Overview
Authenticate against a file generated by htpasswd.
Format for each line is "username:hashedpassword\n";
Automatically checks against DES, SHA, and apr1-MD5.
SECURITY NOTE: Default DES encryption will only check up to the first 8 characters of a password; chars after 8 are ignored. This means that if the real password is "atechars", the word "atecharsnine" would be valid. This is bad. As a workaround, if the password provided by the user is longer than 8 characters, and DES encryption is being used, this class will not validate it.
Configuration Keys
expire: Authentication lifetime in seconds; zero is forever. Default is 14400 (4 hours). If this value is greater than the non-zero PHP ini setting forsession.cookie_lifetime, it will throw an exception.idle: Maximum allowed idle time in seconds; zero is forever. Default is 1440 (24 minutes). If this value is greater than the the PHP ini setting forsession.gc_maxlifetime, it will throw an exception.allow: Whether or not to allow automatic login/logout at start() time. Default true.cache: A Solar_Cache dependency to store user data. Default is to create a Solar_Cache_Adapter_Session object internal to this instance.source: The source for auth credentials, 'get' (via the for GET request vars) or 'post' (via the POST request vars). Default is 'post'.source_handle: Username key in the credential array source, default 'handle'.source_passwd: Password key in the credential array source, default 'passwd'.source_redirect: Element key in the credential array source to indicate where to redirect on successful login or logout, default 'redirect'.source_process: Element key in the credential array source to indicate how to process the request, default 'process'.process_login: The source_process element value indicating a login request; default is the 'PROCESS_LOGIN' locale key value.process_logout: The source_process element value indicating a logout request; default is the 'PROCESS_LOGOUT' locale key value.login_callback: A callback to execute as part of the login process, whether or not login was successful.logout_callback: A callback to execute as part of the logout process.file: Path to password file.
Constants
None.
Public Properties
These are all the public properties in the Solar_Auth_Adapter_Htpasswd class.
You can also view the list of all public, protected, and private properties.
-
$allow -
Whether or not to allow automatic login/logout at start() time.
Public Methods
These are all the public methods in the Solar_Auth_Adapter_Htpasswd class.
You can also view the list of all public, protected, and private methods.
-
__construct() -
Constructor.
-
__destruct() -
Default destructor; does nothing other than provide a safe fallback for calls to parent::__destruct().
-
__get() -
Magic get for pseudo-public properties as defined by Solar_Auth_Adapter::$_magic.
-
__set() -
Magic set for pseudo-public properties as defined by Solar_Auth_Adapter::$_magic.
-
dump() -
Convenience method for getting a dump the whole object, or one of its properties, or an external variable.
-
getStatusText() -
Retrieve the status text from the cache and then deletes it, making it act like a read-once session flash value.
-
isAllowed() -
Tells whether authentication processing is allowed.
-
isLoginRequest() -
Tells if the current page load appears to be the result of an attempt to log in.
-
isLogoutRequest() -
Tells if the current page load appears to be the result of an attempt to log out.
-
isValid() -
Tells whether the current authentication is valid.
-
locale() -
Looks up class-specific locale strings based on a key.
-
processLogin() -
Processes login attempts and sets user credentials.
-
processLogout() -
Processes logout attempts.
-
reset() -
Resets any authentication data in the cache.
-
start() -
Starts authentication.
-
updateIdleExpire() -
Updates idle and expire times, invalidating authentication if they are exceeded.