Replace all authentication code with a function that does the auth for us

Makes things a little tidier and easier to change in the future, a custom message can be passed to authenticateUser() and this is output if the authentication fails.

Added protection around Include and Exclude species pages as these still accessible & data can still be written to include and exclude species.txt even with a password.
This commit is contained in:
jaredb7
2023-05-13 01:07:19 +10:00
parent 66863f2e6b
commit a80d39d7b6
7 changed files with 66 additions and 202 deletions
+6 -21
View File
@@ -31,28 +31,13 @@ if(isset($_GET['custom_image'])){
}
if(isset($_GET['blacklistimage'])) {
if(isset($_SERVER['PHP_AUTH_USER'])) {
$submittedpwd = $_SERVER['PHP_AUTH_PW'];
$submitteduser = $_SERVER['PHP_AUTH_USER'];
if($submittedpwd == $config['CADDY_PWD'] && $submitteduser == 'birdnet'){
$imageid = $_GET['blacklistimage'];
$result = blacklistFlickrImage($imageid);
unset($_SESSION['images']);
die($result['message']);
} else {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'You must be authenticated.';
exit;
$user_is_authenticated = authenticateUser('You cannot modify the system');
if($user_is_authenticated){
$imageid = $_GET['blacklistimage'];
$result = blacklistFlickrImage($imageid);
unset($_SESSION['images']);
die($result['message']);
}
} else {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'You must be authenticated.';
exit;
}
}
if(isset($_GET['fetch_chart_string']) && $_GET['fetch_chart_string'] == "true") {