From 06f77b057ff1ad7c8cada6f543860982284044e5 Mon Sep 17 00:00:00 2001
From: Benjamin Sonntag <benjamin@octopuce.fr>
Date: Tue, 16 Jun 2015 14:38:00 +0200
Subject: [PATCH] fixing HTTP AUTH (was in test, now in production)

---
 bureau/class/config.php | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/bureau/class/config.php b/bureau/class/config.php
index ec743f27..fbf38bfd 100644
--- a/bureau/class/config.php
+++ b/bureau/class/config.php
@@ -59,18 +59,18 @@ if (ini_get("safe_mode")) {
 
 // For people who want to authenticate with HTTP AUTH
 if (isset($_GET['http_auth'])) $http_auth=strval($_GET['http_auth']);
-if (isset($http_auth) && $http_auth) {
-    if (empty($_SERVER['PHP_AUTH_USER']) || empty($_SERVER['PHP_AUTH_PW'])) {
-        header('WWW-Authenticate: Basic realm="Test Authentication System"');
-        header('HTTP/1.0 401 Unauthorized');
-	exit();
-    }
+if (isset($http_auth)) {
+  if (empty($_SERVER['PHP_AUTH_USER']) || empty($_SERVER['PHP_AUTH_PW'])) {
+    header('WWW-Authenticate: Basic realm="AlternC Authentication"');
+    header('HTTP/1.0 401 Unauthorized');
+    exit();
+  }
 }
 if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
   // Gruiiik
   $_REQUEST["username"]=$_SERVER['PHP_AUTH_USER'];
   $_REQUEST["password"]=$_SERVER['PHP_AUTH_PW'];
- }
+}
 
 // proper srand (not using time(), which is what PHP does!)
 list($usec, $sec) = explode(" ", microtime());
@@ -179,6 +179,11 @@ $hooks=new m_hooks();
 /* Check the User identity (if required) */
 if (!defined('NOCHECK')) {
   if (!$mem->checkid()) {
+    if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
+      header('WWW-Authenticate: Basic realm="AlternC Authentication"');
+      header('HTTP/1.0 401 Unauthorized');
+      exit();
+    }
     $error=$err->errstr();
     include("$root/admin/index.php");
     exit();