movino/optional/movino_remote_auth.module

<?php // $Id: movino_remote_auth.module,v 1.1 2007/07/13 10:32:52 tomsun Exp $
/*
    Movino Web Frontend
    Copyright 2006, 2007 Tom Sundström

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License version 2 as
    published by the Free Software Foundation.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public
    License along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/


/**
 * Implementation of hook_help().
 */
function movino_remote_auth_help($section) {
  switch ($section) {
    case 'admin/help#help':
      // TODO: expand
      $output = '<p>'. t('Allows the Movino videoserver to authenticate stream sources against the user database of your Drupal site.') . '</p>';
      return $output;
  }
}


/**
 * Implementation of hook_menu().
 */
function movino_remote_auth_menu($may_cache) {
  global $user;
  $items = array();

  if (!$may_cache) {

    $items[] = array(
      'path' => 'movino/auth',
      'title' => t('Movino remote authentication'),
      'access' => TRUE,
      'callback' => 'movino_remote_auth_callback',
      'type' => MENU_CALLBACK
    );
  }

  return $items;
}


/**
 * Provides remote authentication.
 * 
 * The Movino server is allowed to use this callback to verify that
 * the stream source has a Drupal account with sufficient permissions,
 * by making an http request to "http://yourdrupalinstall/movino/auth".
 *
 */
function movino_remote_auth_callback() {
  header('Content-type: text/plain');

  // Input from server.
  $user_name = ($_POST['username'] ? $_POST['username']: $_GET['username']);
  $challenge = pack("H*", ($_POST['challenge'] ? $_POST['challenge']: $_GET['challenge']));
  $response = pack("H*", ($_POST['response'] ? $_POST['response']: $_GET['response']));
  
  // Find the user DB record by username.
  $result = db_query("SELECT name, pass FROM {users} WHERE LOWER(name) = LOWER('%s') AND status = 1 ", $user_name);
  while ($usr = db_fetch_array($result)) {
    
    // Compare the password hashes according to the Movino authentication protocol.
    if ($usr['name'] == $user_name && (pack("H*", md5(pack("H*", $usr['pass']) . $challenge)) == $response)) {
      
      // Check that the user has proper user permissions.
      $user_account = user_load(array('name' => $user_name));
       if (user_access('upload Movino content', $user_account)) {
         // User permissions verified.
        echo 'ok';
        return;
      }
    }
  }
  
  // Invalid user, password or insufficient permissions.
  echo 'denied';
}
1	<?php // $Id: movino_remote_auth.module,v 1.1 2007/07/13 10:32:52 tomsun Exp $
2	/*
3	Movino Web Frontend
4	Copyright 2006, 2007 Tom Sundström
5
6	This program is free software; you can redistribute it and/or modify
7	it under the terms of the GNU General Public License version 2 as
8	published by the Free Software Foundation.
9
10	This program is distributed in the hope that it will be useful,
11	but WITHOUT ANY WARRANTY; without even the implied warranty of
12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13	GNU General Public License for more details.
14
15	You should have received a copy of the GNU General Public
16	License along with this program; if not, write to the Free Software
17	Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18	*/
19
20
21	/**
22	* Implementation of hook_help().
23	*/
24	function movino_remote_auth_help($section) {
25	switch ($section) {
26	case 'admin/help#help':
27	// TODO: expand
28	$output = '<p>'. t('Allows the Movino videoserver to authenticate stream sources against the user database of your Drupal site.') . '</p>';
29	return $output;
30	}
31	}
32
33
34	/**
35	* Implementation of hook_menu().
36	*/
37	function movino_remote_auth_menu($may_cache) {
38	global $user;
39	$items = array();
40
41	if (!$may_cache) {
42
43	$items[] = array(
44	'path' => 'movino/auth',
45	'title' => t('Movino remote authentication'),
46	'access' => TRUE,
47	'callback' => 'movino_remote_auth_callback',
48	'type' => MENU_CALLBACK
49	);
50	}
51
52	return $items;
53	}
54
55
56	/**
57	* Provides remote authentication.
58	*
59	* The Movino server is allowed to use this callback to verify that
60	* the stream source has a Drupal account with sufficient permissions,
61	* by making an http request to "http://yourdrupalinstall/movino/auth".
62	*
63	*/
64	function movino_remote_auth_callback() {
65	header('Content-type: text/plain');
66
67	// Input from server.
68	$user_name = ($_POST['username'] ? $_POST['username']: $_GET['username']);
69	$challenge = pack("H*", ($_POST['challenge'] ? $_POST['challenge']: $_GET['challenge']));
70	$response = pack("H*", ($_POST['response'] ? $_POST['response']: $_GET['response']));
71
72	// Find the user DB record by username.
73	$result = db_query("SELECT name, pass FROM {users} WHERE LOWER(name) = LOWER('%s') AND status = 1 ", $user_name);
74	while ($usr = db_fetch_array($result)) {
75
76	// Compare the password hashes according to the Movino authentication protocol.
77	if ($usr['name'] == $user_name && (pack("H", md5(pack("H", $usr['pass']) . $challenge)) == $response)) {
78
79	// Check that the user has proper user permissions.
80	$user_account = user_load(array('name' => $user_name));
81	if (user_access('upload Movino content', $user_account)) {
82	// User permissions verified.
83	echo 'ok';
84	return;
85	}
86	}
87	}
88
89	// Invalid user, password or insufficient permissions.
90	echo 'denied';
91	}