login: preserve input value after failure

[minimedit.git] / auth.inc.php

diff --git a/auth.inc.php b/auth.inc.php
old mode 100755 (executable)
new mode 100644 (file)
index 363fc71..b8026f9
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -6,17 +6,11 @@ function login($inuser, $inpass = NULL)
                @list ($inuser, $inauth) = explode(':', $inuser, 2);
        }
 
-       # create pwlist table from htpasswd
-       $pwdata = file_get_contents('./.htpasswd');
-       $pwlist = [];
-       foreach (explode("\n", $pwdata) as $line) {
-               if (!$line) continue;
-               list ($username, $pass) = explode(':', $line);
-               $pwlist[$username] = $pass;
-       }
-
-       # find user by name
-       $usertest = @$pwlist[ strtolower($inuser) ];
+       # find password data by user name
+       $userdir = 'login/'.strtolower($inuser);
+       $pwfile = "$userdir/.passwd";
+       if (!file_exists($pwfile)) return;
+       $usertest = trim(file_get_contents($pwfile));
        if (!$usertest) return;
 
        # verify password
@@ -28,9 +22,15 @@ function login($inuser, $inpass = NULL)
                if ($inauth !== $authhash) return;
        }
 
+       if (function_exists('apache_note')) apache_note('user', $inuser);
+
+       if ($log = @fopen("$userdir/last.log", 'w')) {
+               fwrite($log, "{$_SERVER['REMOTE_ADDR']} {$_SERVER['HTTP_USER_AGENT']}\n");
+       }
+
        return [
                'name'  => $inuser,
-               'admin' => !empty($inuser) && strtolower($inuser) != 'lid',
+               'admin' => file_exists("$userdir/.admin"),
                'auth'  => "$inuser:$authhash",
        ];
 }