ERW is designed to work well in complex intranets in which several users access data with different privileges. This requires two basic services, that is, authentication and authorisation. By default, ERW delegates completely the authentication process to the HTTP server. The system administrator should set up directory access, accounts and passwords so that PHP can fill its internal variables.
If you prefer to set up your own authentication system, you have
just to set the
$_ERW_authenticate variable in
the main configuration file. This variable must be set to the name
of a PHP file containing code that will perform authentication, usually
looking at the content of the
$_SERVER["PHP_AUTH_PW"]. The code will run in the same
environment of a hook, must end with a
return statement, and must return
true or false, depending whether
the user is authenticated or not. A nonauthenticated user will be
presented with the typical HTTP basic authorisation dialog; you can set
the basic realm (that will be shown to the user) using the configuration
You can extend at will the default authorisation-related entities contained in auth.xml, for instance adding a password attribute (with ERW type pw) to the entity usr.
For instance, assuming that you added a password column to the usr table, you can use the following code:
<?php return $db->getOne("select COUNT(*) from usr where ". "login=".ERW::quote($_SERVER["PHP_AUTH_USER"]). " and password=".ERW::quote($_SERVER["PHP_AUTH_PW"])); ?>
$_ERW_authenticateto "authenticate.php" in the main configuration file and you're done.
Of course, nothing prevents you from using the post-update hook to set up special forms that will actually make a user able to manipulate the server password file.