diff options
author | Rob Thomas <xrobau@gmail.com> | 2018-03-16 05:45:46 +0000 |
---|---|---|
committer | Rob Thomas <xrobau@gmail.com> | 2018-03-16 05:45:46 +0000 |
commit | 71a42842f181739366d2937b8d75df980b85c342 (patch) | |
tree | af64489c68aa90221976f5f514b326451ce7a591 /htdocs | |
parent | 7128b94377cb5ebd605657a4cdd9cd29025b895e (diff) | |
download | stikked-fit-71a42842f181739366d2937b8d75df980b85c342.tar.gz stikked-fit-71a42842f181739366d2937b8d75df980b85c342.tar.bz2 stikked-fit-71a42842f181739366d2937b8d75df980b85c342.zip |
Fix spamadmin undefined value
Also changed != to !==, because 's' == 1. Yay PHP.
Diffstat (limited to 'htdocs')
-rw-r--r-- | htdocs/application/controllers/Spamadmin.php | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/htdocs/application/controllers/Spamadmin.php b/htdocs/application/controllers/Spamadmin.php index 6fb8ee1..8b96255 100644 --- a/htdocs/application/controllers/Spamadmin.php +++ b/htdocs/application/controllers/Spamadmin.php @@ -22,10 +22,25 @@ class Spamadmin extends CI_Controller $user = $this->config->item('spamadmin_user'); $pass = $this->config->item('spamadmin_pass'); - // basic auth for fastcgi - list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); + // FastCGI doesn't provide PHP_AUTH_USER and PHP_AUTH_PW, apparently? + if (empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW'])) { + if (!empty($_SERVER['HTTP_AUTHORIZATION'])) { + list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); + } + } + + // If they're not set, set them to blank. The null coalesce operator would be handy here, but + // that's PHP 7.0 and higher... + if (empty($_SERVER['PHP_AUTH_USER'])) + { + $_SERVER['PHP_AUTH_USER'] = ""; + } + if (empty($$_SERVER['PHP_AUTH_PW'])) + { + $_SERVER['PHP_AUTH_PW'] = ""; + } - if ($user == '' || $pass == '' || !isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER'] != $user || $_SERVER['PHP_AUTH_PW'] != $pass) + if ($user === '' || $pass === '' || $_SERVER['PHP_AUTH_USER'] !== $user || $_SERVER['PHP_AUTH_PW'] !== $pass) { header('WWW-Authenticate: Basic realm="Spamadmin"'); header('HTTP/1.0 401 Unauthorized'); |