From f46ac0e6dadc6d012e41ac642015471a05db8a6e Mon Sep 17 00:00:00 2001 From: Daniel Seifert Date: Tue, 21 Nov 2017 16:35:36 +0100 Subject: [PATCH] add user authentification --- .../modules/d3/d3dev/controllers/d3dev.php | 52 +++++++++++++++++++ copy_this/modules/d3/d3dev/metadata.php | 2 +- .../modules/controllers/d3_dev_thankyou.php | 46 ++++++++++++++++ setup+doku/changelog.txt | 5 ++ 4 files changed, 104 insertions(+), 1 deletion(-) diff --git a/copy_this/modules/d3/d3dev/controllers/d3dev.php b/copy_this/modules/d3/d3dev/controllers/d3dev.php index b15b87c..73e17c4 100644 --- a/copy_this/modules/d3/d3dev/controllers/d3dev.php +++ b/copy_this/modules/d3/d3dev/controllers/d3dev.php @@ -16,6 +16,58 @@ class d3dev extends oxUBase { + public function init() + { + $this->_authenticate(); + + parent::init(); + } + + protected function _authenticate () + { + $oConfig = oxRegistry::getConfig(); + + try { + $sUser = $oConfig->getRequestParameter( 'usr' ); + $sPassword = $oConfig->getRequestParameter( 'pwd' ); + + if ( !$sUser || !$sPassword ) { + $sUser = $_SERVER[ 'PHP_AUTH_USER' ]; + $sPassword = $_SERVER[ 'PHP_AUTH_PW' ]; + } + + if ( !$sUser || !$sPassword ) { + $sHttpAuthorization = $_REQUEST[ 'HTTP_AUTHORIZATION' ]; + if ( $sHttpAuthorization ) { + $sUser = null; + $sPassword = null; + $aHttpAuthorization = explode( ' ', $sHttpAuthorization ); + if ( is_array( $aHttpAuthorization ) && count( $aHttpAuthorization ) >= 2 && strtolower( $aHttpAuthorization[ 0 ] ) == 'basic' ) { + $sBasicAuthorization = base64_decode( $aHttpAuthorization[ 1 ] ); + $aBasicAuthorization = explode( ':', $sBasicAuthorization ); + if ( is_array( $aBasicAuthorization ) && count( $aBasicAuthorization ) >= 2 ) { + $sUser = $aBasicAuthorization[ 0 ]; + $sPassword = $aBasicAuthorization[ 1 ]; + } + } + } + } + /** @var oxUser $oUser */ + $oUser = oxNew( 'oxuser' ); + if ( !$sUser || !$sPassword || !$oUser->login( $sUser, $sPassword ) ) { + $oEx = oxNew( 'oxuserexception' ); + $oEx->setMessage( 'EXCEPTION_USER_NOVALIDLOGIN' ); + throw $oEx; + } + } + catch ( Exception $oEx ) { + $oShop = $oConfig->getActiveShop(); + header( 'WWW-Authenticate: Basic realm="' . $oShop->oxshops__oxname->value . '"' ); + header( 'HTTP/1.0 401 Unauthorized' ); + exit( 1 ); + } + } + public function showOrderMailContent() { header('Content-type: text/html; charset='.oxRegistry::getLang()->translateString('charset')); diff --git a/copy_this/modules/d3/d3dev/metadata.php b/copy_this/modules/d3/d3dev/metadata.php index 5e5d347..e666fb2 100644 --- a/copy_this/modules/d3/d3dev/metadata.php +++ b/copy_this/modules/d3/d3dev/metadata.php @@ -45,7 +45,7 @@ $aModule = array( '* Ordernummer an URL ergänzen, wenn bestimmte Bestellungen angezeigt werden sollen', 'en' => ''), // 'thumbnail' => 'picture.png', - 'version' => '1.1', + 'version' => '1.2.0.0', 'author' => 'D³ Data Development (Inh.: Thomas Dartsch)', 'email' => 'support@shopmodule.com', 'url' => 'http://www.oxidmodule.com/', diff --git a/copy_this/modules/d3/d3dev/modules/controllers/d3_dev_thankyou.php b/copy_this/modules/d3/d3dev/modules/controllers/d3_dev_thankyou.php index 85bb3ea..7aa9b23 100644 --- a/copy_this/modules/d3/d3dev/modules/controllers/d3_dev_thankyou.php +++ b/copy_this/modules/d3/d3dev/modules/controllers/d3_dev_thankyou.php @@ -31,12 +31,58 @@ class d3_dev_thankyou extends d3_dev_thankyou_parent && false == (bool) oxRegistry::getConfig()->getActiveShop()->oxshops__oxproductive->value && oxRegistry::getConfig()->getConfigParam('blD3DevShowThankyou') ) { + $this->_d3authenticate(); $oOrder = $this->d3GetLastOrder(); $oBasket = $oOrder->d3DevGetOrderBasket(); $this->_oBasket = $oBasket; } } + protected function _d3authenticate () + { + $oConfig = oxRegistry::getConfig(); + + try { + $sUser = $oConfig->getRequestParameter( 'usr' ); + $sPassword = $oConfig->getRequestParameter( 'pwd' ); + + if ( !$sUser || !$sPassword ) { + $sUser = $_SERVER[ 'PHP_AUTH_USER' ]; + $sPassword = $_SERVER[ 'PHP_AUTH_PW' ]; + } + + if ( !$sUser || !$sPassword ) { + $sHttpAuthorization = $_REQUEST[ 'HTTP_AUTHORIZATION' ]; + if ( $sHttpAuthorization ) { + $sUser = null; + $sPassword = null; + $aHttpAuthorization = explode( ' ', $sHttpAuthorization ); + if ( is_array( $aHttpAuthorization ) && count( $aHttpAuthorization ) >= 2 && strtolower( $aHttpAuthorization[ 0 ] ) == 'basic' ) { + $sBasicAuthorization = base64_decode( $aHttpAuthorization[ 1 ] ); + $aBasicAuthorization = explode( ':', $sBasicAuthorization ); + if ( is_array( $aBasicAuthorization ) && count( $aBasicAuthorization ) >= 2 ) { + $sUser = $aBasicAuthorization[ 0 ]; + $sPassword = $aBasicAuthorization[ 1 ]; + } + } + } + } + /** @var oxUser $oUser */ + $oUser = oxNew( 'oxuser' ); + if ( !$sUser || !$sPassword || !$oUser->login( $sUser, $sPassword ) ) { + $oEx = oxNew( 'oxuserexception' ); + $oEx->setMessage( 'EXCEPTION_USER_NOVALIDLOGIN' ); + throw $oEx; + } + } + catch ( Exception $oEx ) { + $oShop = $oConfig->getActiveShop(); + header( 'WWW-Authenticate: Basic realm="' . $oShop->oxshops__oxname->value . '"' ); + header( 'HTTP/1.0 401 Unauthorized' ); + exit( 1 ); + } + } + /** * @return d3_dev_oxorder */ diff --git a/setup+doku/changelog.txt b/setup+doku/changelog.txt index 7b7a478..e998591 100644 --- a/setup+doku/changelog.txt +++ b/setup+doku/changelog.txt @@ -1,6 +1,11 @@ Hinweise zur Benutzung und Konfiguration sind in der Metadata-Modulbeschreibung enthalten. Diese können nach Installation im Backend des OXID-Shops unter "Erweiterungen -> Module" eingesehen werden. +=> 1.2.0.0 +- Dokuemntation ergänzt +- Mail-Anzeige fordert zusätzlich Authentfikation mit einem Shopadmin-Konto +- Seitenencoding definiert + => 1.1.0.0 - Mailversand übers Shopframework wird blockiert oder - Mails werden an alternative Mailadresse umgeleitet