summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
authorAlib <aliboba@free.fr>2010-03-01 11:36:09 +0100
committerAlib <aliboba@free.fr>2010-03-01 11:36:09 +0100
commitc7fe8b46a1b6f5f282cc34c5ac8cd9f1e6c24aa1 (patch)
tree75ccb0e7d61576702f14986360f9a9ef9b88edfb /includes
parentf6f2ae6bfa16609f0fe058d67ba49e01276c84a9 (diff)
downloadistreamdev-c7fe8b46a1b6f5f282cc34c5ac8cd9f1e6c24aa1.tar.gz
istreamdev-c7fe8b46a1b6f5f282cc34c5ac8cd9f1e6c24aa1.tar.bz2
secured auth with sh1 pass in cookie.
Diffstat (limited to 'includes')
-rwxr-xr-xincludes/inc_auth.php12
1 files changed, 8 insertions, 4 deletions
diff --git a/includes/inc_auth.php b/includes/inc_auth.php
index 92f0fc8..1545b7c 100755
--- a/includes/inc_auth.php
+++ b/includes/inc_auth.php
@@ -6,16 +6,21 @@ session_start();
if (isset($_COOKIE['istream']))
{
- $authorized=true;
+ if(sha1($pass) == $_COOKIE['istream'] ) {
+ setcookie ("istream", sha1($pass), time()+60*60*24*30);
+ $authorized = true;
+ } else {
+ $authorised = false;
+ }
}
# checkup login and password
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']))
{
- if (($user == $_SERVER['PHP_AUTH_USER']) && ($pass == ($_SERVER['PHP_AUTH_PW'])) && isset($_SESSION['auth']))
+ if (($user == $_SERVER['PHP_AUTH_USER']) && ($pass == ($_SERVER['PHP_AUTH_PW'])) )
{
+ setcookie ("istream", sha1($pass), time()+60*60*24*30);
$authorized = true;
- setcookie ("istream", "true", time()+60*60*24*30);
}
}
@@ -24,7 +29,6 @@ if (!$authorized)
{
header('WWW-Authenticate: Basic Realm="Login please"');
header('HTTP/1.0 401 Unauthorized');
- $_SESSION['auth'] = true;
echo "Login";
exit;
}