also check in $_SERVER, this allows us to use SetEnv in .htaccess to set the username/password

ylebre · ylebre · commit 2d9b388bded9 · 2020-10-01T20:05:42.000+02:00
diff --git a/src/Controller/LoginController.php b/src/Controller/LoginController.php
@@ -11,6 +11,7 @@ final public function __invoke(ServerRequestInterface $request, array $args): Re
     {
         $postBody = $request->getParsedBody();
         $response = $this->getResponse();
+
         // var_dump($_SESSION);
         if (isset($_SESSION['userid'])) {
           $user = $_SESSION['userid'];
@@ -20,7 +21,10 @@ final public function __invoke(ServerRequestInterface $request, array $args): Re
 			return $response;
 		  }
           $response->getBody()->write("<h1>Already logged in as $user</h1>");
-        } else if ($postBody['username'] == "admin" || ($postBody['username'] == $_ENV['USER'] && $postBody['password'] == $_ENV['PASSWORD'])) {
+        } else if (
+			($postBody['username'] == $_ENV['USER'] && $postBody['password'] == $_ENV['PASSWORD']) ||
+			($postBody['username'] == $_SERVER['USER'] && $postBody['password'] == $_SERVER['PASSWORD'])
+		) {
           $user = $postBody['username'];
           $_SESSION['userid'] =  $user;
 		  if ($_GET['returnUrl']) {
@@ -37,7 +41,7 @@ final public function __invoke(ServerRequestInterface $request, array $args): Re
           //var_dump($_COOKIE);
           //echo("session:\n");
           //var_dump($_SESSION);
-          $response->getBody()->write("<h1>No (try posting user=alice&password=alice123)</h1>\n");
+          $response->getBody()->write("<h1>No (try posting username=alice&password=alice123)</h1>\n");
         }
         return $response;
     }
