *
 * This file must be required before displaying any protected page.
 * This file should be prepended automatically using the
 * PHP auto_prepend_file directive in a .htaccess file.
 *
 *
 * LICENCE
 *
 * Copyright (c) 2008, SysCo systèmes de communication sa
 * SysCo (tm) is a trademark of SysCo systèmes de communication sa
 * (http://www.sysco.ch/)
 * All rights reserved.
 *
 * This file is part of the Pure PHP radius class
 *
 * Pure PHP radius class is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation, either version 3 of the License,
 * or (at your option) any later version.
 *
 * Pure PHP radius class is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with Pure PHP radius class.
 * If not, see <http://www.gnu.org/licenses/>.
 *
 *
 * @author: SysCo/al
 * @since CreationDate: 2008-01-06
 * @copyright (c) 2008 by SysCo systèmes de communication sa
 * @version $LastChangedRevision: 1.0 $
 * @version $LastChangedDate: 2008-01-07 $
 * @version $LastChangedBy: SysCo/al $
 * @link $HeadURL: radius.www.authenticate.php $
 * @link http://developer.sysco.ch/php/
 * @link developer@sysco.ch
 * Language: PHP 4.0.7 or higher
 *
 *
 * Usage
 *
 * require_once("radius.www.authenticate.php");
 * echo "User <strong>".$_SERVER['PHP_AUTH_USER']."</strong> authenticated.";
 *
 *
 * External file needed
 *
 * radius.class.php
 *
 *
 * External file created
 *
 * none.
 *
 *
 * Change Log
 *
 * 2008-01-07 1.0 SysCo/al Initial release
 *
 *********************************************************************/


require_once('radius.class.php');

function
authenticate_and_cache($ip_radius_server, $shared_secret, $username, $password, $timeout = 900)
{
   
$result = FALSE;
   
   
$cache_unique_id = (isset($_SESSION["authentication_unique_id"])?$_SESSION["authentication_unique_id"]:'');
   
    if (
'' != $cache_unique_id)
    {
       
$cache_timestamp = $_SESSION[$cache_unique_id."_authentication_timestamp"];
       
$cache_remote_addr = $_SESSION[$cache_unique_id."_authentication_remote_addr"];
       
$cache_username = $_SESSION[$cache_unique_id."_authentication_username"];
    }

    if ((
0 == $cache_timestamp) ||
        (
time() > ($cache_timestamp + $timeout)) ||
        (
$cache_remote_addr != $_SERVER['REMOTE_ADDR']) ||
        (
$cache_username != $username))
    {
       
$radius = new Radius($ip_radius_server, $shared_secret);
       
$radius->SetDebugMode($php_debug_mode);
       
$result = $radius->AccessRequest($username, $password);
        if (
TRUE == $result)
        {
            if (
'' == $cache_unique_id)
            {
               
$cache_unique_id = md5(uniqid(rand(), true));
            }
           
$_SESSION["authentication_unique_id"] = $cache_unique_id;
           
$_SESSION[$cache_unique_id."_authentication_timestamp"] = time();
           
$_SESSION[$cache_unique_id."_authentication_remote_addr"] = $_SERVER['REMOTE_ADDR'];
           
$_SESSION[$cache_unique_id."_authentication_username"] = $username;
        }
        else
        {
           
$_SESSION["authentication_unique_id"] = '';
        }
    }
    else
    {
       
$_SESSION[$cache_unique_id."_authentication_timestamp"] = time();
       
$result = TRUE;
    }
    return
$result;
}

// Start session if not already done
if ('' == session_id())
{
   
session_start();
}

$php_auth_user = $_SERVER['PHP_AUTH_USER'];
$php_auth_pw = $_SERVER['PHP_AUTH_PW'];
$php_auth_realm = (isset($custom_auth_realm)?$custom_auth_realm:$_SERVER["SERVER_NAME"]);
$php_auth_timeout = (isset($custom_auth_timeout)?$custom_auth_timeout:(15*60));
$php_ip_radius_server = (isset($custom_ip_radius_server)?$custom_ip_radius_server:'');
$php_shared_secret = (isset($custom_shared_secret)?$custom_shared_secret:'');
$php_debug_mode = (isset($custom_debug_mode)?(TRUE === $custom_debug_mode):FALSE);

if ((
'' == $php_auth_user) || (!authenticate_and_cache($php_ip_radius_server, $php_shared_secret, $php_auth_user, $php_auth_pw, $php_auth_timeout)))
{
   
header("HTTP/1.0 401 Unauthorized");
   
header("WWW-Authenticate: Basic realm=\"".$php_auth_realm."\"");
    echo
"<html>";
    echo
"<head><title>401 Unauthorized access</title></head>";
    echo
"<body>";
    echo
"<h1>401 Unauthorized access</h1>";
    echo
"<br />";
    echo
"You must login using your username and your password.";
    echo
"</body>";
    echo
"</html>";
    exit;
}

?>