From b9dfd01a7919df8faf8aa7f86554360444014e9d Mon Sep 17 00:00:00 2001
From: Jakob Kaivo <jkk@ung.org>
Date: Fri, 26 Jul 2019 18:11:14 -0400
Subject: let httpd do the authentication

---
 blog.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'blog.c')

diff --git a/blog.c b/blog.c
index 9772361..3c69802 100644
--- a/blog.c
+++ b/blog.c
@@ -51,15 +51,16 @@ char *user_email(const char *user)
 
 int handle_post(void)
 {
-	read_post_data();
-	char *user = find_post_data("username");
-	if (!authenticate(user, find_post_data("password"))) {
+	char *user = getenv("REMOTE_USER");
+	if (!user) {
 		printf("Status 403 Forbidden\r\n");
 		printf("Content-Type: text/plain\r\n\r\n");
 		puts("Incorrect username or password. Go back and try again.");
 		return 0;
 	}
 
+	read_post_data();
+
 	chdir("/");
 	int blogdir = open(user, O_DIRECTORY);
 	if (blogdir == -1) {
@@ -132,6 +133,7 @@ int handle_post(void)
 
 int main(void)
 {
+	char *user = getenv("REMOTE_USER");
 	char *method = getenv("REQUEST_METHOD");
 	if (!strcmp(method, "POST")) {
 		return handle_post();
@@ -142,9 +144,11 @@ int main(void)
 
 	printf(HTML_HEAD, "new blog entry");
 
+	if (user) {
+		printf("<p>Posting as %s</p>\n", user);
+	}
+
 	printf("<form method=\"POST\" action=\"%s\">\n", getenv("DOCUMENT_URI"));
-	puts("<input type=\"text\" name=\"username\" placeholder=\"username\" size=\"80\"><br>");
-	puts("<input type=\"password\" name=\"password\" placeholder=\"password\" size=\"80\"><br>");
 	puts("<input type=\"text\" name=\"title\" placeholder=\"title\" size=\"80\"><br>");
 	puts("<textarea name=\"body\" cols=\"80\" rows=\"24\"><p></p></textarea><br>");
 	puts("<input type=\"submit\">");
-- 
cgit v1.2.1