For the record, here it is my patch to add http authentication:
--- users.inc.t 2005-10-12 15:16:59.000000000 +0100
+++ users.inc.t.new 2005-10-16 17:06:32.406457300 +0100
@@ -605,9 +602,31 @@
$sq = 0;
/* fetch an object with the user's session, profile & theme info */
if (!($u = ses_get())) {
- /* new anon user */
- $u = ses_anon_make();
- } else if ($u->id != 1 && (!$GLOBALS['is_post'] || sq_check(1, $u->sq, $u->id, $u->ses_id))) { /* store the last visit date for registered user */
+
+
+/************************* modification *******************************/
+
+ if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])
+ && ($user_id = q_singleval("SELECT id FROM ".$GLOBALS['DBHOST_TBL_PREFIX']."users WHERE login="._esc($_SERVER['PHP_AUTH_USER'])." AND passwd='".md5($_SERVER['PHP_AUTH_PW'])."'"))
+ ) {
+ $sys_id = ses_make_sysid(($GLOBALS['FUD_OPT_2'] & 256), ($GLOBALS['FUD_OPT_3'] & 16));
+ $ses_id = md5($user_id . time() . getmypid());
+ q("REPLACE INTO ".$GLOBALS['DBHOST_TBL_PREFIX']."ses (ses_id, time_sec, sys_id, user_id) VALUES ('".$ses_id."', ".time().", '".$sys_id."', ".$user_id.")");
+ setcookie($GLOBALS['COOKIE_NAME'], $ses_id, time()+$GLOBALS['COOKIE_TIMEOUT'], $GLOBALS['COOKIE_PATH'], $GLOBALS['COOKIE_DOMAIN']);
+
+ $_COOKIE[$GLOBALS['COOKIE_NAME']] = $ses_id;
+ $u = ses_get();
+ if (!$u || $u->id == 1) exit;
+ } else {
+ header('WWW-Authenticate: Basic realm="private"');
+ header('HTTP/1.0 401 Unauthorized');
+ die('Private Area.');
+ }
+ }
+/*********************** THE END :) ******************************/
+
+
+ if (!$GLOBALS['is_post'] || sq_check(1, $u->sq, $u->id, $u->ses_id)) { /* store the last visit date for registered user */
q('UPDATE {SQL_TABLE_PREFIX}users SET last_visit='.__request_timestamp__.' WHERE id='.$u->id);
if ($GLOBALS['FUD_OPT_3'] & 1) {
setcookie($GLOBALS['COOKIE_NAME'], $u->ses_id, 0, $GLOBALS['COOKIE_PATH'], $GLOBALS['COOKIE_DOMAIN']);
Nuno