X-Git-Url: http://git.shiar.nl/minimedit.git/blobdiff_plain/59d16d1daa1748a056efc2317510fd3d541b7144..fb2049da3dfd9814498bb2ab0cb673b6260f4bc5:/auth.inc.php

diff --git a/auth.inc.php b/auth.inc.php
old mode 100755
new mode 100644
index 6a5d1d2..52cd4c1
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -1,38 +1,105 @@
 <?php
-global $User, $editable;
-$User = FALSE;
+date_default_timezone_set('Europe/Amsterdam');
 
-function Auth() {
-	if (isset($_SERVER['PHP_AUTH_USER'])) {
-		$authinfo = [ $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ];
+class User
+{
+	function __construct($dir)
+	{
+		if (!file_exists($dir)) {
+			throw new Exception("Gebruiker niet gevonden in $dir");
+		}
+		$this->dir = $dir;
+		$this->login = basename($dir);
 	}
-	elseif (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
-		// cgi compatibility
-		$authinfo = explode(':' , base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
+
+	function __get($col)
+	{
+		return $this->$col = $this->$col();  # run method and cache
 	}
-	else {
-		return;
+
+	function rawname()
+	{
+		return rtrim(@file_get_contents("{$this->dir}/name.txt"));
 	}
 
-	$pwdata = file_get_contents(__DIR__.'/.htpasswd');
-	$pwlist = [];
-	foreach (explode("\n", $pwdata) as $line) {
-		if (!$line) continue;
-		list ($username, $pass) = explode(':', $line);
-		$pwlist[$username] = $pass;
+	function name()
+	{
+		return htmlspecialchars(implode(' & ', explode("\n", $this->rawname)));
 	}
 
-	list ($authname, $authpass) = $authinfo;
-	$usertest = $pwlist[ strtolower($authname) ];
-	if (!$usertest) return;
+	function html()
+	{
+		return $this->name ?: $this->login;
+	}
 
-	$salt = substr($usertest, 0, 2);
-	if (crypt($authpass, $salt) != $usertest) return;
+	function admin()
+	{
+		return @file_exists("{$this->dir}/.admin");
+	}
 
-	$GLOBALS['User'] = $authname;
+	function seen()
+	{
+		return @filemtime("{$this->dir}/last.log");
+	}
+
+	function logclient()
+	{
+		if ($log = @fopen("{$this->dir}/last.log", 'w')) {
+			$line = $_SERVER['REMOTE_ADDR'].' '.$_SERVER['HTTP_USER_AGENT'];
+			fwrite($log, $line."\n");
+		}
+	}
+}
+
+function login_password_verify($input, $test)
+{
+	if (substr($test, 0, 1) != '$') {
+		# plaintext match for uncrypted passwords
+		return $input === $test;
+	}
+	return password_verify($input, $test);
 }
 
-Auth();
+function login_setcookie()
+{
+	global $User;
+	return setcookie('login', $User->auth, 0, '/');
+}
 
-$editable = !empty($User) && $User != 'lid';
+function login($inuser, $inpass = NULL)
+{
+	if (empty($inuser)) return;
+	if (!isset($inpass)) {
+		@list ($inuser, $inauth) = explode(':', $inuser, 2);
+	}
+
+	# find password data by user name
+	$userdir = 'profile/'.preg_replace('/[^a-z0-9]+/', '-', strtolower($inuser));
+	$pwfile = "$userdir/.passwd";
+	if (!file_exists($pwfile)) return;
+	$usertest = trim(file_get_contents($pwfile));
+	if (!$usertest) return;
+
+	# verify password
+	$authhash = md5($usertest);
+	if (isset($inpass)) {
+		if (!login_password_verify($inpass, $usertest)) return;
+	}
+	else {
+		if ($inauth !== $authhash) return;
+	}
+
+	if (function_exists('apache_note')) apache_note('user', $inuser);
+
+	$user = new User($userdir);
+	$user->logclient();
+	$user->pass = $usertest;
+	$user->auth = "$inuser:$authhash";
+	return $user;
+}
+
+if (isset($_COOKIE['login'])) {
+	global $User;
+	$User = login($_COOKIE['login']);
+}