X-Git-Url: http://git.shiar.nl/minimedit.git/blobdiff_plain/28b42031be26e959ff042fdf6fc58ca0c66ccb40..d96dbe100e37df1b93bb1ba531824fc6336cd32c:/auth.inc.php?ds=sidebyside

diff --git a/auth.inc.php b/auth.inc.php
index ef80ecd..94f0dcc 100644
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -7,7 +7,8 @@ function login($inuser, $inpass = NULL)
 	}
 
 	# find password data by user name
-	$pwfile = sprintf('login/%s/.passwd', strtolower($inuser));
+	$userdir = 'login/'.strtolower($inuser);
+	$pwfile = "$userdir/.passwd";
 	if (!file_exists($pwfile)) return;
 	$usertest = trim(file_get_contents($pwfile));
 	if (!$usertest) return;
@@ -15,7 +16,12 @@ function login($inuser, $inpass = NULL)
 	# verify password
 	$authhash = md5($usertest);
 	if (isset($inpass)) {
-		if (!password_verify($inpass, $usertest)) return;
+		if (substr($usertest, 0, 1) == '$') {
+			if (!password_verify($inpass, $usertest)) return;
+		}
+		else {
+			if ($inpass !== $usertest) return;
+		}
 	}
 	else {
 		if ($inauth !== $authhash) return;
@@ -23,9 +29,13 @@ function login($inuser, $inpass = NULL)
 
 	if (function_exists('apache_note')) apache_note('user', $inuser);
 
+	if ($log = @fopen("$userdir/last.log", 'w')) {
+		fwrite($log, "{$_SERVER['REMOTE_ADDR']} {$_SERVER['HTTP_USER_AGENT']}\n");
+	}
+
 	return [
 		'name'  => $inuser,
-		'admin' => !empty($inuser) && strtolower($inuser) != 'lid',
+		'admin' => file_exists("$userdir/.admin"),
 		'auth'  => "$inuser:$authhash",
 	];
 }