class BasicAuth (View source)

Provides an interface to HTTP basic authentication.

This utility class can be used to secure any request with basic authentication. To do so, BasicAuth::requireLogin() from your Controller's init() method or action handler method.

It also has a function to protect your entire site. See BasicAuth::protect_entire_site() for more information. You can control this setting on controller-level by using Controller->basicAuthEnabled.

Properties

Methods

public static 
requireLogin(string $realm, string|array $permissionCode = null, bool $tryUsingSessionLogin = true)

Require basic authentication. Will request a username and password if none is given.

public static 
protect_entire_site(bool $protect = true, string $code = 'ADMIN', string $message = null)

Enable protection of the entire site with basic authentication.

Details

static Member requireLogin(string $realm, string|array $permissionCode = null, bool $tryUsingSessionLogin = true)

Require basic authentication. Will request a username and password if none is given.

Used by Controller::init().

Parameters

string $realm
string|array $permissionCode Optional
bool $tryUsingSessionLogin

If true, then the method with authenticate against the session log-in if those credentials are disabled.

Return Value

Member $member

Exceptions

SS_HTTPResponse_Exception

static protect_entire_site(bool $protect = true, string $code = 'ADMIN', string $message = null)

Enable protection of the entire site with basic authentication.

This log-in uses the Member database for authentication, but doesn't interfere with the regular log-in form. This can be useful for test sites, where you want to hide the site away from prying eyes, but still be able to test the regular log-in features of the site.

If you are including conf/ConfigureFromEnv.php in your _config.php file, you can also enable this feature by adding this line to your _ss_environment.php:

define('SS_USE_BASIC_AUTH', true);

Parameters

bool $protect

Set this to false to disable protection.

string $code

Permission code that is required from the user. Defaults to "ADMIN". Set to NULL to just require a valid login, regardless of the permission codes a user has.

string $message

static protect_site_if_necessary()

Call BasicAuth::requireLogin()} if {@link BasicAuth::protect_entire_site() has been called.

This is a helper function used by Controller::init().

If you want to enabled protection (rather than enforcing it), please use protect_entire_site().