<?php
-$ALLOWED = [
- '127.0.0.1',
- '192.168.178.0/24',
- '94.208.83.16', # arie.ziggo
- '83.161.198.138', # shiar.demon
- '145.131.141.219', # shiar@1m
-];
-
-$editable = in_array($_SERVER['REMOTE_ADDR'], $ALLOWED) ?
- $_SERVER['REMOTE_ADDR'] : FALSE;
+function login($inuser, $inpass = NULL)
+{
+ if (empty($inuser)) return;
+ if (!isset($inpass)) {
+ @list ($inuser, $inauth) = explode(':', $inuser, 2);
+ }
+
+ # create pwlist table from htpasswd
+ $pwdata = file_get_contents('./.htpasswd');
+ $pwlist = [];
+ foreach (explode("\n", $pwdata) as $line) {
+ if (!$line) continue;
+ list ($username, $pass) = explode(':', $line);
+ $pwlist[$username] = $pass;
+ }
+
+ # find user by name
+ $usertest = @$pwlist[ strtolower($inuser) ];
+ if (!$usertest) return;
+
+ # verify password
+ $authhash = md5($usertest);
+ if (isset($inpass)) {
+ if (!password_verify($inpass, $usertest)) return;
+ }
+ else {
+ if ($inauth !== $authhash) return;
+ }
+
+ return [
+ 'name' => $inuser,
+ 'admin' => !empty($inuser) && strtolower($inuser) != 'lid',
+ 'auth' => "$inuser:$authhash",
+ ];
+}
+
+if (isset($_COOKIE['login'])) {
+ global $User;
+ $User = login($_COOKIE['login']);
+}