<?php
-$ALLOWED = [
- '127.0.0.1',
- '192.168.178.0/24',
- '94.208.83.16', # arie.ziggo
- '83.161.198.138', # shiar.demon
- '145.131.141.219', # shiar@1m
-];
-
-$editable = in_array($_SERVER['REMOTE_ADDR'], $ALLOWED) ?
- $_SERVER['REMOTE_ADDR'] : FALSE;
+global $User, $editable;
+$User = FALSE;
+
+function Auth() {
+ if (isset($_SERVER['PHP_AUTH_USER'])) {
+ $authinfo = [ $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ];
+ }
+ elseif (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
+ // cgi compatibility
+ $authinfo = explode(':' , base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
+ }
+ else {
+ return;
+ }
+
+ $pwdata = file_get_contents(__DIR__.'/.htpasswd');
+ $pwlist = [];
+ foreach (explode("\n", $pwdata) as $line) {
+ if (!$line) continue;
+ list ($username, $pass) = explode(':', $line);
+ $pwlist[$username] = $pass;
+ }
+
+ list ($authname, $authpass) = $authinfo;
+ $usertest = $pwlist[ strtolower($authname) ];
+ if (!$usertest) return;
+
+ $salt = substr($usertest, 0, 2);
+ if (crypt($authpass, $salt) != $usertest) return;
+
+ $GLOBALS['User'] = $authname;
+}
+
+Auth();
+
+$editable = !empty($User) && $User != 'lid';
<?php
define('N', "\n");
+include 'auth.inc.php';
+
$curfile = ltrim($_SERVER['SCRIPT_NAME'], '/');
if (is_executable(__DIR__ . '/' . $curfile)) {
// dynamic code is +x
}
echo '<p class="footer">'.N;
- echo "Beheer toegestaan voor $editable:".N;
+ echo "Beheer toegestaan voor $User:".N;
printf('<a href="?%s">%s</a>'.N,
$edit ? '' : 'edit',
$edit ? 'lezen' : ($notfound ? 'aanmaken' : 'aanpassen')
--- /dev/null
+<?php
+require 'auth.inc.php';
+
+if ($editable) {
+ http_response_code(307);
+ header('Location: /');
+ exit;
+}
+
+header('WWW-Authenticate: Basic realm=""');
+http_response_code(401);
+
+// fallback page shown on authentication failure
+include 'head.inc.php';
+?>
+<h2>Inloggen mislukt</h2>
+<p>Geen geldige login voor sitebeheer.</p>
+