From 75cf05006c9d77d01def2fe8688b3f6a503096b4 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Tue, 19 Sep 2017 02:49:16 +0200
Subject: [PATCH 01/16] page: omit edit link if unwritable

---
 page.inc.php | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/page.inc.php b/page.inc.php
index 9d49fad..7c8e191 100644
--- a/page.inc.php
+++ b/page.inc.php
@@ -11,7 +11,18 @@ if (isset($User)) {
 	print '<div class="login"><p>';
 	printf('<span>Ingelogd: <b>%s</b></span>', $User['name']);
 	if ($User['admin']) {
-		print ' <a href="#edit">Wijzig</a>';
+		$editpage = $Page.$Args;
+		if (is_dir($editpage)) {
+			if (file_exists("$editpage/index.html")) {
+				$editpage .= '/index.html';
+			}
+		}
+		else {
+			$editpage .= '.html';
+		}
+		if (is_writable($editpage)) {
+			print ' <a href="#edit">Wijzig</a>';
+		}
 	}
 	print "</p></div>\n";
 }
-- 
2.30.0


From 7a2a2ab4cdcf8d276a1c0e5797381e0619b5d922 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Thu, 28 Sep 2017 02:47:51 +0200
Subject: [PATCH 02/16] edit: copy page stylesheet for ckeditor contents

Replace hardcoded link specific to Excelsior by a generic solution.
---
 edit.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/edit.js b/edit.js
index 21028dc..3fd8230 100644
--- a/edit.js
+++ b/edit.js
@@ -54,7 +54,7 @@ CKEDITOR.on('instanceCreated', function (event) {
 		config.entities = false; // keep unicode
 		config.filebrowserImageUploadUrl = '/edit?type=img';
 		config.forcePasteAsPlainText = true;
-		config.contentsCss = '/excelsior.css';
+		config.contentsCss = document.styleSheets[0].href;
 		config.toolbar = [
 			['Inlinesave', '-', 'ShowBlocks', 'Sourcedialog', '-', 'Undo', 'Redo'],
 			['Format'],
-- 
2.30.0


From cabf3de4ee3cfb325e91a5e043231c2523e0169f Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Thu, 28 Sep 2017 03:16:07 +0200
Subject: [PATCH 03/16] edit: drop rare options from ckeditor toolbar

- ShowBlocks not really interesting for simple structures; would be useful
  for floating sections but these aren't supported.
- Anchor once used for article links, replaced by proper pages.
- RemoveFormat now done automatically on paste.
- Sourcedialog reordered at end since it's a last resort.
---
 edit.js | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/edit.js b/edit.js
index 3fd8230..120b68f 100644
--- a/edit.js
+++ b/edit.js
@@ -56,11 +56,11 @@ CKEDITOR.on('instanceCreated', function (event) {
 		config.forcePasteAsPlainText = true;
 		config.contentsCss = document.styleSheets[0].href;
 		config.toolbar = [
-			['Inlinesave', '-', 'ShowBlocks', 'Sourcedialog', '-', 'Undo', 'Redo'],
-			['Format'],
-			['BulletedList', 'NumberedList', '-', 'Blockquote'],
-			['Bold', 'Italic', 'Underline', 'Strike', 'RemoveFormat', '-', 'Anchor', 'Link'],
-			['HorizontalRule', 'Table', 'Image', 'CreatePlaceholder'],
+			['Inlinesave', '-', 'Undo', 'Redo'],
+			['Format', 'BulletedList', 'NumberedList', 'Blockquote'],
+			['Bold', 'Italic', 'Link', '-', 'Underline', 'Strike'],
+			['HorizontalRule', 'Table', 'Image'],
+			['CreatePlaceholder', 'Sourcedialog'],
 		];
 		config.toolbarCanCollapse = true;
 		config.floatSpacePreferRight = true;
-- 
2.30.0


From 00820b03988a807d1281954479fda6b4669104a9 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Thu, 28 Sep 2017 04:01:34 +0200
Subject: [PATCH 04/16] edit: drop underline/strike from ckeditor toolbar

Should be used to mark insertions and deletions, but probably too technical
to warrant an accessible spot.
---
 edit.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/edit.js b/edit.js
index 120b68f..34eb707 100644
--- a/edit.js
+++ b/edit.js
@@ -58,7 +58,7 @@ CKEDITOR.on('instanceCreated', function (event) {
 		config.toolbar = [
 			['Inlinesave', '-', 'Undo', 'Redo'],
 			['Format', 'BulletedList', 'NumberedList', 'Blockquote'],
-			['Bold', 'Italic', 'Link', '-', 'Underline', 'Strike'],
+			['Bold', 'Italic', 'Link'],
 			['HorizontalRule', 'Table', 'Image'],
 			['CreatePlaceholder', 'Sourcedialog'],
 		];
-- 
2.30.0


From 808fb7096b76ddcfb20cd3afdcae5f1c1c700934 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Thu, 28 Sep 2017 03:40:05 +0200
Subject: [PATCH 05/16] edit: replace save confirmation by page close
 protection

Warn about exceptional unsaved changes (save pending or forgotten),
not about common save results.
---
 edit.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/edit.js b/edit.js
index 34eb707..dfa4a6d 100644
--- a/edit.js
+++ b/edit.js
@@ -19,7 +19,7 @@ CKEDITOR.plugins.add('inlinesave', {
 					if (ajaxpost.status != 200)
 						alert('Foutcode '+ajaxpost.status+' bij opslaan: '+ajaxpost.responseText);
 					else
-						alert('Pagina is goed opgeslagen');
+						editor.resetDirty();
 				};
 				ajaxpost.send(data);
 			},
@@ -70,6 +70,12 @@ CKEDITOR.on('instanceCreated', function (event) {
 		config.disableObjectResizing = true;
 		document.execCommand('enableObjectResizing', false, false); // workaround in inline mode; ff bug?
 	});
+
+	window.onbeforeunload = function () {
+		if (editor.checkDirty()) {
+			return 'Pagina verlaten zonder wijzigingen op te slaan?'; // message ignored in modern browsers
+		}
+	};
 });
 
 	CKEDITOR.disableAutoInline = true;
-- 
2.30.0


From bd83adaa7865fbcbbc1fc4c497331e2a3ddceb37 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Fri, 29 Sep 2017 13:06:04 +0200
Subject: [PATCH 06/16] edit: paste limited html, enforce filter on all events

Recent feature for more advanced restrictions, allowing rich text without
unwanted styling attributes.  Unfortunately, the filter is not applied for
"internal" sources which apparently includes Word in Linux, so manually
execute for any contaminated contents.
---
 edit.js | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/edit.js b/edit.js
index dfa4a6d..6dcb705 100644
--- a/edit.js
+++ b/edit.js
@@ -45,6 +45,21 @@ CKEDITOR.on('dialogDefinition', function (event) {
 
 CKEDITOR.on('instanceCreated', function (event) {
 	var editor = event.editor;
+	var pastefilter = 'h2 h3 p ul ol li blockquote em i strong b; a[!href]; img[alt,!src]';
+
+	editor.on('paste', function (e) {
+		var html = e.data.dataValue;
+		if (!/<[^>]* style="/.test(html) && !/<font/.test(html)) return;
+
+		// force pasteFilter on contents containing styling attributes
+		var filter = new CKEDITOR.filter(pastefilter),
+			fragment = CKEDITOR.htmlParser.fragment.fromHtml(html),
+			writer = new CKEDITOR.htmlParser.basicWriter();
+		filter.applyTo(fragment);
+		fragment.writeHtml(writer);
+		e.data.dataValue = writer.getHtml();
+	});
+
 	editor.on('configLoaded', function () {
 		var config = editor.config;
 		config.language = 'nl';
@@ -53,7 +68,7 @@ CKEDITOR.on('instanceCreated', function (event) {
 		config.allowedContent = true;
 		config.entities = false; // keep unicode
 		config.filebrowserImageUploadUrl = '/edit?type=img';
-		config.forcePasteAsPlainText = true;
+		config.pasteFilter = pastefilter;
 		config.contentsCss = document.styleSheets[0].href;
 		config.toolbar = [
 			['Inlinesave', '-', 'Undo', 'Redo'],
-- 
2.30.0


From ddc29b7c0d1f50edcbb469d62000d747d8c5868d Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Fri, 29 Sep 2017 13:11:10 +0200
Subject: [PATCH 07/16] edit: replace double linebreaks by paragraphs

Works within lists, so currently the only workaround in CKEditor to create
multiple paragraphs for a list item.
---
 edit.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/edit.js b/edit.js
index 6dcb705..439fb97 100644
--- a/edit.js
+++ b/edit.js
@@ -3,7 +3,9 @@ CKEDITOR.plugins.add('inlinesave', {
 		editor.addCommand( 'inlinesave', {
 			exec: function (editor) {
 				var pagename = window.location.pathname.replace(/\/$/, '/index');
-				var body = editor.getData().replace(/^(\t*).{73,}/mg, function (line, indent) {
+				var body = editor.getData();
+				body = body.replace(/<br \/>\s*<br \/>/g, '<p>');
+				body = body.replace(/^(\t*).{73,}/mg, function (line, indent) {
 					// wrap long line after each sentence
 					var dots = '(?:.{24,72}|.{73,}?)'; // chars before punctuation
 					var wrap = new RegExp('('+dots+'[.;:!?]) (?=[A-Z(<])', 'g'); // separate lines
-- 
2.30.0


From bddab8a1806955f0302bfc57a7c0ad7070b95295 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Fri, 29 Sep 2017 14:02:14 +0200
Subject: [PATCH 08/16] edit: extend abort() to output success messages

---
 edit.php | 29 ++++++++++++++---------------
 1 file changed, 14 insertions(+), 15 deletions(-)

diff --git a/edit.php b/edit.php
index 3b280ee..1b81ccf 100644
--- a/edit.php
+++ b/edit.php
@@ -1,44 +1,43 @@
 <?php
 ob_clean();
 
-function abort($status, $body) {
-	header("HTTP/1.1 $status");
+function abort($body, $status = NULL) {
+	if ($status) header("HTTP/1.1 $status");
 	print "$body\n";
 	exit;
 }
 
 if (!@$User['admin'])
-	abort('401 unauthorised', "geen beheersrechten");
+	abort("geen beheersrechten", '401 unauthorised');
 
 if (!$_POST)
-	abort('405 post error', "niets te doen");
-if (!isset($_SERVER['PATH_INFO']) or strlen($_SERVER['PATH_INFO']) <= 1)
-	abort('409 input error', "geen bestand aangeleverd");
+	abort("niets te doen", '405 post error');
+if (!$Args)
+	abort("geen bestand aangeleverd", '409 input error');
 
 $filename = ltrim($Args, '/').'.html';
 if (preg_match('{^\.}', $filename))
-	abort('403 input error', "ongeldige bestandsnaam: $filename");
+	abort("ongeldige bestandsnaam: $filename", '403 input error');
 if (file_exists($filename) and !is_writable($filename))
-	abort('403 input error', "onwijzigbaar bestand: $filename");
+	abort("onwijzigbaar bestand: $filename", '403 input error');
 
 if (!isset($_POST['body']))
-	abort('409 input error', "geen inhoud aangeleverd");
+	abort("geen inhoud aangeleverd", '409 input error');
 
 $upload = $_POST['body'];
 
 if (!strlen($upload)) {
 	if (file_exists($filename) and !unlink($filename))
-		abort('500 delete error', "fout bij het verwijderen van $filename");
+		abort("fout bij het verwijderen van $filename", '500 delete error');
 
-	print "Bestand verwijderd";
-	exit;
+	abort("Bestand verwijderd");
 }
 
 if (!file_exists(dirname($filename)) and !mkdir(dirname($filename)))
-	abort('500 save error', "fout bij aanmaken van map voor $filename");
+	abort("fout bij aanmaken van map voor $filename", '500 save error');
 
 if (!file_put_contents($filename, $upload))
-	abort('500 save error', "fout bij schrijven van $filename");
+	abort("fout bij schrijven van $filename", '500 save error');
 
-print "Bestand opgeslagen";
+abort("Bestand opgeslagen");
 
-- 
2.30.0


From dc806dabbc23a621995133538a77d907b66cc465 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Fri, 29 Sep 2017 14:08:26 +0200
Subject: [PATCH 09/16] edit: store file uploads to data/$year/

---
 edit.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/edit.php b/edit.php
index 1b81ccf..75b80b3 100644
--- a/edit.php
+++ b/edit.php
@@ -10,6 +10,17 @@ function abort($body, $status = NULL) {
 if (!@$User['admin'])
 	abort("geen beheersrechten", '401 unauthorised');
 
+if ($_FILES) {
+	$img = @$_FILES['upload'];
+	if (!$img or $img['error'] !== UPLOAD_ERR_OK)
+		abort('bestand niet goed ontvangen: '.$img['error'], '409 upload error');
+
+	$datadir = 'data/' . date('Y');
+	$target = $datadir.'/'.$img['name'];
+	move_uploaded_file($img['tmp_name'], $target);
+	abort($target);
+}
+
 if (!$_POST)
 	abort("niets te doen", '405 post error');
 if (!$Args)
-- 
2.30.0


From 87ae71d836e57d6952f4c11ee6ffc02a79d8bdf7 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Fri, 29 Sep 2017 14:11:11 +0200
Subject: [PATCH 10/16] edit: enable image uploads in ckeditor

---
 edit.js  |  2 +-
 edit.php | 12 +++++++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/edit.js b/edit.js
index 439fb97..049bbd0 100644
--- a/edit.js
+++ b/edit.js
@@ -69,7 +69,7 @@ CKEDITOR.on('instanceCreated', function (event) {
 		config.format_tags = 'h2;h3;h4;p';
 		config.allowedContent = true;
 		config.entities = false; // keep unicode
-		config.filebrowserImageUploadUrl = '/edit?type=img';
+		config.filebrowserImageUploadUrl = '/edit?output=ckescript';
 		config.pasteFilter = pastefilter;
 		config.contentsCss = document.styleSheets[0].href;
 		config.toolbar = [
diff --git a/edit.php b/edit.php
index 75b80b3..ca9639c 100644
--- a/edit.php
+++ b/edit.php
@@ -18,7 +18,17 @@ if ($_FILES) {
 	$datadir = 'data/' . date('Y');
 	$target = $datadir.'/'.$img['name'];
 	move_uploaded_file($img['tmp_name'], $target);
-	abort($target);
+
+	switch (@$_GET['output']) {
+	case 'ckescript':
+		printf('<script>window.parent.CKEDITOR.tools.callFunction(%s)</script>',
+			"{$_GET['CKEditorFuncNum']}, '$target'"
+		);
+		break;
+	default:
+		abort($target);
+	}
+	exit;
 }
 
 if (!$_POST)
-- 
2.30.0


From 47fdce547d48fe80bcaac1495bf12c7450a1380e Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Mon, 2 Oct 2017 02:12:00 +0200
Subject: [PATCH 11/16] page: override request by given script path

Support direct requests of page.php/path for internal redirects.
---
 .htaccess | 2 +-
 page.php  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.htaccess b/.htaccess
index ef206d7..84f6a8d 100644
--- a/.htaccess
+++ b/.htaccess
@@ -3,4 +3,4 @@ RewriteBase    /
 
 # common php handler
 RewriteCond    %{REQUEST_FILENAME} !-f
-RewriteRule '' page.php%{REQUEST_FILENAME} [L]
+RewriteRule '' page.php [L]
diff --git a/page.php b/page.php
index 6623c8b..21cc0a0 100644
--- a/page.php
+++ b/page.php
@@ -56,7 +56,7 @@ $Edit = isset($_GET['edit']);
 # distinguish subpage Args from topmost Page script
 
 $Args = '';
-$Page = preg_replace('/\?.*/', '', $_SERVER['REQUEST_URI']);
+$Page = preg_replace('/\?.*/', '', @$_SERVER['PATH_INFO'] ?: $_SERVER['REQUEST_URI']);
 $Page = urldecode(trim($Page, '/')) ?: 'index';
 while (TRUE) {
 	if (file_exists("$Page/.private")) {
-- 
2.30.0


From 39cb639d9e5a8cc13319ddf590569fd3f0c68e3d Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Mon, 2 Oct 2017 21:59:12 +0200
Subject: [PATCH 12/16] login: move title to static page

Allows custom introduction.
---
 login.html | 2 ++
 login.php  | 6 +-----
 2 files changed, 3 insertions(+), 5 deletions(-)
 create mode 100644 login.html

diff --git a/login.html b/login.html
new file mode 100644
index 0000000..9d01ca6
--- /dev/null
+++ b/login.html
@@ -0,0 +1,2 @@
+<h2>Inloggen</h2>
+
diff --git a/login.php b/login.php
index db276d1..c9a60e3 100644
--- a/login.php
+++ b/login.php
@@ -1,13 +1,9 @@
-<?php
-include 'page.inc.php';
-?>
-<h2>Inloggen</h2>
-
 <?php
 if (isset($_POST['login'])) {
 	if ($user = login($_POST['login'], $_POST['pass'])) {
 		setcookie('login', $user['auth'], 0, '/');
 
+		ob_clean();
 		$target = ltrim(@$_GET['goto'], '/');
 		header("Location: /$target");
 		http_response_code(302);
-- 
2.30.0


From 31c579d01b42a898bae845825f41f92e19c588e2 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Sun, 17 Sep 2017 02:46:13 +0200
Subject: [PATCH 13/16] login: show user after login; explicit option for
 logout

---
 login.php | 38 +++++++++++++++++++++++++++-----------
 1 file changed, 27 insertions(+), 11 deletions(-)

diff --git a/login.php b/login.php
index c9a60e3..bcb1edc 100644
--- a/login.php
+++ b/login.php
@@ -1,25 +1,41 @@
 <?php
 if (isset($_POST['login'])) {
-	if ($user = login($_POST['login'], $_POST['pass'])) {
-		setcookie('login', $user['auth'], 0, '/');
-
-		ob_clean();
-		$target = ltrim(@$_GET['goto'], '/');
-		header("Location: /$target");
-		http_response_code(302);
-		exit;
+	if ($User = login($_POST['login'], $_POST['pass'])) {
+		setcookie('login', $User['auth'], 0, '/');
+	}
+	else {
+		echo '<p class="warn">Ongeldige gebruikersnaam of wachtwoord.</p>'."\n\n";
 	}
-
-	echo '<p class="warn">Ongeldige gebruikersnaam of wachtwoord.</p>'."\n\n";
 }
-elseif (!empty($User)) {
+elseif (isset($_GET['logout'])) {
 	setcookie('login', '', time(), '/'); # expire immediately
+	$User = NULL;
 	echo '<p class="warn">Uitgelogd.</p>'."\n\n";
 }
 
+if (isset($_GET['goto']) and isset($User)) {
+	ob_clean();
+	$target = ltrim($_GET['goto'], '/');
+	header("Location: /$target");
+	http_response_code(302);
+	exit;
+}
+
+if (empty($User)) {
 ?>
 <form action="" method="post">
 	<input id="login" name="login" placeholder="Huisnummer" />
 	<input id="pass" name="pass" type="password" value="" placeholder="Wachtwoord" />
 	<input type="submit" value="Log in" />
 </form>
+<?php
+	return;
+}
+
+ob_clean();
+?>
+<h2>Ingelogd</h2>
+
+<p>Ingelogd als <em><?php print $User['name']; ?></em>.</p>
+
+<p class="nav"><a href="?logout">Uitloggen</a></p>
-- 
2.30.0


From 9728cd7e14c36120d5446823ae100cc80512c079 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Mon, 2 Oct 2017 22:24:53 +0200
Subject: [PATCH 14/16] login: store passwords in separate user files

Instead of unneeded .htpasswd compatibility, move password hashes into
simple login/$username/.passwd files.
---
 auth.inc.php | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

diff --git a/auth.inc.php b/auth.inc.php
index 363fc71..e849da9 100644
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -6,17 +6,10 @@ function login($inuser, $inpass = NULL)
 		@list ($inuser, $inauth) = explode(':', $inuser, 2);
 	}
 
-	# create pwlist table from htpasswd
-	$pwdata = file_get_contents('./.htpasswd');
-	$pwlist = [];
-	foreach (explode("\n", $pwdata) as $line) {
-		if (!$line) continue;
-		list ($username, $pass) = explode(':', $line);
-		$pwlist[$username] = $pass;
-	}
-
-	# find user by name
-	$usertest = @$pwlist[ strtolower($inuser) ];
+	# find password data by user name
+	$pwfile = sprintf('login/%s/.passwd', strtolower($inuser));
+	if (!file_exists($pwfile)) return;
+	$usertest = trim(file_get_contents($pwfile));
 	if (!$usertest) return;
 
 	# verify password
-- 
2.30.0


From b0f3e308adce286c376aeed8f0685c9e6a138af5 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Mon, 2 Oct 2017 22:38:19 +0200
Subject: [PATCH 15/16] login: separate include for unauthorised form

Static page for user contents to match edit.
---
 login.html    |  2 +-
 login.inc.php | 12 ++++++++++++
 login.php     | 21 +++++++--------------
 3 files changed, 20 insertions(+), 15 deletions(-)
 create mode 100644 login.inc.php

diff --git a/login.html b/login.html
index 9d01ca6..b29920d 100644
--- a/login.html
+++ b/login.html
@@ -1,2 +1,2 @@
-<h2>Inloggen</h2>
+<h2>Ingelogd</h2>
 
diff --git a/login.inc.php b/login.inc.php
new file mode 100644
index 0000000..69607df
--- /dev/null
+++ b/login.inc.php
@@ -0,0 +1,12 @@
+<h2>Inloggen</h2>
+
+<?php
+if (isset($message)) {
+	printf('<p class="warn">%s</p>'."\n\n", $message);
+}
+?>
+<form action="" method="post">
+	<input id="login" name="login" placeholder="Huisnummer" />
+	<input id="pass" name="pass" type="password" value="" placeholder="Wachtwoord" />
+	<input type="submit" value="Log in" />
+</form>
diff --git a/login.php b/login.php
index bcb1edc..3b59064 100644
--- a/login.php
+++ b/login.php
@@ -1,16 +1,18 @@
 <?php
+$message = NULL;
+
 if (isset($_POST['login'])) {
 	if ($User = login($_POST['login'], $_POST['pass'])) {
 		setcookie('login', $User['auth'], 0, '/');
 	}
 	else {
-		echo '<p class="warn">Ongeldige gebruikersnaam of wachtwoord.</p>'."\n\n";
+		$message = 'Ongeldige gebruikersnaam of wachtwoord.';
 	}
 }
 elseif (isset($_GET['logout'])) {
 	setcookie('login', '', time(), '/'); # expire immediately
 	$User = NULL;
-	echo '<p class="warn">Uitgelogd.</p>'."\n\n";
+	$message = 'Uitgelogd.';
 }
 
 if (isset($_GET['goto']) and isset($User)) {
@@ -22,20 +24,11 @@ if (isset($_GET['goto']) and isset($User)) {
 }
 
 if (empty($User)) {
-?>
-<form action="" method="post">
-	<input id="login" name="login" placeholder="Huisnummer" />
-	<input id="pass" name="pass" type="password" value="" placeholder="Wachtwoord" />
-	<input type="submit" value="Log in" />
-</form>
-<?php
-	return;
+	ob_clean();
+	require_once 'login.inc.php';
+	return TRUE;
 }
-
-ob_clean();
 ?>
-<h2>Ingelogd</h2>
-
 <p>Ingelogd als <em><?php print $User['name']; ?></em>.</p>
 
 <p class="nav"><a href="?logout">Uitloggen</a></p>
-- 
2.30.0


From 5d12bd9eb6674e9101a6a89c1b7a78ac1940fe6e Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Mon, 2 Oct 2017 22:45:09 +0200
Subject: [PATCH 16/16] page: link user name in header bar to login page

Feature logout option.
---
 page.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/page.inc.php b/page.inc.php
index 7c8e191..393d614 100644
--- a/page.inc.php
+++ b/page.inc.php
@@ -9,7 +9,7 @@ include DOCROOT.'menu.html';
 ob_start();
 if (isset($User)) {
 	print '<div class="login"><p>';
-	printf('<span>Ingelogd: <b>%s</b></span>', $User['name']);
+	printf('<span>Ingelogd: <b><a href="%s">%s</a></b></span>', '/login', $User['name']);
 	if ($User['admin']) {
 		$editpage = $Page.$Args;
 		if (is_dir($editpage)) {
-- 
2.30.0