-$ALLOWED = [
- '127.0.0.1',
- '192.168.178.0/24',
- '94.208.83.16', # arie.ziggo
- '83.161.198.138', # shiar.demon
- '145.131.141.219', # shiar@1m
-];
-
-$editable = in_array($_SERVER['REMOTE_ADDR'], $ALLOWED) ?
- $_SERVER['REMOTE_ADDR'] : FALSE;
+global $User, $Admin;
+
+call_user_func(function () {
+ if (isset($_SERVER['PHP_AUTH_USER'])) {
+ $authinfo = [ $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ];
+ }
+ elseif (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
+ // cgi compatibility
+ $authinfo = explode(':' , base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
+ }
+ else {
+ return;
+ }
+
+ $pwdata = file_get_contents(__DIR__.'/.htpasswd');
+ $pwlist = [];
+ foreach (explode("\n", $pwdata) as $line) {
+ if (!$line) continue;
+ list ($username, $pass) = explode(':', $line);
+ $pwlist[$username] = $pass;
+ }
+
+ list ($authname, $authpass) = $authinfo;
+ $usertest = $pwlist[ strtolower($authname) ];
+ if (!$usertest) return;
+
+ $salt = substr($usertest, 0, 2);
+ if (crypt($authpass, $salt) != $usertest) return;
+
+ global $User, $Admin;
+ $User = $authname;
+ $Admin = !empty($User) && $User != 'lid' ? $User : FALSE;
+});