Replace all authentication code with a function that does the auth for us
Makes things a little tidier and easier to change in the future, a custom message can be passed to authenticateUser() and this is output if the authentication fails. Added protection around Include and Exclude species pages as these still accessible & data can still be written to include and exclude species.txt even with a password.
This commit is contained in:
+2
-16
@@ -5,22 +5,8 @@ if(file_exists('./scripts/common.php')){
|
||||
include_once "./common.php";
|
||||
}
|
||||
|
||||
$caddypwd = $config['CADDY_PWD'];
|
||||
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo '<table><tr><td>You cannot edit the settings for this installation</td></tr></table>';
|
||||
exit;
|
||||
} else {
|
||||
$submittedpwd = $_SERVER['PHP_AUTH_PW'];
|
||||
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
||||
if($submittedpwd !== $caddypwd || $submitteduser !== 'birdnet'){
|
||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo '<table><tr><td>You cannot edit the settings for this installation</td></tr></table>';
|
||||
exit;
|
||||
}
|
||||
}
|
||||
//Authenticate before going any further
|
||||
authenticateUser('You cannot edit the settings for this installation');
|
||||
|
||||
if(isset($_GET['submit'])) {
|
||||
if(isset($_GET["ice_pwd"])) {
|
||||
|
||||
Reference in New Issue
Block a user