login: derive user permissions from .admin file

Replaces site-specific name exceptions.

diff --git a/auth.inc.php b/auth.inc.php
index ef80ecdab5533200649183c81cc618c554eea2d2..b20331ac60ceb15d2f785d0301881e3f1f31b3ce 100644 (file)
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -7,7 +7,8 @@ function login($inuser, $inpass = NULL)
        }
 
        # find password data by user name
-       $pwfile = sprintf('login/%s/.passwd', strtolower($inuser));
+       $userdir = 'login/'.strtolower($inuser);
+       $pwfile = "$userdir/.passwd";
        if (!file_exists($pwfile)) return;
        $usertest = trim(file_get_contents($pwfile));
        if (!$usertest) return;
@@ -25,7 +26,7 @@ function login($inuser, $inpass = NULL)
 
        return [
                'name'  => $inuser,
-               'admin' => !empty($inuser) && strtolower($inuser) != 'lid',
+               'admin' => file_exists("$userdir/.admin"),
                'auth'  => "$inuser:$authhash",
        ];
 }