X-Git-Url: http://git.pjr.cc/?p=gwvp.git;a=blobdiff_plain;f=gwvplib%2Fgwvpauth.php;h=f7e036d2d1bebeb732ecd70f5ba5def7ce9383b7;hp=8aa0533c4e1c505079052648f9210ca6ca12c179;hb=c7bb18886251e5187afbdb8d2101e200eb895ab6;hpb=eafd2fd6a4a6a3f5866780e0b9e07e1b83ea6be7 diff --git a/gwvplib/gwvpauth.php b/gwvplib/gwvpauth.php index 8aa0533..f7e036d 100644 --- a/gwvplib/gwvpauth.php +++ b/gwvplib/gwvpauth.php @@ -30,6 +30,15 @@ function gwvp_AuthCallMe() return false; } +function gwvp_AskForBasicAuth() +{ + if(!isset($_SERVER["PHP_AUTH_USER"])) { + header('WWW-Authenticate: Basic realm="My Realm"'); + header('HTTP/1.0 401 Unauthorized'); + exit(0); + } else return; +} + // $levels is checked against $LOGIN_TYPE, levels can be either just "admin" or admin,user anon,user anon, etc. function gwvp_CheckAuthLevel($levels) { @@ -45,6 +54,12 @@ function gwvp_CheckAuthLevel($levels) return false; } +function gwvp_fourZeroThree() +{ + header("HTTP/1.0 403 Permission Denied"); + exit(0); +} + function gwvp_AuthNoPerms() { gwvp_goMainPage("gwvp_AuthNoPermsBody"); @@ -77,6 +92,18 @@ function gwvp_RegistrationCall() } } +function gwvp_authUserPass($user, $pass) +{ + $details = gwvp_getUser($user); + if($details == false) { + return false; + } + + if(sha1($pass)!=$details["password"]) return false; + + return $details["username"]; +} + function gwvp_AuthHandleLogin() { global $BASE_URL; @@ -86,17 +113,9 @@ function gwvp_AuthHandleLogin() if(isset($_REQUEST["username"])) $user = $_REQUEST["username"]; if(isset($_REQUEST["password"])) $pass = $_REQUEST["password"]; - $details = gwvp_getUser($user); - if($details == false) { - gwvp_SendMessage("error", "Login Failed"); - header("Location: $BASE_URL"); - return false; - } - - if(sha1($pass)!=$details["password"]) { + if(gwvp_authUserPass($user, $pass) === false) { gwvp_SendMessage("error", "Login Failed"); header("Location: $BASE_URL"); - return false; } else { $_SESSION["isloggedin"] = true; $_SESSION["username"] = "$user"; @@ -141,6 +160,21 @@ function gwvp_RegistrationPageBody()