Monday, November 08, 2010 at 12:06 AM.


on any (adrParamTable) {
	<<Security fix: 11/12/98 by PBS
		<<Don't check the Host header to see if localhost is specified.
	<<Wed, Jun 10, 1998 at 12:46:37 PM by PBS
		<<Web-admin responder. Implements security for all web-based admin apps.
		<<The security works like this:
			<<1) If you're connecting to Frontier on the same machine (IP address) it's running on,
			<<then you have access.
			<<2) If you're connecting from a remote machine, then you must have a user account
			<<in the People Suite, with a username and password, and have the Admin
			<<service attached to you.
			<<To access the People Suite web-admin in the first place,
			<<connect to Frontier from the same machine it's running on.
			<<The URL is like:
			<<Change to your address, or use localhost.
		<<This responder is a wrapper for the website framework responder.
	local (flSecure = false);
	local (serverAddress);
	local (clientAddress = adrParamTable^.client);
	try { //get the server address
		serverAddress = tcp.addressToName (tcp.myAddress ())}
	else {
		serverAddress = tcp.myAddress ()};
	if tcp.equalNames (serverAddress, clientAddress) {
		flSecure = true};
	if clientAddress == "" {
		flSecure = true};
	if not flSecure { //get username and password
		if webserver.util.parseAuth (adrParamTable) {
			if people.authenticateUser (adrParamTable^.username, adrParamTable^.password, "admin") {
				<<The user has web-admin privileges.
				flSecure = true}}};
	if not flSecure { //send challenge
		local (errMsg = "A valid username and password are required to access this URL.");
		adrParamTable^.responseBody = webserver.util.buildErrorPage ("401 Unauthorized", errMsg);
		adrParamTable^.responseHeaders.["WWW-Authenticate"] = "Basic realm=\"Admin\"";
		adrParamTable^.code = 401;
		return (true)};
	adrParamTable^.responder = "websiteFramework"; //this is a security wrapper for the website framework responder
	return (webserver.responders.websiteFramework.methods.any (adrParamTable))}

This listing is for code that runs in the OPML Editor environment. I created these listings because I wanted the search engines to index it, so that when I want to look up something in my codebase I don't have to use the much slower search functionality in my object database. Dave Winer.