static void wo_logout(char *url) { char s[256]; // doesn't work with all browsers... if (((user_agent) && (strstr(user_agent, "Opera") != NULL))) { sprintf(s, "%llx", (unsigned long long)time(NULL) * rand()); send_authenticate(s); } else { send_authenticate(NULL); } #if 0 gen_sessnum(); #endif // #if 0 char *c; char *p; p = nvram_safe_get("web_out"); c = inet_ntoa(clientsai.sin_addr); if ((c != NULL) && (!find_word(p, c))) { while (strlen(p) > 128) { p = strchr(p, ','); if (!p) break; ++p; } if ((p) && (*p)) { sprintf(s, "%s,%s", p, c); nvram_set("web_out", s); } else { nvram_set("web_out", c); } nvram_unset("web_outx"); } #endif }
static int auth_check(struct connstruct *cn) { char line[MAXREQUESTLENGTH]; FILE *fp; char *cp; if ((fp = exist_check(cn, ".htpasswd")) == NULL) return 0; /* no .htpasswd file, so let though */ if (cn->authorization[0] == 0) goto error; /* cn->authorization is in form "username:password" */ if ((cp = strchr(cn->authorization, ':')) == NULL) goto error; else *cp++ = 0; /* cp becomes the password */ while (fgets(line, sizeof(line), fp) != NULL) { char *b64_file_passwd; int l = strlen(line); /* nuke newline */ if (line[l - 1] == '\n') line[l - 1] = 0; /* line is form "username:salt(b64)$password(b64)" */ if ((b64_file_passwd = strchr(line, ':')) == NULL) continue; *b64_file_passwd++ = 0; if (strcmp(line, cn->authorization)) /* our user? */ continue; if (check_digest(b64_file_passwd, cp) == 0) { fclose(fp); return 0; } } error: fclose(fp); send_authenticate(cn, cn->server_name); return -1; }