You are here

function shield_boot in Shield 6

Same name and namespace in other branches
  1. 7 shield.module \shield_boot()

Implementation of hook_boot().

File

./shield.module, line 83
Functions for shield module

Code

function shield_boot() {
  $user = variable_get('shield_user', '');
  if (!$user) {
    return;
  }

  // allow Drush to bypass Shield
  if (php_sapi_name() == 'cli' && variable_get('shield_allow_cli', 1) == 1) {
    return;
  }
  $pass = variable_get('shield_pass', '');

  // handling CGI PHP calls, where there is no PHP_AUTH_USER and PHP_AUTH_PW
  // http://www.besthostratings.com/articles/http-auth-php-cgi.html
  if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
    list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
  }
  if (!empty($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_USER'] == $user && $_SERVER['PHP_AUTH_PW'] == $pass) {
    return;
  }
  $print = variable_get('shield_print', 'Hello, user: [user], pass: [pass]!');
  header(sprintf('WWW-Authenticate: Basic realm="%s"', strtr($print, array(
    '[user]' => $user,
    '[pass]' => $pass,
  ))));
  header('HTTP/1.0 401 Unauthorized');
  exit;
}