You are here

Home » API reference » RESTful 7.2 » Request.php » Request

protected static function Request::getCredentials in RESTful 7.2

Get the credentials based on the $_SERVER variables.

Return value

array A numeric array with the username and password.

2 calls to Request::getCredentials()
Request::getPassword in src/Http/Request.php
Returns the password.
Request::getUser in src/Http/Request.php
Returns the user.

File

src/Http/Request.php, line 448
Contains \Drupal\restful\Http\Request

Class

Request
Deals with everything coming from the consumer.

Namespace

Drupal\restful\Http

Code

protected static function getCredentials() {
  $username = empty($_SERVER['PHP_AUTH_USER']) ? NULL : $_SERVER['PHP_AUTH_USER'];
  $password = empty($_SERVER['PHP_AUTH_PW']) ? NULL : $_SERVER['PHP_AUTH_PW'];

  // Try to fill PHP_AUTH_USER & PHP_AUTH_PW with REDIRECT_HTTP_AUTHORIZATION
  // for compatibility with Apache PHP CGI/FastCGI.
  // This requires the following line in your ".htaccess"-File:
  // RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  $authorization_header = isset($_SERVER['HTTP_AUTHORIZATION']) ? $_SERVER['HTTP_AUTHORIZATION'] : NULL;
  $authorization_header = $authorization_header ?: (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) ? $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] : NULL);
  if (!empty($authorization_header) && !isset($username) && !isset($password)) {
    if (!($token = StringHelper::removePrefix('Basic ', $authorization_header))) {
      return NULL;
    }
    $authentication = base64_decode($token);
    list($username, $password) = explode(':', $authentication);
    $_SERVER['PHP_AUTH_USER'] = $username;
    $_SERVER['PHP_AUTH_PW'] = $password;
  }
  return array(
    $username,
    $password,
  );
}