files: Fix authentication on upload

2024-05-14 23:54:32 +02:00
parent 3730e4ef3c
commit 10025555a4
2 changed files with 23 additions and 10 deletions
--- a/www/.php/auth.inc
+++ b/www/.php/auth.inc
@ -1,27 +1,33 @@
 <?php
 require "credentials.inc";

+function http_401_unauthorized(): void {
+    header('Status: 401');
+    header('WWW-Authenticate: Basic realm="Elwig"');
+    header('Content-Type: text/plain; charset=UTF-8');
+    header('Content-Length: 20');
+    exit("401 Unauthorized :(\n");
+}
+
 function authenticate(): void {
    global $CREDENTIALS;
-    if (!isset($_SEVER['PHP_AUTH_USER']) || !isset($_SEVER['PHP_AUTH_PW']) ||
+    if (!array_key_exists('PHP_AUTH_USER', $_SERVER) ||
+        !array_key_exists('PHP_AUTH_PW', $_SERVER) ||
        !array_key_exists($_SERVER['PHP_AUTH_USER'], $CREDENTIALS) ||
        $_SERVER['PHP_AUTH_PW'] !== $CREDENTIALS[$_SERVER['PHP_AUTH_USER']])
    {
-        header('Status: 401');
-        header('WWW-Authenticate: Basic realm="Elwig"');
-        exit("401 Unauthorized :(\n");
+        http_401_unauthorized();
    }
 }

 function authenticate_client(string $client): void {
    global $CLIENT_CREDENTIALS;
    $credentials = $CLIENT_CREDENTIALS[$client];
-    if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) ||
+    if (!array_key_exists('PHP_AUTH_USER', $_SERVER) ||
+        !array_key_exists('PHP_AUTH_PW', $_SERVER) ||
        !array_key_exists($_SERVER['PHP_AUTH_USER'], $credentials) ||
        $_SERVER['PHP_AUTH_PW'] !== $credentials[$_SERVER['PHP_AUTH_USER']])
    {
-        header('Status: 401');
-        header('WWW-Authenticate: Basic realm="Elwig"');
-        exit("401 Unauthorized :(\n");
+        http_401_unauthorized();
    }
 }