Skip to content

Commit

Permalink
Setup BASIC auth for sensitive admin pages
Browse files Browse the repository at this point in the history
  • Loading branch information
mchung committed Feb 2, 2013
1 parent bc9b266 commit a872a48
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 3 deletions.
20 changes: 17 additions & 3 deletions setup/apc.conf.php
Original file line number Diff line number Diff line change
@@ -1,8 +1,22 @@
<?php
defaults('USE_AUTHENTICATION', 0);
defaults("USE_AUTHENTICATION", 0);

if (getenv('ENABLE_APC') != 'true') {
header('HTTP/1.0 403 Forbidden');
if (getenv("ENABLE_SYSTEM_ACCESS") != "true") {
header("HTTP/1.0 403 Forbidden");
exit();
}

if (getenv("SYSTEM_USERNAME") == "" || getenv("SYSTEM_PASSWORD") == "") {
header("HTTP/1.0 403 Forbidden");
exit();
}

if ($_SERVER["PHP_AUTH_USER"] == getenv("SYSTEM_USERNAME") &&
$_SERVER["PHP_AUTH_PW"] == getenv("SYSTEM_PASSWORD")) {
# Show page
} else {
header("WWW-Authenticate: Basic realm='System access'");
header("HTTP/1.0 401 Unauthorized");
print "Access denied!\n";
}
?>
20 changes: 20 additions & 0 deletions setup/phpinfo.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
<?php
if (getenv("ENABLE_SYSTEM_ACCESS") != "true") {
header("HTTP/1.0 403 Forbidden");
exit();
}

if (getenv("SYSTEM_USERNAME") == "" || getenv("SYSTEM_PASSWORD") == "") {
header("HTTP/1.0 403 Forbidden");
exit();
}

if ($_SERVER["PHP_AUTH_USER"] == getenv("SYSTEM_USERNAME") &&
$_SERVER["PHP_AUTH_PW"] == getenv("SYSTEM_PASSWORD")) {
phpinfo();
} else {
header("WWW-Authenticate: Basic realm='System access'");
header("HTTP/1.0 401 Unauthorized");
print "Access denied!\n";
}
?>

0 comments on commit a872a48

Please sign in to comment.