- elseif (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
- // cgi compatibility
- $authinfo = explode(':' , base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
+ return password_verify($input, $test);
+}
+
+function login_setcookie()
+{
+ global $User;
+ return setcookie('login', $User['auth'], 0, '/');
+}
+
+function login($inuser, $inpass = NULL)
+{
+ if (empty($inuser)) return;
+ if (!isset($inpass)) {
+ @list ($inuser, $inauth) = explode(':', $inuser, 2);
+ }
+
+ # find password data by user name
+ $userdir = 'profile/'.preg_replace('/[^a-z0-9]+/', '-', strtolower($inuser));
+ $pwfile = "$userdir/.passwd";
+ if (!file_exists($pwfile)) return;
+ $usertest = trim(file_get_contents($pwfile));
+ if (!$usertest) return;
+
+ # verify password
+ $authhash = md5($usertest);
+ if (isset($inpass)) {
+ if (!login_password_verify($inpass, $usertest)) return;