wiki.techinc.nl/img_auth.php

<?php
/**
 * The web entry point for serving non-public images to logged-in users.
 *
 * To use this, see https://www.mediawiki.org/wiki/Manual:Image_authorization
 *
 * - Set $wgUploadDirectory to a non-public directory (not web accessible)
 * - Set $wgUploadPath to point to this file
 *
 * Optional Parameters
 *
 * - Set $wgImgAuthDetails = true if you want the reason the access was denied messages to
 *       be displayed instead of just the 403 error (doesn't work on IE anyway),
 *       otherwise it will only appear in error logs
 *
 *  For security reasons, you usually don't want your user to know *why* access was denied,
 *  just that it was. If you want to change this, you can set $wgImgAuthDetails to 'true'
 *  in localsettings.php and it will give the user the reason why access was denied.
 *
 * Your server needs to support REQUEST_URI or PATH_INFO; CGI-based
 * configurations sometimes don't.
 *
 * @see MediaWiki\FileRepo\AuthenticatedFileEntryPoint The implementation.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * http://www.gnu.org/copyleft/gpl.html
 *
 * @file
 * @ingroup entrypoint
 */

use MediaWiki\Context\RequestContext;
use MediaWiki\EntryPointEnvironment;
use MediaWiki\FileRepo\AuthenticatedFileEntryPoint;
use MediaWiki\MediaWikiServices;

define( 'MW_NO_OUTPUT_COMPRESSION', 1 );
define( 'MW_ENTRY_POINT', 'img_auth' );
require __DIR__ . '/includes/WebStart.php';

( new AuthenticatedFileEntryPoint(
	RequestContext::getMain(),
	new EntryPointEnvironment(),
	MediaWikiServices::getInstance()
) )->run();
Script to allow MediaWiki-based authentication for downloading items from the upload directory. To use, deny access to the actual directory, and set $wgUploadPath to this script. Image URLs will be of the form "http://server.com/wiki/img_auth.php/0/00/Image.png". The script checks the cookies and the session data, and if everything is OK, streams out the named file. 2004-06-07 06:57:53 +00:00			`<?php`
* phpdoc for file description * single quotes 2005-01-27 04:30:18 +00:00			`/**`
docs: Improve "Entry points" documentation page Turn this into a doc group, and let the descriptions come directly from the files in question. This makes the list easier to maintain, and alsom means that the overview page becomes discoverable whenever one is looking at the entry point file as well. Previously the doc page pointed to the entry points, but not the other way around. This is also fixed. Bug: T244294 Change-Id: I891c5a37e17592edc1136d7367949927121c8bc8 2020-02-04 21:44:38 +00:00			`* The web entry point for serving non-public images to logged-in users.`
* Fix img_auth.php image name extraction for whitelist checking * (bug 10756) img_auth.php will now refuse logged-out requests when there is no whitelist, rather than allowing them through 2007-08-06 06:15:21 +00:00			`*`
doc: Update redirected link Change-Id: I5a2cd33efe494ac8d476f619077506d4f684f48f 2023-07-03 00:28:41 +00:00			`* To use this, see https://www.mediawiki.org/wiki/Manual:Image_authorization`
* Fix img_auth.php image name extraction for whitelist checking * (bug 10756) img_auth.php will now refuse logged-out requests when there is no whitelist, rather than allowing them through 2007-08-06 06:15:21 +00:00			`*`
Same as r48631; added "@file" when needed, also added doc in redirect.php and install-utils.inc 2009-03-21 16:48:09 +00:00			`* - Set $wgUploadDirectory to a non-public directory (not web accessible)`
			`* - Set $wgUploadPath to point to this file`
* s~ +$~~ 2006-01-07 13:09:30 +00:00			`*`
Cleaned up img_auth code and re-integrated core img-auth- messages. 2009-09-10 21:12:55 +00:00			`* Optional Parameters`
			`*`
image_auth.php cleanups: * Factored main code into wfImageAuthMain() * Made preg_match() for $name account for "page3-" type specifiers in the thumb name * Code style cleanups 2011-11-20 08:50:13 +00:00			`* - Set $wgImgAuthDetails = true if you want the reason the access was denied messages to`
			`* be displayed instead of just the 403 error (doesn't work on IE anyway),`
			`* otherwise it will only appear in error logs`
Cleaned up img_auth code and re-integrated core img-auth- messages. 2009-09-10 21:12:55 +00:00			`*`
image_auth.php cleanups: * Factored main code into wfImageAuthMain() * Made preg_match() for $name account for "page3-" type specifiers in the thumb name * Code style cleanups 2011-11-20 08:50:13 +00:00			`* For security reasons, you usually don't want your user to know why access was denied,`
			`* just that it was. If you want to change this, you can set $wgImgAuthDetails to 'true'`
			`* in localsettings.php and it will give the user the reason why access was denied.`
Cleaned up img_auth code and re-integrated core img-auth- messages. 2009-09-10 21:12:55 +00:00			`*`
INSTALL: Don't warn against using PHP "as a CGI plugin" This note is very old; it was added in r2832 (635388356be70130) and r3285 (7ab7a50cf928861f). Modern versions of MediaWiki support CGI and FastCGI installations nearly as well as mod_php installations. In fact, Wikimedia currently uses HHVM's "fastcgi" server type, and intends to use php-fpm with PHP 7 (see migration plan in T176370). For a basic MediaWiki installation using the web installer, the only difference I know of is the default URLs: /w/index.php?title=$1 for CGI, as opposed to /w/index.php/$1 for mod_php. This issue is easy to fix by changing $wgArticlePath, if the web server sets REQUEST_URI. Admins who want to use short URLs (e.g. /wiki/$1) have to do this anyway. Also, in img_auth.php and the "img-auth-nopathinfo" message, don't imply that CGI and FastCGI server configurations generally can't provide path information or support MediaWiki features that need it. Change-Id: I89212e9d51f950a58f911083b9e109b69cd4e060 2018-07-26 05:36:19 +00:00			`* Your server needs to support REQUEST_URI or PATH_INFO; CGI-based`
			`* configurations sometimes don't.`
Same as r48631; added "@file" when needed, also added doc in redirect.php and install-utils.inc 2009-03-21 16:48:09 +00:00			`*`
filerepo: extract AuthenticatedFileEntryPoint from img_auth.php The idea is that all entry points should share the code in the MediaWikiEntryPoint base class. This change just moves code from the file scope into a class, without any structural changes. Bug: T354216 Change-Id: Ie2e827d30a070bcc63bdce56891c3aa0a4dacddd 2023-11-29 13:15:44 +00:00			`* @see MediaWiki\FileRepo\AuthenticatedFileEntryPoint The implementation.`
			`*`
Added missing GPLv2 headers in some places. Also made file documentation more consistent. Change-Id: I30e124514396f110a572467b94ca06cefd5f7b46 2012-05-23 11:41:30 +00:00			`* This program is free software; you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
			`* the Free Software Foundation; either version 2 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
Cleaned up img_auth code and re-integrated core img-auth- messages. 2009-09-10 21:12:55 +00:00			`*`
Added missing GPLv2 headers in some places. Also made file documentation more consistent. Change-Id: I30e124514396f110a572467b94ca06cefd5f7b46 2012-05-23 11:41:30 +00:00			`* You should have received a copy of the GNU General Public License along`
			`* with this program; if not, write to the Free Software Foundation, Inc.,`
			`* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.`
			`* http://www.gnu.org/copyleft/gpl.html`
			`*`
			`* @file`
docs: Improve "Entry points" documentation page Turn this into a doc group, and let the descriptions come directly from the files in question. This makes the list easier to maintain, and alsom means that the overview page becomes discoverable whenever one is looking at the entry point file as well. Previously the doc page pointed to the entry points, but not the other way around. This is also fixed. Bug: T244294 Change-Id: I891c5a37e17592edc1136d7367949927121c8bc8 2020-02-04 21:44:38 +00:00			`* @ingroup entrypoint`
Added missing GPLv2 headers in some places. Also made file documentation more consistent. Change-Id: I30e124514396f110a572467b94ca06cefd5f7b46 2012-05-23 11:41:30 +00:00			`*/`
Cleaned up img_auth code and re-integrated core img-auth- messages. 2009-09-10 21:12:55 +00:00
Namespace includes/context Bug: T353458 Change-Id: I4dbef138fd0110c14c70214282519189d70c94fb 2024-02-08 14:56:54 +00:00			`use MediaWiki\Context\RequestContext;`
filerepo: extract AuthenticatedFileEntryPoint from img_auth.php The idea is that all entry points should share the code in the MediaWikiEntryPoint base class. This change just moves code from the file scope into a class, without any structural changes. Bug: T354216 Change-Id: Ie2e827d30a070bcc63bdce56891c3aa0a4dacddd 2023-11-29 13:15:44 +00:00			`use MediaWiki\EntryPointEnvironment;`
			`use MediaWiki\FileRepo\AuthenticatedFileEntryPoint;`
			`use MediaWiki\MediaWikiServices;`
Reorg: Move HTML-related classes out of includes/ to Html/ Bug: T321882 Change-Id: I5dc1f7e9c303cd3f5b9dd7010d6bb470d8400a18 2023-02-16 19:27:21 +00:00
* Moved the main ob_start() from the default LocalSettings.php to WebStart.php. The ob_start() section should preferably be removed from older LocalSettings.php files. * Give Content-Length header for HTTP/1.0 clients. * Partial support for Flash cross-domain-policy filtering. Text entry points should be protected, but uploads are not. 2007-02-19 23:03:37 +00:00			`define( 'MW_NO_OUTPUT_COMPRESSION', 1 );`
Add MW_REST_API and MW_ENTRY_POINT Define the global constant MW_REST_API in rest.php, by analogy with MW_API. Also generalize this by adding MW_ENTRY_POINT, which contains the entry script name, "cli" or "unknown". This allows tests such as if ( MW_ENTRY_POINT !== 'index' ) which is probably what is really intended by defined('MW_API') in many cases. Change-Id: I24099f4cdd170de17afd6e1bbad67c9b204071fc 2019-09-02 23:55:00 +00:00			`define( 'MW_ENTRY_POINT', 'img_auth' );`
phpcs: More require/include is not a function Follows-up I1343872de7, Ia533aedf63 and I2df2f80b81. Also updated usage in text in documentation and the installer LocalSettingsGenerator. Most of them were handled by this regex: - find: (require\|include\|require_once\|include_once)\s\(\s(.+?)\s\)\s;$ - replace: $1 $2; Change-Id: I6b38aad9a5149c9c43ce18bd8edbab14b8ce43fa 2013-05-17 00:16:59 +00:00			`require __DIR__ . '/includes/WebStart.php';`
Script to allow MediaWiki-based authentication for downloading items from the upload directory. To use, deny access to the actual directory, and set $wgUploadPath to this script. Image URLs will be of the form "http://server.com/wiki/img_auth.php/0/00/Image.png". The script checks the cookies and the session data, and if everything is OK, streams out the named file. 2004-06-07 06:57:53 +00:00
filerepo: extract AuthenticatedFileEntryPoint from img_auth.php The idea is that all entry points should share the code in the MediaWikiEntryPoint base class. This change just moves code from the file scope into a class, without any structural changes. Bug: T354216 Change-Id: Ie2e827d30a070bcc63bdce56891c3aa0a4dacddd 2023-11-29 13:15:44 +00:00			`( new AuthenticatedFileEntryPoint(`
			`RequestContext::getMain(),`
			`new EntryPointEnvironment(),`
			`MediaWikiServices::getInstance()`
			`) )->run();`