Http Authentication
Http Authentication
HTTP authentication is a perfect way of doing authentication for administration pages where you don’t really need nice-looking form-authentication and remember me checkboxes (although some browsers show that for you). Plus using HTTP Authentication you can make Robots perform authenticated connections to your application (RSS Readers, mobile devices, scriptable accesses…)
Something many people have forgot from the 90's is that you can simply call https://username:password@example.com/admin/orders.xml and as long as the the connection is encrypted using SSL the password will be ”safe”.
By the way, who needs that pretty looking form for an administration interface you an 5 people more are going to use?
HTTP authentication in dead simple in Akelos. It was added to on 0.x.413 (trunk version).
In order to use it, you need to provide users in one of these formats:
- An array of
'username' ⇒ 'password'. This is the simplest and most convenient way for small sites. Remember tomd5()passwords to avoid compromising them from peering eyes. - A Model/Class instance that implements an “authenticate” method like:
$User→authenticate($user_name, $password, $controller /* optional */);and returnstrueif it should grant access orfalseif it should not. - Your own instance with your own method. In this case you should pass an array like
array('handler'⇒$MegaAuthenticator, 'method' ⇒ 'ultraCheckCredentials'), the parameters will remain the same as in previous example.
Here is a sample of the simplest implementation
<?php class PostController extends ApplicationController { var $_authorized_users = array('bermi' => 'secret'); function __construct() { $this->beforeFilter(array('authenticate' => array('except' => array('index')))); } function index() { $this->renderText("Everyone can see me!"); } function edit() { $this->renderText("I'm only accessible if you know the password"); } function authenticate() { $this->_authenticateOrRequestWithHttpBasic('My Blog', $this->_authorized_users); } } ?>