<?php
/**
 * @package		Joomla.Plugins
 * @subpackage	System.BasicAuth
 *
 * @author		Helios Ciancio <info (at) eshiol (dot) it>
 * @link		https://www.eshiol.it
 * @copyright	Copyright (C) 2020 - 2023 Helios Ciancio. All Rights Reserved
 * @copyright	Copyright (C) 2011 - 2013 Johan Janssens and Timble CVBA.
 * @license		http://www.gnu.org/licenses/gpl-3.0.html GNU/GPL v3
 * Basic HTTP authentication for Joomla is free software. This version may have
 * been modified pursuant to the GNU General Public License, and as distributed
 * it  includes or is derivative of works licensed under the GNU General Public
 * License or other free or open source software licenses.
 */
defined ('_JEXEC') or die ('Restricted access');

/**
 * Basic HTTP authentication for Joomla
 */
class plgSystemBasicauth extends JPlugin
{
	/**
	 * Application object.
	 *
	 * @var JApplicationCms
	 * @since 3.9
	 */
	protected $app;

	/**
	 * Constructor.
	 *
	 * @param
	 *			object &$subject The object to observe
	 * @param array $config
	 *			An array that holds the plugin configuration
	 *
	 * @since 1.0
	 */
	public function __construct(&$subject, $config = array())
	{
		parent::__construct($subject, $config);

		$input = $this->app->input;

		// See if the client has sent authorization headers
		if (strpos(PHP_SAPI, 'cgi') !== false)
		{
			$authorization = $input->server->get('REDIRECT_HTTP_AUTHORIZATION', '', 'string');
		}
		else
		{
			$authorization = $input->server->get('HTTP_AUTHORIZATION', '', 'string');
		}

		// If basic authorization is available, store the username and password in the $_SERVER globals
		if (strstr($authorization, 'Basic'))
		{
			$parts = explode(':', base64_decode(substr($authorization, 6)));

			if (count($parts) == 2)
			{
				$input->server->set('PHP_AUTH_USER', $parts [0]);
				$input->server->set('PHP_AUTH_PW', $parts [1]);
			}
		}
	}

	/**
	 * Ask for authentication and log the user in into the application.
	 *
	 * @return void
	 * @since 1.0
	 */
	public function onAfterRoute()
	{
		$username = $this->app->input->server->get('PHP_AUTH_USER', null, 'string');
		$password = $this->app->input->server->get('PHP_AUTH_PW', null, 'string');

		if ($username && $password)
		{
			if (!$this->_login($username, $password, $this->app))
			{
				throw new Exception('Login failed', 401);
			}
		}
	}

	/**
	 * Set the HTTP Basic Authentication header
	 *
	 * @return void
	 *
	 * @since 3.9
	 */
	public function onBeforeRender()
	{
		foreach($this->app->getHeaders() as $header)
		{
			if (($header['name'] == 'status') && ($header['value'] == '401'))
			{
				$this->app->setHeader('WWW-Authenticate', 'Basic realm="' . $this->app->get( 'sitename' ) . '"');
				break;
			}
		}
	}

	/**
	 * Logs in a given user to an application.
	 *
	 * @param string $username
	 *			The username.
	 * @param string $password
	 *			The password.
	 * @param object $application
	 *			The application.
	 *
	 * @return bool True if login was successful, false otherwise.
	 * @since 1.0
	 */
	protected function _login($username, $password, $application)
	{
		// If we did receive the user credentials from the user, try to login
		if ($application->login(array('username' => $username, 'password' => $password)) !== true)
		{
			return false;
		}

		return true;
	}
}