auth.inc.php

   1 <?php
   2 global $User, $editable;
   3 $User = FALSE;
   4
   5 function Auth() {
   6         if (isset($_SERVER['PHP_AUTH_USER'])) {
   7                 $authinfo = [ $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ];
   8         }
   9         elseif (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
  10                 // cgi compatibility
  11                 $authinfo = explode(':' , base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
  12         }
  13         else {
  14                 return;
  15         }
  16
  17         $pwdata = file_get_contents(__DIR__.'/.htpasswd');
  18         $pwlist = [];
  19         foreach (explode("\n", $pwdata) as $line) {
  20                 if (!$line) continue;
  21                 list ($username, $pass) = explode(':', $line);
  22                 $pwlist[$username] = $pass;
  23         }
  24
  25         list ($authname, $authpass) = $authinfo;
  26         $usertest = $pwlist[ strtolower($authname) ];
  27         if (!$usertest) return;
  28
  29         $salt = substr($usertest, 0, 2);
  30         if (crypt($authpass, $salt) != $usertest) return;
  31
  32         $GLOBALS['User'] = $authname;
  33 }
  34
  35 Auth();
  36
  37 $editable = !empty($User) && $User != 'lid';
  38