X-Git-Url: http://git.shiar.net/minimedit.git/blobdiff_plain/0cc681d32bf51c485d54e49f50dd1d0f74b35974..1428caff970f73f026f1467c7741798ca7c9272c:/auth.inc.php

diff --git a/auth.inc.php b/auth.inc.php
index 94f0dcc..65b7f72 100644
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -1,4 +1,58 @@
 <?php
+date_default_timezone_set('Europe/Amsterdam');
+
+class User
+{
+	function __construct($dir)
+	{
+		if (!file_exists($dir)) {
+			throw new Exception("Gebruiker niet gevonden in $dir");
+		}
+		$this->dir = $dir;
+		$this->login = basename($dir);
+	}
+
+	function __get($col)
+	{
+		return $this->$col = $this->$col();  # run method and cache
+	}
+
+	function rawname()
+	{
+		return rtrim(@file_get_contents("{$this->dir}/name.txt"));
+	}
+
+	function name()
+	{
+		return htmlspecialchars(implode(' & ', explode("\n", $this->rawname)));
+	}
+
+	function admin()
+	{
+		return @file_exists("{$this->dir}/.admin");
+	}
+
+	function seen()
+	{
+		return @filemtime("{$this->dir}/last.log");
+	}
+}
+
+function login_password_verify($input, $test)
+{
+	if (substr($test, 0, 1) != '$') {
+		# plaintext match for uncrypted passwords
+		return $input === $test;
+	}
+	return password_verify($input, $test);
+}
+
+function login_setcookie()
+{
+	global $User;
+	return setcookie('login', $User['auth'], 0, '/');
+}
+
 function login($inuser, $inpass = NULL)
 {
 	if (empty($inuser)) return;
@@ -7,7 +61,7 @@ function login($inuser, $inpass = NULL)
 	}
 
 	# find password data by user name
-	$userdir = 'login/'.strtolower($inuser);
+	$userdir = 'profile/'.preg_replace('/[^a-z0-9]+/', '-', strtolower($inuser));
 	$pwfile = "$userdir/.passwd";
 	if (!file_exists($pwfile)) return;
 	$usertest = trim(file_get_contents($pwfile));
@@ -16,12 +70,7 @@ function login($inuser, $inpass = NULL)
 	# verify password
 	$authhash = md5($usertest);
 	if (isset($inpass)) {
-		if (substr($usertest, 0, 1) == '$') {
-			if (!password_verify($inpass, $usertest)) return;
-		}
-		else {
-			if ($inpass !== $usertest) return;
-		}
+		if (!login_password_verify($inpass, $usertest)) return;
 	}
 	else {
 		if ($inauth !== $authhash) return;
@@ -35,7 +84,9 @@ function login($inuser, $inpass = NULL)
 
 	return [
 		'name'  => $inuser,
+		'dir'   => $userdir,
 		'admin' => file_exists("$userdir/.admin"),
+		'pass'  => $usertest,
 		'auth'  => "$inuser:$authhash",
 	];
 }