On 2/4/05 12:52 PM, Vladimir Zlatanov wrote:
Are the ten lines you can use in PHP to have HTTP authentication difficult to implement? :)
Exactly, not at all. I think the best way to do it is at the end of bootstrap, after the session code has passed.
My idea roughly is long the lines: * if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="My drupal site(may be in subdirectory)"'); header('HTTP/1.0 401 Unauthorized'); echo 'Text to send if user hits Cancel button'; exit; } else { verify the username:password - ala user_login();
you're gonna want to use user_authenticate() instead, but right idea.
}
This will mean that you end up with a valid $user.
* possibly digest authentication as well
I'll be doing that this weekend, I need to test authenticated RSS feeds powered by drupal.
I will not be online this weekend, but will post a patch on Monday to demo the idea. I don't think it is something major anyway (the http auth bit)
would be good for RSS readers too, methinks.
---- webDAV is an extension to http, sort of
I prefer calling that a special kind of XML based RPC, because most of the extensions are actually XML encoded messages.
But it's not actually "RPC" in a traditional sense. But, I think I see what you're saying. It is an extension to HTTP though, in the sense that they've added some additional "actions" (i.e. beyond GET / POST / PUT), such as PROPLIST, MKCOL, etc.
I think there was an implemenation of webDAV for PHP. I am not sure which features, and what level of webDAV are worth it in Drupal's case. upload, version control, locking?
Yeah, ultimately a full delta-v implementation would be sweet, but for now basic upload sounds like it would make lots of folks happy. The main webdav implementation for php I know of is the pear package: http://pear.php.net/package/HTTP_WebDAV_Server which is still labeled as "beta". I'm sure there are others though. -- James Walker :: http://walkah.net/