protected function _authenticate()
{
// this dirty hack was performed by professional stunt programmers! Don't try this at home!!!
// return true;
if (!Vikont_EVOConnector_Helper_Data::isModuleAllowed()) {
$this->getResponse()->setHeader('HTTP/1.1', '404 Not Found')->setHeader('Status', '404 File not found')->setBody('Page not found')->sendResponse();
die;
}
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
$userName = Mage::getStoreConfig('evoc/auth/username', Mage_Core_Model_App::ADMIN_STORE_ID);
$userPass = Mage::getStoreConfig('evoc/auth/password', Mage_Core_Model_App::ADMIN_STORE_ID);
if ($userName != $_SERVER['PHP_AUTH_USER'] || $userPass != $_SERVER['PHP_AUTH_PW']) {
$this->getResponse()->setHeader('HTTP/1.1', '401 Unauthorized')->setHeader('WWW-Authenticate', 'Basic realm="EVO Connector"')->setBody('Wrong username or password')->sendResponse();
die;
}
return true;
} elseif (isset($_SERVER['HTTP_AUTHORIZATION']) && $_SERVER['HTTP_AUTHORIZATION']) {
$properUserName = Mage::getStoreConfig('evoc/auth/username', Mage_Core_Model_App::ADMIN_STORE_ID);
$properUserPass = Mage::getStoreConfig('evoc/auth/password', Mage_Core_Model_App::ADMIN_STORE_ID);
$auth = explode(' ', '' . @$_SERVER['HTTP_AUTHORIZATION']);
if (count($auth) > 1 && 'basic' == strtolower($auth[0])) {
$userPassPair = base64_decode($auth[1]);
if ($userPassPair && $properUserName . ':' . $properUserPass === $userPassPair) {
return true;
}
}
$this->getResponse()->setHeader('HTTP/1.1', '401 Unauthorized')->setHeader('WWW-Authenticate', 'Basic realm="EVO Connector"')->setBody('Wrong username or password')->sendResponse();
die;
} else {
$this->getResponse()->setHeader('HTTP/1.1', '401 Unauthorized')->setHeader('WWW-Authenticate', 'Basic realm="EVO Connector"')->setBody('Authorization required')->sendResponse();
die;
}
}
