diff --git a/README.md b/README.md index 0042bf7d..fef08960 100644 --- a/README.md +++ b/README.md @@ -26,3 +26,14 @@ Authentication Following previous issues with the mis-use of Magmi in an insecure way, Magmi now contains built-in authentication. Once you have provided DB details and Magmi can connect to the DB, you will need to login using a set of Magento admin credentials to use Magmi. If Magmi has not yet been configured to connect, then the username and password are both 'magmi' + +Authentication with PHP-CGI/FPM +------------------------------- + +php-cgi/fpm under Apache does not pass HTTP Basic user/pass to PHP by default + +Add these lines to an .htaccess file: + + RewriteEngine On + RewriteCond %{HTTP:Authorization} ^(.+)$ + RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] diff --git a/magmi/engines/magmi_productimportengine.php b/magmi/engines/magmi_productimportengine.php index 1c9d68b6..714b234c 100755 --- a/magmi/engines/magmi_productimportengine.php +++ b/magmi/engines/magmi_productimportengine.php @@ -1622,8 +1622,11 @@ public function lookup() { $t0 = microtime(true); $this->log("Performing Datasource Lookup...", "startup"); + $count = 0; + + if (is_object($this->datasource)) + $count = $this->datasource->getRecordsCount(); - $count = $this->datasource->getRecordsCount(); $t1 = microtime(true); $time = $t1 - $t0; $this->log("$count:$time", "lookup"); diff --git a/magmi/inc/magmi_engine.php b/magmi/inc/magmi_engine.php index bd598278..47196176 100755 --- a/magmi/inc/magmi_engine.php +++ b/magmi/inc/magmi_engine.php @@ -270,7 +270,9 @@ public function getPluginInstance($family, $order = -1) if ($order < 0) { $order += count($this->_activeplugins[$family]); } - return $this->_activeplugins[$family][$order]; + + if (is_array($this->_activeplugins) && isset($this->_activeplugins[$family]) && isset($this->_activeplugins[$family][$order])) + return $this->_activeplugins[$family][$order]; } /* diff --git a/magmi/web/.htaccess-sample-php_cgi_fpm b/magmi/web/.htaccess-sample-php_cgi_fpm new file mode 100644 index 00000000..fab02199 --- /dev/null +++ b/magmi/web/.htaccess-sample-php_cgi_fpm @@ -0,0 +1,9 @@ +### php-cgi/fpm under Apache does not pass HTTP Basic user/pass to PHP by default + + + +RewriteEngine on +RewriteCond %{HTTP:Authorization} ^(.+)$ +RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] + + \ No newline at end of file diff --git a/magmi/web/security.php b/magmi/web/security.php index d81933cb..abef0f2b 100644 --- a/magmi/web/security.php +++ b/magmi/web/security.php @@ -7,6 +7,35 @@ function authenticate($username="",$password=""){ return $auth->authenticate(); } +if (!isset($_SERVER['PHP_AUTH_USER'])) { + /* + * php-cgi/fpm under Apache does not pass HTTP Basic user/pass to PHP by default + * For this workaround to work, add these lines to your .htaccess file: + * RewriteEngine On + * RewriteCond %{HTTP:Authorization} ^(.+)$ + * RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] + * @see https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpFoundation/ServerBag.php#L47 + */ + $authorizationHeader = null; + if (isset($_SERVER['HTTP_AUTHORIZATION'])) { + $authorizationHeader = $_SERVER['HTTP_AUTHORIZATION']; + } elseif (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { + $authorizationHeader = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; + } + if (null !== $authorizationHeader) { + if (0 === stripos($authorizationHeader, 'basic ')) { + // Decode AUTHORIZATION header into PHP_AUTH_USER and PHP_AUTH_PW when authorization header is basic + $exploded = explode(':', base64_decode(substr($authorizationHeader, 6)), 2); + if (count($exploded) == 2) { + list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = $exploded; + } + } elseif (empty($_SERVER['PHP_AUTH_DIGEST']) && (0 === stripos($authorizationHeader, 'digest '))) { + // In some circumstances PHP_AUTH_DIGEST needs to be set + $_SERVER['PHP_AUTH_DIGEST'] = $authorizationHeader; + } + } +} + if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate:Basic realm="Magmi"'); header('HTTP/1.0 401 Unauthorized');