@list ($inuser, $inauth) = explode(':', $inuser, 2);
}
- # create pwlist table from htpasswd
- $pwdata = file_get_contents('./.htpasswd');
- $pwlist = [];
- foreach (explode("\n", $pwdata) as $line) {
- if (!$line) continue;
- list ($username, $pass) = explode(':', $line);
- $pwlist[$username] = $pass;
- }
-
- # find user by name
- $usertest = @$pwlist[ strtolower($inuser) ];
+ # find password data by user name
+ $userdir = 'login/'.strtolower($inuser);
+ $pwfile = "$userdir/.passwd";
+ if (!file_exists($pwfile)) return;
+ $usertest = trim(file_get_contents($pwfile));
if (!$usertest) return;
# verify password
$authhash = md5($usertest);
if (isset($inpass)) {
- if (!password_verify($inpass, $usertest)) return;
+ if (substr($usertest, 0, 1) == '$') {
+ if (!password_verify($inpass, $usertest)) return;
+ }
+ else {
+ if ($inpass !== $usertest) return;
+ }
}
else {
if ($inauth !== $authhash) return;
}
+ if (function_exists('apache_note')) apache_note('user', $inuser);
+
+ if ($log = @fopen("$userdir/last.log", 'w')) {
+ fwrite($log, "{$_SERVER['REMOTE_ADDR']} {$_SERVER['HTTP_USER_AGENT']}\n");
+ }
+
return [
'name' => $inuser,
- 'admin' => !empty($inuser) && strtolower($inuser) != 'lid',
+ 'admin' => file_exists("$userdir/.admin"),
'auth' => "$inuser:$authhash",
];
}