login: emulate apache authentication to check admin login

[minimedit.git] / auth.inc.php

diff --git a/auth.inc.php b/auth.inc.php
index 1a72379be273e79ade3978fd1744b1a04bada8a1..6a5d1d2d83458fc1f84f56dd96093c1cb36c0c5b 100755 (executable)
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -1,12 +1,38 @@
 <?php
-$ALLOWED = [
-       '127.0.0.1',
-       '192.168.178.0/24',
-       '94.208.83.16', # arie.ziggo
-       '83.161.198.138', # shiar.demon
-       '145.131.141.219', # shiar@1m
-];
-
-$editable = in_array($_SERVER['REMOTE_ADDR'], $ALLOWED) ?
-       $_SERVER['REMOTE_ADDR'] : FALSE;
+global $User, $editable;
+$User = FALSE;
+
+function Auth() {
+       if (isset($_SERVER['PHP_AUTH_USER'])) {
+               $authinfo = [ $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ];
+       }
+       elseif (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
+               // cgi compatibility
+               $authinfo = explode(':' , base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
+       }
+       else {
+               return;
+       }
+
+       $pwdata = file_get_contents(__DIR__.'/.htpasswd');
+       $pwlist = [];
+       foreach (explode("\n", $pwdata) as $line) {
+               if (!$line) continue;
+               list ($username, $pass) = explode(':', $line);
+               $pwlist[$username] = $pass;
+       }
+
+       list ($authname, $authpass) = $authinfo;
+       $usertest = $pwlist[ strtolower($authname) ];
+       if (!$usertest) return;
+
+       $salt = substr($usertest, 0, 2);
+       if (crypt($authpass, $salt) != $usertest) return;
+
+       $GLOBALS['User'] = $authname;
+}
+
+Auth();
+
+$editable = !empty($User) && $User != 'lid';