Merge pull request #69 from joturako/master

add basic auth with configurable username and password

config.dist.php

@@ -5,6 +5,10 @@
     'production'         => true,
     'default_layout'     => 'layout',
     'timezone'           => 'Europe/Amsterdam',
+    'auth' => array(
+	    'username' => 'admin',
+        'password' => password_hash('admin', PASSWORD_DEFAULT)
+	),
     'log' => array(
         'driver'    => 'file',
         'threshold' => 1, /* 0: Disable Logging 1: Error 2: Notice 3: Info 4: Warning 5: Debug */

public/index.php

@@ -1,5 +1,4 @@
 <?php
-
 function __autoload($class)
 {
     $path = '../';
@@ -15,14 +14,41 @@ function __autoload($class)
     } else {
         $dir = 'libraries';
     }
-
     include_once($path.$dir.'/'.(strtolower($class)).'.php');
 }
-
 if (isset(App::instance()->config['timezone'])) {
     date_default_timezone_set(App::instance()->config['timezone']);
+
 }
 
-$error = new Error();
+$authenticated = true;
+
+if (isset(App::instance()->config['auth'])) {
+    $username = null;
+    $password = null;
+
+    $auth = App::instance()->config['auth'];
 
-Router::instance()->route();
+    // mod_php
+    if (isset($_SERVER['PHP_AUTH_USER'])) {
+        $username = $_SERVER['PHP_AUTH_USER'];
+        $password = $_SERVER['PHP_AUTH_PW'];
+    // most other servers
+    } elseif (isset($_SERVER['HTTP_AUTHORIZATION']) && strpos(strtolower($_SERVER['HTTP_AUTHORIZATION']), 'basic') === 0) {
+		list($username, $password) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
+	}
+
+    if ($username != $auth['username'] || !password_verify($password, $auth['password'])) {
+        $authenticated = false;
+    }
+}
+
+if ($authenticated) {
+    $error = new Error();
+    Router::instance()->route();
+} else {
+    header('WWW-Authenticate: Basic realm="PHPRedis Administrator"');
+    header('HTTP/1.0 401 Unauthorized');
+    echo 'Not Authorized';
+    die();
+}