From: paulr Date: Fri, 4 Nov 2011 15:56:36 +0000 (+1100) Subject: wow, i just pulled a repo via git from this interface... its X-Git-Url: http://git.pjr.cc/?a=commitdiff_plain;h=c7bb18886251e5187afbdb8d2101e200eb895ab6;p=gwvp.git wow, i just pulled a repo via git from this interface... its beautiful... havent got backend setup for pushing yet, but we're a step closer. I've found i can "read" without having to use git-http-backend - which is grand. Other changes Made a single function for checking user auth added a function to push for a basic auth login added a function to check for basic auth details --- diff --git a/gwvplib/gwvpauth.php b/gwvplib/gwvpauth.php index 8aa0533..f7e036d 100644 --- a/gwvplib/gwvpauth.php +++ b/gwvplib/gwvpauth.php @@ -30,6 +30,15 @@ function gwvp_AuthCallMe() return false; } +function gwvp_AskForBasicAuth() +{ + if(!isset($_SERVER["PHP_AUTH_USER"])) { + header('WWW-Authenticate: Basic realm="My Realm"'); + header('HTTP/1.0 401 Unauthorized'); + exit(0); + } else return; +} + // $levels is checked against $LOGIN_TYPE, levels can be either just "admin" or admin,user anon,user anon, etc. function gwvp_CheckAuthLevel($levels) { @@ -45,6 +54,12 @@ function gwvp_CheckAuthLevel($levels) return false; } +function gwvp_fourZeroThree() +{ + header("HTTP/1.0 403 Permission Denied"); + exit(0); +} + function gwvp_AuthNoPerms() { gwvp_goMainPage("gwvp_AuthNoPermsBody"); @@ -77,6 +92,18 @@ function gwvp_RegistrationCall() } } +function gwvp_authUserPass($user, $pass) +{ + $details = gwvp_getUser($user); + if($details == false) { + return false; + } + + if(sha1($pass)!=$details["password"]) return false; + + return $details["username"]; +} + function gwvp_AuthHandleLogin() { global $BASE_URL; @@ -86,17 +113,9 @@ function gwvp_AuthHandleLogin() if(isset($_REQUEST["username"])) $user = $_REQUEST["username"]; if(isset($_REQUEST["password"])) $pass = $_REQUEST["password"]; - $details = gwvp_getUser($user); - if($details == false) { - gwvp_SendMessage("error", "Login Failed"); - header("Location: $BASE_URL"); - return false; - } - - if(sha1($pass)!=$details["password"]) { + if(gwvp_authUserPass($user, $pass) === false) { gwvp_SendMessage("error", "Login Failed"); header("Location: $BASE_URL"); - return false; } else { $_SESSION["isloggedin"] = true; $_SESSION["username"] = "$user"; @@ -141,6 +160,21 @@ function gwvp_RegistrationPageBody() \ No newline at end of file