<?php
-global $User, $Admin;
-
-call_user_func(function () {
- if (isset($_SERVER['PHP_AUTH_USER'])) {
- $authinfo = [ $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ];
- }
- elseif (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
- // cgi compatibility
- $authinfo = explode(':' , base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
- }
- else {
- return;
+function login($inuser, $inpass = NULL)
+{
+ if (empty($inuser)) return;
+ if (!isset($inpass)) {
+ @list ($inuser, $inauth) = explode(':', $inuser, 2);
}
- $pwdata = file_get_contents(__DIR__.'/.htpasswd');
+ # create pwlist table from htpasswd
+ $pwdata = file_get_contents('./.htpasswd');
$pwlist = [];
foreach (explode("\n", $pwdata) as $line) {
if (!$line) continue;
$pwlist[$username] = $pass;
}
- list ($authname, $authpass) = $authinfo;
- $usertest = $pwlist[ strtolower($authname) ];
+ # find user by name
+ $usertest = @$pwlist[ strtolower($inuser) ];
if (!$usertest) return;
- $salt = substr($usertest, 0, 2);
- if (crypt($authpass, $salt) != $usertest) return;
+ # verify password
+ $authhash = md5($usertest);
+ if (isset($inpass)) {
+ if (!password_verify($inpass, $usertest)) return;
+ }
+ else {
+ if ($inauth !== $authhash) return;
+ }
+
+ return [
+ 'name' => $inuser,
+ 'admin' => !empty($inuser) && strtolower($inuser) != 'lid',
+ 'auth' => "$inuser:$authhash",
+ ];
+}
- global $User, $Admin;
- $User = $authname;
- $Admin = !empty($User) && $User != 'lid' ? $User : FALSE;
-});
+if (isset($_COOKIE['login'])) {
+ global $User;
+ $User = login($_COOKIE['login']);
+}
exit;
}
-require 'auth.inc.php';
-if (!$Admin)
+if (!$User['admin'])
abort('401 unauthorised', "geen beheersrechten");
if (!$_POST)
<?php
define('N', "\n");
-global $Page, $User, $Admin, $Edit;
+global $Page, $User, $Edit;
-if ($Admin) {
+if ($User['admin']) {
$notfound = $Page == '404';
if ($Edit) {
}
echo '<p class="footer">'.N;
- echo "Beheer toegestaan voor $User:".N;
+ echo "Beheer toegestaan voor {$User['name']}:".N;
printf('<a href="?%s">%s</a>'.N,
$Edit ? '' : 'edit',
$Edit ? 'lezen' : ($notfound ? 'aanmaken' : 'aanpassen')
+<h2>Inloggen</h2>
+
<?php
-require 'auth.inc.php';
+if (isset($_POST['login'])) {
+ if ($user = login($_POST['login'], $_POST['pass'])) {
+ setcookie('login', $user['auth'], 0, '/');
+
+ header("Location: /"); //TODO: goto
+ http_response_code(302);
+ exit;
+ }
-if (!$Admin) {
- require 'logout.php';
- exit;
+ echo '<p class="warn">Ongeldige gebruikersnaam of wachtwoord.</p>'."\n\n";
+}
+elseif ($User) {
+ setcookie('login', '', time(), '/'); # expire immediately
+ echo '<p class="warn">Uitgelogd.</p>'."\n\n";
}
-include 'head.inc.php';
?>
-
-<h2>Sitebeheer</h2>
-
-<p>
-Welkom, je bent ingelogd als <em><?php echo $User; ?></em>. Onderaan elke pagina staat een link om inhoud aan te passen.
-</p>
-
+<form action="" method="post">
+ <input id="login" name="login" placeholder="Huisnummer" />
+ <input id="pass" name="pass" type="password" value="" placeholder="Wachtwoord" />
+ <input type="submit" value="Log in" />
+</form>
+++ /dev/null
-<?php
-header('WWW-Authenticate: Basic realm=""');
-http_response_code(401);
-
-// fallback page shown on authentication failure
-include 'head.inc.php';
-$Admin = $User = FALSE; // ignore old user headers
-?>
-<h2>Niet ingelogd</h2>
-<p>Voor sitebeheer moet worden ingelogd met een gerechtigde gebruiker.</p>
-
print '<div class="article">'."\n\n";
-include_once 'auth.inc.php';
-
register_shutdown_function(function () {
print "</div>\n\n";
include 'foot.inc.php';
error_reporting(E_ALL);
ini_set('display_errors', TRUE);
+include_once 'auth.inc.php';
+$Edit = isset($_GET['edit']);
+
$Args = '';
$Page = preg_replace('/\?.*/', '', $_SERVER['REQUEST_URI']);
$Page = urldecode(trim($Page, '/')) ?: 'index';
$Page = substr($Page, 0, $up);
}
-$Edit = isset($_GET['edit']);
-
include 'page.inc.php';