BasicAuth

class BasicAuth

Provides an interface to HTTP basic authentication.

This utility class can be used to secure any request with basic authentication. To do so, {@link BasicAuth::requireLogin()} from your Controller's init() method or action handler method.

It also has a function to protect your entire site. See {@link BasicAuth::protect_entire_site()} for more information. You can control this setting on controller-level by using {@link Controller->basicAuthEnabled}.

Config options

entire_site_protected Boolean
entire_site_protected_code String|array
entire_site_protected_message String

Methods

static Member
requireLogin(string $realm, string|array $permissionCode = null, boolean $tryUsingSessionLogin = true)

Require basic authentication. Will request a username and password if none is given.

static 
protect_entire_site(boolean $protect = true, string $code = 'ADMIN', string $message = null)

Enable protection of the entire site with basic authentication.

static 
protect_site_if_necessary()

Call {@link BasicAuth::requireLogin()} if {@link BasicAuth::protect_entire_site()} has been called.

Details

at line 49
static Member requireLogin(string $realm, string|array $permissionCode = null, boolean $tryUsingSessionLogin = true)

Require basic authentication. Will request a username and password if none is given.

Used by {@link Controller::init()}.

Parameters

string $realm
string|array $permissionCode Optional
boolean $tryUsingSessionLogin If true, then the method with authenticate against the session log-in if those credentials are disabled.

Return Value

Member $member

Exceptions

SS_HTTPResponse_Exception

at line 133
static protect_entire_site(boolean $protect = true, string $code = 'ADMIN', string $message = null)

Enable protection of the entire site with basic authentication.

This log-in uses the Member database for authentication, but doesn't interfere with the regular log-in form. This can be useful for test sites, where you want to hide the site away from prying eyes, but still be able to test the regular log-in features of the site.

If you are including conf/ConfigureFromEnv.php in your _config.php file, you can also enable this feature by adding this line to your _ss_environment.php:

define('SS_USE_BASIC_AUTH', true);

Parameters

boolean $protect Set this to false to disable protection.
string $code {@link Permission} code that is required from the user. Defaults to "ADMIN". Set to NULL to just require a valid login, regardless of the permission codes a user has.
string $message

at line 146
static protect_site_if_necessary()

Call {@link BasicAuth::requireLogin()} if {@link BasicAuth::protect_entire_site()} has been called.

This is a helper function used by {@link Controller::init()}.

If you want to enabled protection (rather than enforcing it), please use {@link protect_entire_site()}.