git.shiar.nl
/
minimedit.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
admin: disallow access to unauthorised visitors
[minimedit.git]
/
auth.inc.php
diff --git
a/auth.inc.php
b/auth.inc.php
index ef80ecdab5533200649183c81cc618c554eea2d2..94f0dcc8547f190d5758e7fdad1881a56ce72717 100644
(file)
--- a/
auth.inc.php
+++ b/
auth.inc.php
@@
-7,7
+7,8
@@
function login($inuser, $inpass = NULL)
}
# find password data by user name
}
# find password data by user name
- $pwfile = sprintf('login/%s/.passwd', strtolower($inuser));
+ $userdir = 'login/'.strtolower($inuser);
+ $pwfile = "$userdir/.passwd";
if (!file_exists($pwfile)) return;
$usertest = trim(file_get_contents($pwfile));
if (!$usertest) return;
if (!file_exists($pwfile)) return;
$usertest = trim(file_get_contents($pwfile));
if (!$usertest) return;
@@
-15,7
+16,12
@@
function login($inuser, $inpass = NULL)
# verify password
$authhash = md5($usertest);
if (isset($inpass)) {
# verify password
$authhash = md5($usertest);
if (isset($inpass)) {
- if (!password_verify($inpass, $usertest)) return;
+ if (substr($usertest, 0, 1) == '$') {
+ if (!password_verify($inpass, $usertest)) return;
+ }
+ else {
+ if ($inpass !== $usertest) return;
+ }
}
else {
if ($inauth !== $authhash) return;
}
else {
if ($inauth !== $authhash) return;
@@
-23,9
+29,13
@@
function login($inuser, $inpass = NULL)
if (function_exists('apache_note')) apache_note('user', $inuser);
if (function_exists('apache_note')) apache_note('user', $inuser);
+ if ($log = @fopen("$userdir/last.log", 'w')) {
+ fwrite($log, "{$_SERVER['REMOTE_ADDR']} {$_SERVER['HTTP_USER_AGENT']}\n");
+ }
+
return [
'name' => $inuser,
return [
'name' => $inuser,
- 'admin' =>
!empty($inuser) && strtolower($inuser) != 'lid'
,
+ 'admin' =>
file_exists("$userdir/.admin")
,
'auth' => "$inuser:$authhash",
];
}
'auth' => "$inuser:$authhash",
];
}