From 9728cd7e14c36120d5446823ae100cc80512c079 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Mon, 2 Oct 2017 22:24:53 +0200
Subject: [PATCH] login: store passwords in separate user files

Instead of unneeded .htpasswd compatibility, move password hashes into
simple login/$username/.passwd files.
---
 auth.inc.php | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

diff --git a/auth.inc.php b/auth.inc.php
index 363fc71..e849da9 100644
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -6,17 +6,10 @@ function login($inuser, $inpass = NULL)
 		@list ($inuser, $inauth) = explode(':', $inuser, 2);
 	}
 
-	# create pwlist table from htpasswd
-	$pwdata = file_get_contents('./.htpasswd');
-	$pwlist = [];
-	foreach (explode("\n", $pwdata) as $line) {
-		if (!$line) continue;
-		list ($username, $pass) = explode(':', $line);
-		$pwlist[$username] = $pass;
-	}
-
-	# find user by name
-	$usertest = @$pwlist[ strtolower($inuser) ];
+	# find password data by user name
+	$pwfile = sprintf('login/%s/.passwd', strtolower($inuser));
+	if (!file_exists($pwfile)) return;
+	$usertest = trim(file_get_contents($pwfile));
 	if (!$usertest) return;
 
 	# verify password
-- 
2.30.0