From 7e01ee5991abc18d92a8c57e8e0ebe8887a18593 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Mon, 10 Jul 2017 03:36:40 +0200
Subject: [PATCH] edit: emulate ip authentication in php footer

Equivalent to .htaccess rules for SSI foot.inc.html.
---
 foot.inc.php | 35 +++++++++++++++++++++--------------
 1 file changed, 21 insertions(+), 14 deletions(-)

diff --git a/foot.inc.php b/foot.inc.php
index d2ba826..799fb13 100755
--- a/foot.inc.php
+++ b/foot.inc.php
@@ -1,18 +1,13 @@
 </div>
 <hr class="footer" />
 <?php
-if (($notfound = $_SERVER['SCRIPT_NAME'] == '/404.php')) {
-	echo <<<'EOT'
-<script>
-var pagebody = document.getElementsByClassName('article')[0];
-pagebody.innerHTML = '<h2>Nieuwe pagina</h2><p>&nbsp;</p>';
-</script>
-EOT;
-}
-
 define('N', "\n");
 
-$editable = FALSE; // "Beheer toegestaan voor {$_SERVER['REMOTE_ADDR']}:";
+$ALLOWED = [
+	'127.0.0.1',
+];
+$editable = in_array($_SERVER['REMOTE_ADDR'], $ALLOWED) ?
+	$_SERVER['REMOTE_ADDR'] : FALSE;
 
 $curfile = ltrim($_SERVER['SCRIPT_NAME'], '/');
 if (is_executable(__DIR__ . '/' . $curfile)) {
@@ -21,11 +16,23 @@ if (is_executable(__DIR__ . '/' . $curfile)) {
 }
 
 if ($editable) {
+	$edit = preg_match('/[?]edit$/', $_SERVER['REQUEST_URI']);
+
+	if ($edit) {
+		echo '<script src="/ckeditor/ckeditor.js"></script>'.N;
+		echo '<script src="/edit.js"></script>'.N;
+		if (($notfound = $_SERVER['SCRIPT_NAME'] == '/404.php')) {
+			echo <<<'EOT'
+<script>
+var pagebody = document.getElementsByClassName('article')[0];
+pagebody.innerHTML = '<h2>Nieuwe pagina</h2><p>&nbsp;</p>';
+</script>
+EOT;
+		}
+	}
+
 	echo '<p class="footer">'.N;
-	echo $editable.N;
-	echo '<script src="/ckeditor/ckeditor.js"></script>'.N;
-	echo '<script src="/edit.js"></script>'.N;
-	$edit = array_key_exists($_GET['edit']);
+	echo "Beheer toegestaan voor $editable:".N;
 	printf('<a href="?%s">%s</a>'.N,
 		$edit ? '' : 'edit',
 		$edit ? 'lezen' : ($notfound ? 'aanmaken' : 'aanpassen')
-- 
2.30.0