From c7fe8b46a1b6f5f282cc34c5ac8cd9f1e6c24aa1 Mon Sep 17 00:00:00 2001
From: Alib <aliboba@free.fr>
Date: Mon, 1 Mar 2010 11:36:09 +0100
Subject: secured auth with sh1 pass in cookie.

---
 includes/inc_auth.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'includes/inc_auth.php')

diff --git a/includes/inc_auth.php b/includes/inc_auth.php
index 92f0fc8..1545b7c 100755
--- a/includes/inc_auth.php
+++ b/includes/inc_auth.php
@@ -6,16 +6,21 @@ session_start();
 
 if (isset($_COOKIE['istream']))
 {
-        $authorized=true;
+       if(sha1($pass) == $_COOKIE['istream'] ) {
+ 		setcookie ("istream", sha1($pass), time()+60*60*24*30);
+		$authorized = true;
+	} else {
+		$authorised = false;
+	}
 }
 
 # checkup login and password
 if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']))
 {
-    if (($user == $_SERVER['PHP_AUTH_USER']) && ($pass == ($_SERVER['PHP_AUTH_PW'])) && isset($_SESSION['auth']))
+    if (($user == $_SERVER['PHP_AUTH_USER']) && ($pass == ($_SERVER['PHP_AUTH_PW'])) )
     {
+    setcookie ("istream", sha1($pass), time()+60*60*24*30);
     $authorized = true;
-    setcookie ("istream", "true", time()+60*60*24*30);
     }
 }
 
@@ -24,7 +29,6 @@ if (!$authorized)
 {
     header('WWW-Authenticate: Basic Realm="Login please"');
     header('HTTP/1.0 401 Unauthorized');
-    $_SESSION['auth'] = true;
     echo "Login";
     exit;
 }
-- 
cgit v1.2.3