git.shiar.nl / minimedit.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
auth: reusable functions for password verification
[minimedit.git] / auth.inc.php
diff --git a/auth.inc.php b/auth.inc.php
index b20331ac60ceb15d2f785d0301881e3f1f31b3ce..fd11b1353a1dfe1feaa82dc81bad675cc714a9ea 100644 (file)
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -1,4 +1,19 @@
 <?php
+function login_password_verify($input, $test)
+{
+       if (substr($test, 0, 1) != '$') {
+               # plaintext match for uncrypted passwords
+               return $input === $test;
+       }
+       return password_verify($input, $test);
+}
+
+function login_setcookie()
+{
+       global $User;
+       return setcookie('login', $User['auth'], 0, '/');
+}
+
 function login($inuser, $inpass = NULL)
 {
        if (empty($inuser)) return;
@@ -16,7 +31,7 @@ function login($inuser, $inpass = NULL)
        # verify password
        $authhash = md5($usertest);
        if (isset($inpass)) {
-               if (!password_verify($inpass, $usertest)) return;
+               if (!login_password_verify($inpass, $usertest)) return;
        }
        else {
                if ($inauth !== $authhash) return;
@@ -24,6 +39,10 @@ function login($inuser, $inpass = NULL)
 
        if (function_exists('apache_note')) apache_note('user', $inuser);
 
+       if ($log = @fopen("$userdir/last.log", 'w')) {
+               fwrite($log, "{$_SERVER['REMOTE_ADDR']} {$_SERVER['HTTP_USER_AGENT']}\n");
+       }
+
        return [
                'name'  => $inuser,
                'admin' => file_exists("$userdir/.admin"),
MinimEdit - databaseless cms with only a bit of php