Monday, November 08, 2010 at 12:06 AM.
system.verbs.builtins.webserver.responders.admin.methods.any
on any (adrParamTable) { <<Security fix: 11/12/98 by PBS <<Don't check the Host header to see if localhost is specified. <<Wed, Jun 10, 1998 at 12:46:37 PM by PBS <<Web-admin responder. Implements security for all web-based admin apps. <<The security works like this: <<1) If you're connecting to Frontier on the same machine (IP address) it's running on, <<then you have access. <<2) If you're connecting from a remote machine, then you must have a user account <<in the People Suite, with a username and password, and have the Admin <<service attached to you. <<To access the People Suite web-admin in the first place, <<connect to Frontier from the same machine it's running on. <<The URL is like: http://www.myServer.com/admin/people/default.wsf <<Change www.myServer.com to your address, or use localhost. <<This responder is a wrapper for the website framework responder. local (flSecure = false); local (serverAddress); local (clientAddress = adrParamTable^.client); try { //get the server address serverAddress = tcp.addressToName (tcp.myAddress ())} else { serverAddress = tcp.myAddress ()}; if tcp.equalNames (serverAddress, clientAddress) { flSecure = true}; if clientAddress == "127.0.0.1" { flSecure = true}; if not flSecure { //get username and password if webserver.util.parseAuth (adrParamTable) { if people.authenticateUser (adrParamTable^.username, adrParamTable^.password, "admin") { <<The user has web-admin privileges. flSecure = true}}}; if not flSecure { //send challenge local (errMsg = "A valid username and password are required to access this URL."); adrParamTable^.responseBody = webserver.util.buildErrorPage ("401 Unauthorized", errMsg); adrParamTable^.responseHeaders.["WWW-Authenticate"] = "Basic realm=\"Admin\""; adrParamTable^.code = 401; return (true)}; adrParamTable^.responder = "websiteFramework"; //this is a security wrapper for the website framework responder return (webserver.responders.websiteFramework.methods.any (adrParamTable))}
This listing is for code that runs in the OPML Editor environment. I created these listings because I wanted the search engines to index it, so that when I want to look up something in my codebase I don't have to use the much slower search functionality in my object database. Dave Winer.