Remove PAM bullshit auth for a simple/stupid sha256 static auth

This commit is contained in:
Gregory Colpart 2017-08-20 04:08:06 +02:00
parent a5fe856592
commit 6f3a6ccadd
1 changed files with 5 additions and 14 deletions

View File

@ -13,28 +13,19 @@
* @version 1.0
*/
// sha256 hashs (TODO: move in conf file)
$logins=array();
$logins['foo'] = 'd5d3c723fb82cb0078f399888af78204234535ec2ef3da56710fdd51f90d2477';
$logins['bar'] = '7938c84d6e43d1659612a7ea7c1101ed02e52751bb64597a8c20ebaba8ba4303';
if ((empty($_GET['form']) || $_GET['form']!=1) && !empty($_POST)) {
$login=0;
$username=$_POST['login'];
$password=$_POST['passw'];
$login = pam_auth($username, $password);
if ($login==1) {
if (hash("sha256",$password) == $logins[$username]) {
$_SESSION['auth']=1;
$_SESSION['user']=$username;
$_SESSION['error']='';
$user = posix_getpwnam($username);
// On nettoie le nom complet
$gecos = explode(',',$user['gecos']);
$user['gecos'] = $gecos[0];
$_SESSION['user_id'] = $user['uid'];
$_SESSION['user_gid'] = $user['gid'];
$_SESSION['user_name'] = $user['gecos'];
} else {
$_SESSION['auth']=0;
$_SESSION['user']='';