- my $auth = $r->headers_in->{'authorization'};
- if (!defined($auth) || $auth !~ m#^Basic ([a-zA-Z0-9+/]+=*)$#) {
+ my $auth = $r->header('authorization');
+ if (!defined($auth)) {
+ return undef;
+ }
+ if ($auth =~ /^Basic ([a-zA-Z0-9+\/]+=*)$/) {
+ return check_basic_auth($r, $1);
+ }
+ return undef;
+}
+
+sub generate_401 {
+ my ($r) = @_;
+ my $res = Plack::Response->new(401);
+ $res->content_type('text/plain; charset=utf-8');
+ $res->status(401);
+ $res->header('WWW-Authenticate' => 'Basic realm="pr0n.sesse.net"');
+
+ $res->body("Need authorization\n");
+ return $res;
+}
+
+sub check_basic_auth {
+ my ($r, $auth) = @_;
+
+ my ($raw_user, $pass) = split /:/, MIME::Base64::decode_base64($auth);
+ my ($user, $takenby) = extract_takenby($raw_user);
+
+ my $ref = $dbh->selectrow_hashref('SELECT cryptpassword FROM users WHERE username=? AND vhost=?',
+ undef, $user, Sesse::pr0n::Common::get_server_name($r));
+ my $bcrypt_matches = 0;
+ if (!defined($ref) || Crypt::Eksblowfish::Bcrypt::bcrypt($pass, $ref->{'cryptpassword'}) ne $ref->{'cryptpassword'}) {