Revision ae03154f
Added by Scott Ullrich almost 20 years ago
| etc/inc/auth.inc | ||
|---|---|---|
| 115 | 115 |
if (!isset($HTTP_SERVER_VARS['AUTH_USER'])) |
| 116 | 116 |
continue; |
| 117 | 117 |
|
| 118 |
/* Check to see if user even exists */ |
|
| 119 |
$username = $HTTP_SERVER_VARS['AUTH_USER']; |
|
| 120 |
if(!($line = array_shift(preg_grep("/^$username:.*$/", $authfile))))
|
|
| 121 |
continue; |
|
| 118 |
/* |
|
| 119 |
* auth the username |
|
| 120 |
* honour custom username set in webConfigurator page */ |
|
| 121 |
*/ |
|
| 122 |
if($config['system']['username'] == $HTTP_SERVER_VARS['AUTH_USER']) {
|
|
| 123 |
/* we match, check the password in xml configuration file */ |
|
| 124 |
$username = "root"; |
|
| 125 |
} else {
|
|
| 126 |
/* finally, if we're here then we didn't match the username in |
|
| 127 |
* the webConfigurator. Check the password file. |
|
| 128 |
*/ |
|
| 129 |
/* Check to see if user even exists */ |
|
| 130 |
$username = $HTTP_SERVER_VARS['AUTH_USER']; |
|
| 131 |
if(!($line = array_shift(preg_grep("/^$username:.*$/", $authfile))))
|
|
| 132 |
continue; |
|
| 133 |
} |
|
| 122 | 134 |
|
| 123 | 135 |
/* Get crypted password */ |
| 124 | 136 |
preg_match("/^$username:((\\$1\\$[.\d\w_\/]{8}\\$)[.\d\w_\/]{22})$/", $line, $matches);
|
Also available in: Unified diff
Duplicate logic to htpasswd_backed_basic_auth()