| 1 | <?php |
| 2 | |
| 3 | require_once 'db.php'; |
| 4 | |
| 5 | function check_auth() { |
| 6 | if (!isset($_SERVER['PHP_AUTH_USER'])) { |
| 7 | header('WWW-Authenticate: Basic realm="My Realm"'); |
| 8 | header('HTTP/1.0 401 Unauthorized'); |
| 9 | die("You hit cancel"); |
| 10 | } |
| 11 | $db = get_db(); |
| 12 | $authStmt = $db->prepare('select count(*) as count, username from users where username = :username AND password = :password;'); |
| 13 | $authStmt->bindValue(':username', $_SERVER['PHP_AUTH_USER']); |
| 14 | $authStmt->bindValue(':password', $_SERVER['PHP_AUTH_PW']); |
| 15 | $result = $authStmt->execute(); |
| 16 | if ($result->fetchArray()[0] != 1) { |
| 17 | unauthorized_die(); |
| 18 | } |
| 19 | return $_SERVER['PHP_AUTH_USER']; |
| 20 | } |
| 21 | |
| 22 | function unauthorized_die() { |
| 23 | header('Location: unauthorized.php'); |
| 24 | die('Unauthorized'); |
| 25 | } |
| 26 | |