diff options
| author | Alib <aliboba@free.fr> | 2010-03-01 11:36:09 +0100 | 
|---|---|---|
| committer | Alib <aliboba@free.fr> | 2010-03-01 11:36:09 +0100 | 
| commit | c7fe8b46a1b6f5f282cc34c5ac8cd9f1e6c24aa1 (patch) | |
| tree | 75ccb0e7d61576702f14986360f9a9ef9b88edfb /includes/inc_auth.php | |
| parent | f6f2ae6bfa16609f0fe058d67ba49e01276c84a9 (diff) | |
| download | istreamdev-c7fe8b46a1b6f5f282cc34c5ac8cd9f1e6c24aa1.tar.gz istreamdev-c7fe8b46a1b6f5f282cc34c5ac8cd9f1e6c24aa1.tar.bz2 | |
secured auth with sh1 pass in cookie.
Diffstat (limited to 'includes/inc_auth.php')
| -rwxr-xr-x | includes/inc_auth.php | 12 | 
1 files changed, 8 insertions, 4 deletions
| diff --git a/includes/inc_auth.php b/includes/inc_auth.php index 92f0fc8..1545b7c 100755 --- a/includes/inc_auth.php +++ b/includes/inc_auth.php @@ -6,16 +6,21 @@ session_start();  if (isset($_COOKIE['istream']))  { -        $authorized=true; +       if(sha1($pass) == $_COOKIE['istream'] ) { + 		setcookie ("istream", sha1($pass), time()+60*60*24*30); +		$authorized = true; +	} else { +		$authorised = false; +	}  }  # checkup login and password  if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']))  { -    if (($user == $_SERVER['PHP_AUTH_USER']) && ($pass == ($_SERVER['PHP_AUTH_PW'])) && isset($_SESSION['auth'])) +    if (($user == $_SERVER['PHP_AUTH_USER']) && ($pass == ($_SERVER['PHP_AUTH_PW'])) )      { +    setcookie ("istream", sha1($pass), time()+60*60*24*30);      $authorized = true; -    setcookie ("istream", "true", time()+60*60*24*30);      }  } @@ -24,7 +29,6 @@ if (!$authorized)  {      header('WWW-Authenticate: Basic Realm="Login please"');      header('HTTP/1.0 401 Unauthorized'); -    $_SESSION['auth'] = true;      echo "Login";      exit;  } | 
