return null;
}
-function main ($con) {
- if (!isset ($_POST ["request"])) {
- request_error ();
- }
- if ($_POST ["request"] == "auth") {
- $pwd = unquote ($_POST["password"]);
- $user = "admin";
+function check_auth ($con, $pwd, $cookie_name, $auth_only) {
+ $authentificated = false;
+ $user = "admin";
+
+ if ($pwd) {
if ($con->checkpwdmd5 ($user, md5 ($pwd))) {
// cookie will be valid for 2 weeks. I've chosen that value
// arbitrarily, and it may change in the future.
$time = time () + 14 * 60 * 24 * 60;
- $cookie_name = sprintf ("%sauth", DBPREFIX);
setcookie ($cookie_name, md5 ($pwd), $time, "" , "", false, true);
- success_auth ();
+ $authentificated = true;
+ if ($auth_only) {
+ success_auth ();
+ }
} else {
unauthorized_error ();
}
}
- if (!($con->checkpwdmd5 ("admin",
- $_COOKIE [sprintf ("%sauth", DBPREFIX)]))) {
+
+ if (!$authentificated && !($con->checkpwdmd5 ($user,
+ $_COOKIE [$cookie_name]))) {
unauthorized_error ();
}
+}
+
+function main ($con) {
+ if (!isset ($_POST ["request"])) {
+ request_error ();
+ }
+
+ $pwd = unquote ($_POST["password"]);
+ $cookie_name = sprintf ("%sauth", DBPREFIX);
+ // does user only want authentication or does he want to do other things
+ $auth_only = ($_POST ["request"] == "auth");
+ check_auth ($con, $pwd, $cookie_name, $auth_only);
switch ($_POST ["request"]) {
case "update":
**note**: In this documentation, php notation is used (`_POST` and `_FILES`),
but server may be written in any language.
+` _POST["password"]` may contains user password. If it is set, access is
+ checked. If it is not set, authentification cookie is checked. If neither are
+ present, or if one of them is wrong, access is denied.
+
`_POST["request"]` is either:
## auth
asks for authentication
- * ` _POST["password"]` must contains user password
-
## add
adds a new feature