Monday, April 04, 2011 at 1:07 AM.

---

radio2Suite.securityChallenge

on securityChallenge (adradruser) {
	<<Changes
		<<3/7/11; 8:31:51 AM by DW
			<<Switch to cookie-based user authentication. 
				<<bundle //old code
					<<local (pta = html.getpagetableaddress (), adrdata = radio2suite.init ())
					<<if webserver.util.parseAuth (pta) //get username and password
						<<local (adruser = @adrdata^.users.[pta^.username])
						<<if not defined (adruser^)
							<<scripterror ("Can't access the site because there is no user named \"" + pta^.username + ".\"")
						<<if not adruser^.prefs.enabled //3/5/11 by DW
							<<scripterror ("Can't access the site because it is being worked on at this time.")
						<<if string (pta^.password) == string (adruser^.prefs.security.password)
							<<adradruser^ = adruser
							<<radio2suite.inituser (adruser) //2/21/11 by DW
							<<return (true)
					<<bundle //send challenge
						<<local (pagebody = "A valid username and password are required to access this page.")
						<<pta^.responseBody = webserver.util.buildErrorPage ("401 Unauthorized", pagebody)
						<<pta^.responseHeaders.["WWW-Authenticate"] = "Basic realm=\"" + radio2Info.name + "\""
						<<pta^.code = 401
						<<return (false)
		<<3/5/11; 11:35:36 AM by DW
			<<Don't pass if the user's account is not enabled.
		<<2/21/11; 6:42:15 PM by DW
			<<Call initUser before returning, this is the bottleneck -- makes sure there are no uninitiaized elements of the user table.
		<<1/7/11; 10:18:47 AM by DW
			<<Rewrite to return adruser, instead of having it passed as a parameter.
				<<on securityChallenge (adruser)
					<<Changes
						<<1/7/11; 10:18:47 AM by DW
							<<Rewrite to not take adruser as a parameter.
						<<2/25/05; 6:37:03 PM by DW
							<<Created. 
					<<local (pta = html.getpagetableaddress ())
					<<if adruser^.prefs.security.enabled
						<<if webserver.util.parseAuth (pta) //get username and password
							<<if string.lower (pta^.username) == string.lower (nameof (adruser^))
								<<if string (pta^.password) == string (adruser^.prefs.security.password)
									<<return (true)
						<<bundle //send challenge
							<<local (pagebody = "A valid username and password are required to access this page.")
							<<pta^.responseBody = webserver.util.buildErrorPage ("401 Unauthorized", pagebody)
							<<pta^.responseHeaders.["WWW-Authenticate"] = "Basic realm=\"Admin\""
							<<pta^.code = 401
							<<return (false)
					<<else
						<<return (true)
		<<2/25/05; 6:37:03 PM by DW
			<<Created. 
	local (adrdata = radio2suite.init (), username);
	if opmlEditor.member.checkCookie ("signin", @username) {
		adradruser^ = @adrdata^.users.[username];
		return (true)}
	else {
		return (false)}};
bundle { //test code
	securityChallenge ()}

---

This listing is for code that runs in the OPML Editor environment. I created these listings because I wanted the search engines to index it, so that when I want to look up something in my codebase I don't have to use the much slower search functionality in my object database. Dave Winer.