- elseif (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
- // cgi compatibility
- $authinfo = explode(':' , base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
+
+ # find password data by user name
+ $userdir = 'login/'.strtolower($inuser);
+ $pwfile = "$userdir/.passwd";
+ if (!file_exists($pwfile)) return;
+ $usertest = trim(file_get_contents($pwfile));
+ if (!$usertest) return;
+
+ # verify password
+ $authhash = md5($usertest);
+ if (isset($inpass)) {
+ if (!password_verify($inpass, $usertest)) return;