<?php
+date_default_timezone_set('Europe/Amsterdam');
+
+class User
+{
+ function __construct($dir)
+ {
+ if (!file_exists($dir)) {
+ throw new Exception("Gebruiker niet gevonden in $dir");
+ }
+ $this->dir = $dir;
+ $this->login = basename($dir);
+ }
+
+ function __get($col)
+ {
+ return $this->$col = $this->$col(); # run method and cache
+ }
+
+ function rawname()
+ {
+ return @file_get_contents("{$this->dir}/name.txt");
+ }
+
+ function name()
+ {
+ return htmlspecialchars(implode(' & ', explode("\n", $this->rawname)));
+ }
+
+ function admin()
+ {
+ return @file_exists("{$this->dir}/.admin");
+ }
+
+ function seen()
+ {
+ return @filemtime("{$this->dir}/last.log");
+ }
+}
+
+function login_password_verify($input, $test)
+{
+ if (substr($test, 0, 1) != '$') {
+ # plaintext match for uncrypted passwords
+ return $input === $test;
+ }
+ return password_verify($input, $test);
+}
+
+function login_setcookie()
+{
+ global $User;
+ return setcookie('login', $User['auth'], 0, '/');
+}
+
function login($inuser, $inpass = NULL)
{
if (empty($inuser)) return;
}
# find password data by user name
- $userdir = 'login/'.strtolower($inuser);
+ $userdir = 'profile/'.preg_replace('/[^a-z0-9]+/', '-', strtolower($inuser));
$pwfile = "$userdir/.passwd";
if (!file_exists($pwfile)) return;
$usertest = trim(file_get_contents($pwfile));
# verify password
$authhash = md5($usertest);
if (isset($inpass)) {
- if (!password_verify($inpass, $usertest)) return;
+ if (!login_password_verify($inpass, $usertest)) return;
}
else {
if ($inauth !== $authhash) return;
if (function_exists('apache_note')) apache_note('user', $inuser);
+ if ($log = @fopen("$userdir/last.log", 'w')) {
+ fwrite($log, "{$_SERVER['REMOTE_ADDR']} {$_SERVER['HTTP_USER_AGENT']}\n");
+ }
+
return [
'name' => $inuser,
+ 'dir' => $userdir,
'admin' => file_exists("$userdir/.admin"),
+ 'pass' => $usertest,
'auth' => "$inuser:$authhash",
];
}
git.shiar.nl / minimedit.git / blobdiff