37 lines
936 B
PHP
37 lines
936 B
PHP
<?php
|
|
|
|
// uncomment the lines below when running in stand-alone mode:
|
|
|
|
// for token+session based authentication (see "login_token.html" + "login_token.php"):
|
|
|
|
/*
|
|
require 'auth.php';
|
|
$auth = new PHP_API_AUTH(array(
|
|
'secret'=>'someVeryLongPassPhraseChangeMe',
|
|
));
|
|
if ($auth->executeCommand()) exit(0);
|
|
if (empty($_SESSION['user']) || !$auth->hasValidCsrfToken()) {
|
|
header('HTTP/1.0 401 Unauthorized');
|
|
exit(0);
|
|
}
|
|
*/
|
|
|
|
// for form+session based authentication (see "login.html"):
|
|
|
|
require 'auth.php';
|
|
$auth = new PHP_API_AUTH(array(
|
|
'authenticator'=>function($user,$pass){ if ($user=='admin' && $pass=='admin') $_SESSION['user']=$user; }
|
|
));
|
|
if ($auth->executeCommand()) exit(0);
|
|
if (empty($_SESSION['user']) || !$auth->hasValidCsrfToken()) {
|
|
header('HTTP/1.0 401 Unauthorized');
|
|
exit(0);
|
|
}
|
|
|
|
// include your api code here:
|
|
//
|
|
// see: https://github.com/mevdschee/php-crud-api
|
|
//
|
|
// placeholder for testing:
|
|
// echo 'Access granted!';
|