introduced simple acl engine

[busy] / index.cgi

diff --git a/index.cgi b/index.cgi
index dc04c7360515c106864391cbb3de739758905fd4..1612a9fb89d42c75dd024c4858f6a15fa97f7345 100755 (executable)
--- a/index.cgi
+++ b/index.cgi
@@ -18,16 +18,15 @@
 
 umask=002
 alias _wiki="stx2any --no-template --link-abbrevs --quote -T html"
+. auth/acl.sh
 
 page=$(egrep -o '(^|&)p=[a-zA-Z0-9/_-]+(&|$)' <<<"${QUERY_STRING}" |sed 's,&,,g;s,p=,,')
 
 [ -z "$LOGIN" ] && LOGIN=false
-[ -z "$DEV" ] && DEV=false
-[ -z "$ADM" ] && ADM=false
 [ -z "$page" ] && page=Home
 
 if (! $LOGIN && egrep -qx "https?://${HTTP_HOST}/(session.cgi\?|write/).*" <<<"${HTTP_REFERER}"); then
-  echo -n "Location: http://${HTTP_HOST}/session.cgi?${QUERY_STRING}\n\n"
+  echo -n "Location: https://${HTTP_HOST}/session.cgi?${QUERY_STRING}\n\n"
   exit 0
 fi
 
@@ -62,7 +61,7 @@ function hide_screen(id){
       <span id="SLOGAN">$(egrep '^slogan=.*$' project.meta |cut -d= -f2-)</span>
     </div>
     <div id="USERMENU">
-$( $LOGIN || echo '<form action="/login.cgi?'${QUERY_STRING:gs/&/&amp;/}'" method="post" accept-charset="UTF-8">
+$( $LOGIN || echo '<form action="https://'${HTTP_HOST}'/login.cgi?'${QUERY_STRING:gs/&/&amp;/}'" method="post" accept-charset="UTF-8">
                     Login:<br>
                     <input type="text" name="user" value placeholder="Username"><br>
                     <input type="password" name="pass" value placeholder="Password"><br>