diff -x .svn -Naur contrib-old/level_comment_tool/README contrib/level_comment_tool/README
--- contrib-old/level_comment_tool/README 2004-04-09 19:25:40.000000000 +0300
+++ contrib/level_comment_tool/README 2004-04-09 19:16:11.000000000 +0300
@@ -20,7 +20,7 @@
Copyright
-Pingus Level Feedback System is (c) 2003 by Jarno Elonen
+Pingus Level Feedback System is (c) 2003-2004 by Jarno Elonen
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
@@ -36,3 +36,9 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston,
MA 02111-1307, USA.
+
+NOTE:
+
+ Unlike other parts, 'htpasswd.inc' is licensed under Modified BSD
+ license, which is less restrictive than GPL. You can, however,
+ relicense it under the GPL, if necessary.
diff -x .svn -Naur contrib-old/level_comment_tool/htpasswd.inc contrib/level_comment_tool/htpasswd.inc
--- contrib-old/level_comment_tool/htpasswd.inc 1970-01-01 02:00:00.000000000 +0200
+++ contrib/level_comment_tool/htpasswd.inc 2004-04-09 19:17:56.000000000 +0300
@@ -0,0 +1,96 @@
+
+//
+// Redistribution and use in source and binary forms, with or without modification,
+// are permitted provided that the following conditions are met:
+//
+// * Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+// * The name of the author may not be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
+// WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+// AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR
+// BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+// EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Usage
+// =====
+// require_once('htpasswd.inc');
+// $pass_array = load_htpasswd();
+//
+// if ( test_htpasswd( $pass_array, $user, $pass ))
+// print "Access granted."
+//
+// $pass_array[$new_user] = rand_salt_crypt($new_pass);
+// save_htpasswd($pass_array);
+
+define("HTPASSWDFILE", ".htpasswd");
+
+// Loads htpasswd file into an array of form
+// Array( username => crypted_pass, ... )
+function load_htpasswd()
+{
+ if ( !file_exists(HTPASSWDFILE))
+ return Array();
+
+ $res = Array();
+ foreach(file(HTPASSWDFILE) as $l)
+ {
+ $array = explode(':',$l);
+ $user = $array[0];
+ $pass = chop($array[1]);
+ $res[$user] = $pass;
+ }
+ return $res;
+}
+
+// Saves the array given by load_htpasswd
+function save_htpasswd( $pass_array )
+{
+ ignore_user_abort(true);
+ $fp = fopen(HTPASSWDFILE, "w+");
+ if (flock($fp, LOCK_EX))
+ {
+ while( list($u,$p) = each($pass_array))
+ fputs($fp, "$u:$p\n");
+ flock($fp, LOCK_UN); // release the lock
+ }
+ else
+ {
+ print "ERROR! Could not save (lock) .htpasswd!
";
+ }
+ fclose($fp);
+ ignore_user_abort(false);
+}
+
+// Generates a htpasswd compatible crypted password string.
+function rand_salt_crypt( $pass )
+{
+ // Randomize a 2-letter crypt() salt:
+ $cset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./";
+ $salt = substr($cset, time() & 63, 1) .
+ substr($cset, time()/64 & 63, 1);
+ return crypt($pass, $salt);
+}
+
+// Returns true if the user exists and the password matches, false otherwise
+function test_htpasswd( $pass_array, $user, $pass )
+{
+ if ( !isset($pass_array[$user]))
+ return False;
+ $crypted = $pass_array[$user];
+ return crypt( $pass, substr($crypted,0,2) ) == $crypted;
+}
+
+?>
\ No newline at end of file
diff -x .svn -Naur contrib-old/level_comment_tool/index.php contrib/level_comment_tool/index.php
--- contrib-old/level_comment_tool/index.php 2004-04-09 19:25:40.000000000 +0300
+++ contrib/level_comment_tool/index.php 2004-04-09 19:21:09.000000000 +0300
@@ -19,12 +19,17 @@
require_once("xml-search.inc");
require_once("level-cache.inc");
require_once("mail-settings.inc");
+require_once("htpasswd.inc");
// ==================================================================
// Admin login.
// ==================================================================
-$admin_passwd = "testadmin";
-$is_admin = ($_SERVER['PHP_AUTH_PW'] === $admin_passwd);
+
+$htpasswd = load_htpasswd();
+$is_admin = False;
+if ( isset($_SERVER['PHP_AUTH_PW']))
+ $is_admin = test_htpasswd( $htpasswd, "admin", $_SERVER['PHP_AUTH_PW'] );
+
if ( isset($_GET["adminlogin"]))
{
if (!isset($_SERVER['PHP_AUTH_USER']))
@@ -37,7 +42,7 @@
else
{
if ( !isset($_SERVER['PHP_AUTH_PW']) ||
- $_SERVER['PHP_AUTH_PW'] != $admin_passwd )
+ !test_htpasswd( $htpasswd, "admin", $_SERVER['PHP_AUTH_PW'] ))
{
header('HTTP/1.0 401 Unauthorized');
echo 'Wrong password. Hit Back.';