static void wo_logout(char *url)
{
char s[256];
// doesn't work with all browsers...
if (((user_agent) && (strstr(user_agent, "Opera") != NULL))) {
sprintf(s, "%llx", (unsigned long long)time(NULL) * rand());
send_authenticate(s);
}
else {
send_authenticate(NULL);
}
#if 0
gen_sessnum();
#endif
//
#if 0
char *c;
char *p;
p = nvram_safe_get("web_out");
c = inet_ntoa(clientsai.sin_addr);
if ((c != NULL) && (!find_word(p, c))) {
while (strlen(p) > 128) {
p = strchr(p, ',');
if (!p) break;
++p;
}
if ((p) && (*p)) {
sprintf(s, "%s,%s", p, c);
nvram_set("web_out", s);
}
else {
nvram_set("web_out", c);
}
nvram_unset("web_outx");
}
#endif
}
static int auth_check(struct connstruct *cn)
{
char line[MAXREQUESTLENGTH];
FILE *fp;
char *cp;
if ((fp = exist_check(cn, ".htpasswd")) == NULL)
return 0; /* no .htpasswd file, so let though */
if (cn->authorization[0] == 0)
goto error;
/* cn->authorization is in form "username:password" */
if ((cp = strchr(cn->authorization, ':')) == NULL)
goto error;
else
*cp++ = 0; /* cp becomes the password */
while (fgets(line, sizeof(line), fp) != NULL) {
char *b64_file_passwd;
int l = strlen(line);
/* nuke newline */
if (line[l - 1] == '\n')
line[l - 1] = 0;
/* line is form "username:salt(b64)$password(b64)" */
if ((b64_file_passwd = strchr(line, ':')) == NULL)
continue;
*b64_file_passwd++ = 0;
if (strcmp(line, cn->authorization)) /* our user? */
continue;
if (check_digest(b64_file_passwd, cp) == 0) {
fclose(fp);
return 0;
}
}
error:
fclose(fp);
send_authenticate(cn, cn->server_name);
return -1;
}
