From 213995b0aa94cf21d2798f07c6dfed0463d72dcd Mon Sep 17 00:00:00 2001
From: Marius <mskr@mailbox.org>
Date: Wed, 11 Aug 2021 18:46:40 +0200
Subject: [PATCH] Auth

---
 .htaccess | 19 ++++++++++++++-----
 index.php |  5 ++++-
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/.htaccess b/.htaccess
index 1d3ed1e..05a250e 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,10 +1,19 @@
-# Deny access to .htaccess
 <Files .htaccess>
 Order allow,deny
 Deny from all
 </Files>
 
-AuthUserFile ./.htpasswd
-AuthType Basic
-AuthName "My restricted Area"
-Require valid-user
\ No newline at end of file
+<Files users.txt>
+Order allow,deny
+Deny from all
+</Files>
+
+<IfModule mod_rewrite.c>
+   RewriteEngine on
+   RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+</IfModule>
+
+#AuthUserFile ./.htpasswd
+#AuthType Basic
+#AuthName "My restricted Area"
+#Require valid-user
\ No newline at end of file
diff --git a/index.php b/index.php
index 884a0a7..60622bf 100644
--- a/index.php
+++ b/index.php
@@ -39,6 +39,7 @@ $use_password = false;
 $mode_register = false;
 $mode_digest = false;
 
+
 // STYLING (light or dark)
 $color  = "light";
 
@@ -68,6 +69,8 @@ if( !$title ) { $title = clean_title(basename(dirname(__FILE__))); }
 
 //
 if ($use_password) {
+    // Rely on apache htaccess RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+    list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
     if ($mode_digest) loginDigest();
     else if ($mode_register) register();
     else login();
@@ -535,7 +538,7 @@ function loginDigest() {
 
     // ok, valid username & password
     echo 'You are logged in as: ' . $data['username'];
-    
+
 }
 
 // function to parse the http auth header