From 97bc8f54b09859842e53d4886234a3b09122ea71 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY
Date: Tue, 12 Sep 2017 23:39:35 +0200
Subject: [PATCH] login: replace http authentication by cookie system
Extend PHP_AUTH/.htpasswd parser to also control input and storage
for complete control. No longer shares Apache access control; should be
replaced if still needed to prevent duplicate login requests.
---
auth.inc.php | 49 ++++++++++++++++++++++++++++---------------------
edit.php | 3 +--
foot.inc.php | 6 +++---
login.php | 32 ++++++++++++++++++++------------
logout.php | 11 -----------
page.inc.php | 2 --
page.php | 5 +++--
7 files changed, 55 insertions(+), 53 deletions(-)
delete mode 100644 logout.php
diff --git a/auth.inc.php b/auth.inc.php
index ecd29b5..363fc71 100755
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -1,19 +1,13 @@
$inuser,
+ 'admin' => !empty($inuser) && strtolower($inuser) != 'lid',
+ 'auth' => "$inuser:$authhash",
+ ];
+}
- global $User, $Admin;
- $User = $authname;
- $Admin = !empty($User) && $User != 'lid' ? $User : FALSE;
-});
+if (isset($_COOKIE['login'])) {
+ global $User;
+ $User = login($_COOKIE['login']);
+}
diff --git a/edit.php b/edit.php
index fe80528..01d83df 100755
--- a/edit.php
+++ b/edit.php
@@ -5,8 +5,7 @@ function abort($status, $body) {
exit;
}
-require 'auth.inc.php';
-if (!$Admin)
+if (!$User['admin'])
abort('401 unauthorised', "geen beheersrechten");
if (!$_POST)
diff --git a/foot.inc.php b/foot.inc.php
index a7f52d6..493dcc9 100755
--- a/foot.inc.php
+++ b/foot.inc.php
@@ -2,9 +2,9 @@
'.N;
- echo "Beheer toegestaan voor $User:".N;
+ echo "Beheer toegestaan voor {$User['name']}:".N;
printf('%s'.N,
$Edit ? '' : 'edit',
$Edit ? 'lezen' : ($notfound ? 'aanmaken' : 'aanpassen')
diff --git a/login.php b/login.php
index eb09f8a..042dea9 100644
--- a/login.php
+++ b/login.php
@@ -1,17 +1,25 @@
+Inloggen
+
Ongeldige gebruikersnaam of wachtwoord.
'."\n\n";
+}
+elseif ($User) {
+ setcookie('login', '', time(), '/'); # expire immediately
+ echo 'Uitgelogd.
'."\n\n";
}
-include 'head.inc.php';
?>
-
-Sitebeheer
-
-
-Welkom, je bent ingelogd als . Onderaan elke pagina staat een link om inhoud aan te passen.
-
-
+
diff --git a/logout.php b/logout.php
deleted file mode 100644
index 112bb9b..0000000
--- a/logout.php
+++ /dev/null
@@ -1,11 +0,0 @@
-
-Niet ingelogd
-Voor sitebeheer moet worden ingelogd met een gerechtigde gebruiker.
-
diff --git a/page.inc.php b/page.inc.php
index b3fa5f7..dcb0573 100644
--- a/page.inc.php
+++ b/page.inc.php
@@ -15,8 +15,6 @@ print "\n\n";
print ''."\n\n";
-include_once 'auth.inc.php';
-
register_shutdown_function(function () {
print "
\n\n";
include 'foot.inc.php';
diff --git a/page.php b/page.php
index c888524..f6088dd 100644
--- a/page.php
+++ b/page.php
@@ -2,6 +2,9 @@
error_reporting(E_ALL);
ini_set('display_errors', TRUE);
+include_once 'auth.inc.php';
+$Edit = isset($_GET['edit']);
+
$Args = '';
$Page = preg_replace('/\?.*/', '', $_SERVER['REQUEST_URI']);
$Page = urldecode(trim($Page, '/')) ?: 'index';
@@ -29,6 +32,4 @@ while (TRUE) {
$Page = substr($Page, 0, $up);
}
-$Edit = isset($_GET['edit']);
-
include 'page.inc.php';
--
2.30.0