- commit
- b7ebd94956cd3bf69f0b4282750ef098318aa67f
- parent
- 1971de035ec06443689a32d9b9b4045d26752f72
- Author
- Tobias Bengfort <tobias.bengfort@posteo.de>
- Date
- 2018-10-21 08:24
implement Basic Auth
Diffstat
| M | README.md | 7 | +------ |
| M | index.php | 13 | ++++++++++++- |
2 files changed, 13 insertions, 7 deletions
diff --git a/README.md b/README.md
@@ -40,6 +40,7 @@ The following files and folders are relevant for your project: 40 40 - `/_templates/default.html` - default template 41 41 - `/_content/` - source files 42 42 - `/_content/_site.yml` - contains site-wide config -1 43 - `/_content/_users.yml` - password hashes 43 44 - `/files/` - uploaded files 44 45 45 46 ### Content @@ -83,9 +84,3 @@ There are also some special filters available: 83 84 Extra](https://michelf.ca/projects/php-markdown/extra/) 84 85 - `shift_headings` - useful to fit user-generated content into the document 85 86 outline86 -187 -1 ### Security88 -189 -1 Pupupu does not include an authentication system itself. It is strongly90 -1 recommended to do this on the server level. Otherwise, **anyone can edit91 -1 everything**!
diff --git a/index.php b/index.php
@@ -69,7 +69,7 @@ function shiftHeadings($html, $offset) 69 69 70 70 function pathIsFile($path) 71 71 {72 -1 return $path === '/_site' || strpos($path, '.') !== false;-1 72 return $path === '/_site' || $path === '/_users' || strpos($path, '.') !== false; 73 73 } 74 74 75 75 function pathDirname($path) @@ -276,6 +276,12 @@ class Pupupu 276 276 $this->render($path, $verbose); 277 277 } 278 278 } -1 279 -1 280 public function checkPassword($name, $password) -1 281 { -1 282 $users = $this->getYaml('/_users'); -1 283 return password_verify($password, $users[$name] ?? ''); -1 284 } 279 285 } 280 286 281 287 function ensureTrailingSlash() @@ -383,6 +389,11 @@ if (isset($_SERVER['REQUEST_METHOD'])) { 383 389 $twig->addFilter(new Twig_Filter('trans', 'trans')); 384 390 385 391 try { -1 392 if (!$pupupu->checkPassword($_SERVER['PHP_AUTH_USER'] ?? '', $_SERVER['PHP_AUTH_PW'] ?? '')) { -1 393 $msg = trans('Login required'); -1 394 header('WWW-Authenticate: Basic realm="' . $msg . '"'); -1 395 throw new HttpException($msg, 401); -1 396 } 386 397 if (empty($_GET['path']) && $_GET['path'] !== '') { 387 398 pagesView($pupupu, $twig); 388 399 } elseif ($_GET['path'] === '_site') {