page: move client authentication to php include

diff --git a/auth.inc.php b/auth.inc.php
new file mode 100755 (executable)
index 0000000..1a72379
--- /dev/null
+++ b/auth.inc.php
@@ -0,0 +1,12 @@
+<?php
+$ALLOWED = [
+       '127.0.0.1',
+       '192.168.178.0/24',
+       '94.208.83.16', # arie.ziggo
+       '83.161.198.138', # shiar.demon
+       '145.131.141.219', # shiar@1m
+];
+
+$editable = in_array($_SERVER['REMOTE_ADDR'], $ALLOWED) ?
+       $_SERVER['REMOTE_ADDR'] : FALSE;
+

diff --git a/edit.php b/edit.php
index 12859595de865444baf29dd94a8f1eaa1b61ca57..9532e423e202291aa469397567f4a3246b90cc05 100755 (executable)
--- a/edit.php
+++ b/edit.php
@@ -5,6 +5,10 @@ function abort($status, $body) {
        exit;
 }
 
+require 'auth.inc.php';
+if (!$editable)
+       abort('401 unauthorised', "geen beheersrechten");
+
 if (!$_POST)
        abort('405 post error', "niets te doen");
 if (!isset($_SERVER['PATH_INFO']) or strlen($_SERVER['PATH_INFO']) <= 1)

diff --git a/foot.inc.php b/foot.inc.php
index 799fb133ed688cce2dc91c77f921ebeb25ffb9ef..586d6a84353cb3a34b54f01c9f6717cabaaae41f 100755 (executable)
--- a/foot.inc.php
+++ b/foot.inc.php
@@ -3,12 +3,6 @@
 <?php
 define('N', "\n");
 
-$ALLOWED = [
-       '127.0.0.1',
-];
-$editable = in_array($_SERVER['REMOTE_ADDR'], $ALLOWED) ?
-       $_SERVER['REMOTE_ADDR'] : FALSE;
-
 $curfile = ltrim($_SERVER['SCRIPT_NAME'], '/');
 if (is_executable(__DIR__ . '/' . $curfile)) {
        // dynamic code is +x