Security


<INSERT_DOMAIN>

Your IP address is <?php InsertDomain(); ?>.

InsertDomain()

<?php //----------------------------------------------------- // InsertDomain() // - - - - - - - // Prints the IP address of the remote user. //----------------------------------------------------- function InsertDomain() { print $GLOBALS[REMOTE_ADDR]; } ?>

<SHOW_DOMAIN domain1 domain2 ...>

<?php if( ShowDomain("192.128.") ) { ?>
    
    Only members of 192.128.*.* get to see this text.
    
<?php } ?>

ShowDomain( domains )

<?php //----------------------------------------------------- // ShowDomain($domains) // - - - - - - - // Returns true if the specified domains match the // remote user's IP address. // // $domains - a string containing subdomains seperated // by spaces: "domain1 domain2 domain3 ..." //----------------------------------------------------- function ShowDomain( $domains ) { if( !is_array($domains) ) $domains = explode(" ",trim($domains)); $checkByName = (isset($GLOBALS[REMOTE_HOST]) && strcmp($GLOBALS[REMOTE_HOST],$GLOBALS[REMOTE_ADDR]) ); while( $domain = each($domains) ) { $d = trim($domain[value]); if( strlen($d) > 0 ) if( strcmp(substr($GLOBALS[REMOTE_ADDR],0,strlen($d)), $d ) == 0 || ($checkByName && stristr($GLOBALS[REMOTE_HOST],$d) ) ) return true; } return false; } ?>

<HIDE_DOMAIN domain1 domain2 ...>

<?php if( HideDomain("10. 192. yahoo") ) { ?>
    
    You can only see this text if your domain is not
    10.*.*.* or 192.*.*.* or if your domain does not
    contain yahoo.
    
<?php } ?>

HideDomain( domains )

<?php //----------------------------------------------------- // HideDomain($domains) // - - - - - - - // Returns false if the specified domains match the // remote user's IP address. // // $domains - a string containing subdomains seperated // by spaces: "domain1 domain2 domain3 ..." // // See:
ShowDomain() //----------------------------------------------------- function HideDomain( $domains ) { return !ShowDomain($domains); } ?>

<INSERT_USERNAME>

Hello <?php InsertUsername(); ?>!

RequestPassword() must be called before using username and password functions.

InsertUsername()

<?php //----------------------------------------------------- // InsertUsername() // - - - - - - - // Prints the username of the current user. // // See:
RequestPassword() //----------------------------------------------------- function InsertUsername() { print $GLOBALS[PHP_AUTH_USER]; } ?>

<SHOW_USERNAME user1 user2 ...>

<?php if( ShowUsername("John Jake") ) { ?>
    
    Only John and Jake see this.
    
<?php } ?>

RequestPassword() must be called before using username and password functions.

ShowUsername( users )

<?php //----------------------------------------------------- // ShowUsername($users) // - - - - - - - // Returns true if the current user's username is in // the list $users. // // $users - a string containing usernames seperated // by spaces: "user1 user2 user3 ...". // // See:
RequestPassword() //----------------------------------------------------- function ShowUsername( $users ) { if( !is_array($users) ) $users = explode(" ",trim($users)); while( $user = each($users) ) { $u = trim($user[value]); if( strlen($u) > 0 ) if( strcasecmp($GLOBALS[PHP_AUTH_USER], $u) == 0 ) return true; } return false; } ?>

<HIDE_USERNAME user1 user2 ...>

<?php if( HideUsername("Bob Frank") ) { ?>
    
    Bob and Frank don't get to see this.
    
<?php } ?>

HideUsername( users )

<?php //----------------------------------------------------- // HideUsername($users) // - - - - - - - // Returns false if the current user's username is in // the list $users. // // $users - a string containing usernames seperated // by spaces: "user1 user2 user3 ...". // // See:
ShowUsername() // RequestPassword() //----------------------------------------------------- function HideUsername( $users ) { return !ShowUsername($users); } ?>

<INSERT_PASSWORD>

Even though I shouldn't be telling,
your password is: <?php InsertPassword(); ?>.

RequestPassword() must be called before using username and password functions.

InsertPassword()

<?php //----------------------------------------------------- // InsertPassword() // - - - - - - - // Prints the password of the current user. // // See:
RequestPassword() //----------------------------------------------------- function InsertPassword() { print $GLOBALS[PHP_AUTH_PW]; } ?>

<SHOW_PASSWORD password1 password2 ...>

<?php if( ShowPassword("blah password") ) { ?>
    
    You've gotta be joking! What kind of password is that?
    
<?php } ?>

RequestPassword() must be called before using username and password functions.


ShowPassword( passwords )

<?php //----------------------------------------------------- // ShowPassword($passes) // - - - - - - - // Returns true if the password is in the list $passes. // // $passes - a string containing passwords seperated // by spaces: "password1 password2 ...". // // See:
RequestPassword() //----------------------------------------------------- function ShowPassword( $passes ) { if( !is_array($passes) ) $passes = explode(" ",trim($passes)); while( $pass = each($passes) ) { $p = trim($pass[value]); if( strlen($p) > 0 ) if( strcasecmp($GLOBALS[PHP_AUTH_PW], $p) == 0 ) return true; } return false; } ?>

<HIDE_PASSWORD password1 password2 ...>

<?php if( HidePassword("blah password") ) { ?>
    
    Nice password.
    
<?php } ?>

HidePassword( passwords )

<?php //----------------------------------------------------- // HidePassword($passes) // - - - - - - - // Returns false if the password is in the list $passes. // // $passes - a string containing passwords seperated // by spaces: "password1 password2 ...". // // See:
ShowPassword() // RequestPassword() //----------------------------------------------------- function HidePassword( $passes ) { return !ShowPassword($passes); } ?>

<REQUEST_PASSWORD "realm" "user1,pass1" "user2,pass2" ...>


Request a login. The page will only load if any of the user,pass combinations match.
This function must be called before any HTML code is sent.
<?php RequestPassword("PHP Server", "John,blah Jake,password"); ?>

RequestPassword( realm, passwords )

<?php //----------------------------------------------------- // RequestPassword($realm,$userpass) // - - - - - - - // Forms an authorization request. Will only allow // access to the page if the attempted user/pass // is defined in $userpass. // // $realm - a string displayed to the user when // entering the username and password: // 'Enter username for $realm at domain.' // // $userpass - a string containing usernames and // passwords seperated by spaces: // "user1,pass1 user2,pass2 ...". //----------------------------------------------------- function RequestPassword( $realm, $userpass ) { if( !is_array($userpass) ) $userpass = explode(" ",trim($userpass)); for( $i=0; isset($userpass[$i]); $i++ ) { list($user[$i],$pass[$i]) = explode(",",$userpass[$i]); } if( !isset($PHP_AUTH_USER) ) { $h = getAllHeaders(); $GLOBALS["PHP_AUTH_TYPE"] = strtok($h["Authorization"]," "); $GLOBALS["PHP_AUTH_USER"] = strtok(base64_decode(strtok("")),":"); $GLOBALS["PHP_AUTH_PW"] = strtok(""); } $match = false; for( $i = 0; !$match && isset($user[$i]); $i++ ) { $match = ( strcmp($GLOBALS["PHP_AUTH_USER"],$user[$i]) == 0 && strcmp($GLOBALS["PHP_AUTH_PW"] ,$pass[$i]) == 0 ); } if( !$match ) { Header("WWW-Authenticate: Basic realm=\"$realm\""); Header("HTTP/1.0 401 Unauthorized"); echo 'You do not have access to this page.<BR>'; exit; } } ?>