Overview

Authenticate against a file generated by htpasswd.

Format for each line is "username:hashedpassword\n";

Automatically checks against DES, SHA, and apr1-MD5.

SECURITY NOTE: Default DES encryption will only check up to the first 8 characters of a password; chars after 8 are ignored. This means that if the real password is "atechars", the word "atecharsnine" would be valid. This is bad. As a workaround, if the password provided by the user is longer than 8 characters, and DES encryption is being used, this class will not validate it.

Package

This class is part of the Solar_Auth package.

Inheritance:

Configuration Keys

  • expire: Authentication lifetime in seconds; zero is forever. Default is 14400 (4 hours). If this value is greater than the non-zero PHP ini setting for session.cookie_lifetime, it will throw an exception.

  • idle: Maximum allowed idle time in seconds; zero is forever. Default is 1440 (24 minutes). If this value is greater than the the PHP ini setting for session.gc_maxlifetime, it will throw an exception.

  • allow: Whether or not to allow automatic login/logout at start() time. Default true.

  • cache: A Solar_Cache dependency to store user data. Default is to create a Solar_Cache_Adapter_Session object internal to this instance.

  • source: The source for auth credentials, 'get' (via the for GET request vars) or 'post' (via the POST request vars). Default is 'post'.

  • source_handle: Username key in the credential array source, default 'handle'.

  • source_passwd: Password key in the credential array source, default 'passwd'.

  • source_redirect: Element key in the credential array source to indicate where to redirect on successful login or logout, default 'redirect'.

  • source_process: Element key in the credential array source to indicate how to process the request, default 'process'.

  • process_login: The source_process element value indicating a login request; default is the 'PROCESS_LOGIN' locale key value.

  • process_logout: The source_process element value indicating a logout request; default is the 'PROCESS_LOGOUT' locale key value.

  • login_callback: A callback to execute as part of the login process, whether or not login was successful.

  • logout_callback: A callback to execute as part of the logout process.

  • file: Path to password file.

Constants

None.

Public Properties

These are all the public properties in the Solar_Auth_Adapter_Htpasswd class.

You can also view the list of all public, protected, and private properties.

$allow

Whether or not to allow automatic login/logout at start() time.

Public Methods

These are all the public methods in the Solar_Auth_Adapter_Htpasswd class.

You can also view the list of all public, protected, and private methods.

__construct()

Constructor.

__destruct()

Default destructor; does nothing other than provide a safe fallback for calls to parent::__destruct().

__get()

Magic get for pseudo-public properties as defined by Solar_Auth_Adapter::$_magic.

__set()

Magic set for pseudo-public properties as defined by Solar_Auth_Adapter::$_magic.

dump()

Convenience method for getting a dump the whole object, or one of its properties, or an external variable.

getStatusText()

Retrieve the status text from the cache and then deletes it, making it act like a read-once session flash value.

isAllowed()

Tells whether authentication processing is allowed.

isLoginRequest()

Tells if the current page load appears to be the result of an attempt to log in.

isLogoutRequest()

Tells if the current page load appears to be the result of an attempt to log out.

isValid()

Tells whether the current authentication is valid.

locale()

Looks up class-specific locale strings based on a key.

processLogin()

Processes login attempts and sets user credentials.

processLogout()

Processes logout attempts.

reset()

Resets any authentication data in the cache.

start()

Starts authentication.

updateIdleExpire()

Updates idle and expire times, invalidating authentication if they are exceeded.



Local