git.shiar.nl / minimedit.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
auth: support unhashed passwords
[minimedit.git] / auth.inc.php
diff --git a/auth.inc.php b/auth.inc.php
index e849da9b997957c7fc81a2cfb2266f86baeb2230..94f0dcc8547f190d5758e7fdad1881a56ce72717 100644 (file)
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -7,7 +7,8 @@ function login($inuser, $inpass = NULL)
        }
 
        # find password data by user name
-       $pwfile = sprintf('login/%s/.passwd', strtolower($inuser));
+       $userdir = 'login/'.strtolower($inuser);
+       $pwfile = "$userdir/.passwd";
        if (!file_exists($pwfile)) return;
        $usertest = trim(file_get_contents($pwfile));
        if (!$usertest) return;
@@ -15,15 +16,26 @@ function login($inuser, $inpass = NULL)
        # verify password
        $authhash = md5($usertest);
        if (isset($inpass)) {
-               if (!password_verify($inpass, $usertest)) return;
+               if (substr($usertest, 0, 1) == '$') {
+                       if (!password_verify($inpass, $usertest)) return;
+               }
+               else {
+                       if ($inpass !== $usertest) return;
+               }
        }
        else {
                if ($inauth !== $authhash) return;
        }
 
+       if (function_exists('apache_note')) apache_note('user', $inuser);
+
+       if ($log = @fopen("$userdir/last.log", 'w')) {
+               fwrite($log, "{$_SERVER['REMOTE_ADDR']} {$_SERVER['HTTP_USER_AGENT']}\n");
+       }
+
        return [
                'name'  => $inuser,
-               'admin' => !empty($inuser) && strtolower($inuser) != 'lid',
+               'admin' => file_exists("$userdir/.admin"),
                'auth'  => "$inuser:$authhash",
        ];
 }
MinimEdit - databaseless cms with only a bit of php