From 87c69016c5e7458df84950ae4eb0b5833262a370 Mon Sep 17 00:00:00 2001
From: Max Christian Pohle
Date: Sat, 15 Oct 2016 19:20:18 +0200
Subject: Initial version

It basically works
---
 htaccess-sample |  15 +++++++
 htusers-sample  |  12 +++++
 login.html      | 136 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 163 insertions(+)
 create mode 100644 htaccess-sample
 create mode 100644 htusers-sample
 create mode 100644 login.html

diff --git a/htaccess-sample b/htaccess-sample
new file mode 100644
index 0000000..dabf6a9
--- /dev/null
+++ b/htaccess-sample
@@ -0,0 +1,15 @@
+# this file must be named .htaccess
+DirectoryIndex login.html
+
+AuthType Basic
+AuthName "Password Protected Area"
+AuthUserFile .htusers
+Require valid-user
+
+# allow only the root directory (=login.html, see above) to be shown...
+SetEnvIf Request_URI ^/$ noauth=1
+Satisfy any
+order deny,allow
+deny from all
+Allow from env=noauth
+
diff --git a/htusers-sample b/htusers-sample
new file mode 100644
index 0000000..dd91cf9
--- /dev/null
+++ b/htusers-sample
@@ -0,0 +1,12 @@
+# this file should contain combinations of usernames and passwords, divided by colons and separated
+# by newlines:
+#
+# user1:password2
+# user2:password2
+#
+# the passwords must not be inserted as plain text, but as hashes. To generate these hashes one can
+# use:
+#   openssl passwd -crypt password1
+#
+# lines starting with # are not recognized and can be used as comments
+
diff --git a/login.html b/login.html
new file mode 100644
index 0000000..627308e
--- /dev/null
+++ b/login.html
@@ -0,0 +1,136 @@
+<!DOCTYPE html>
+<html>
+	<head>
+		<title>Ostsee - Verborgene Fracht - Login</title>
+	</head>
+	<style type="text/css">
+		html,body
+		{
+			width:100%;
+			height:100%;
+			margin:0px;
+			padding:0px;
+			overflow:hidden;
+		}
+
+		body
+		{
+			position:absolute;
+			background:#474747;
+			vertical-align:middle;
+		}
+
+		form.login
+		{
+			position:relative;
+			top:50%;
+			display:block;
+			margin:auto auto;
+			width:12em;
+			text-align:right;
+			font-family:Arial, Helvetica Neue, Helvetica, sans-serif;
+			font-weight:bold;
+			transform: translateY(-50%);
+		}
+
+		form.login label
+		{
+			color:#fff;
+			text-align:center;
+			font-size:x-small;
+			text-transform:uppercase;
+			display:block;
+			font-weight:normal;
+			line-height:1.75em;
+		}
+
+		form.login :active,
+		form.login :focus
+		{
+			outline:0px;
+		}
+
+		form.login input
+		{
+			border:4px solid #fff;
+			border-radius:6px;
+			background:#fff;
+			width:100%;
+			margin:0px;
+			font-size:inherit;
+			text-align:center;
+		}
+
+		form.login button
+		{
+			clear:both;
+			display:block;
+			float:right;
+			background:#fff;
+			border:0px;
+			position:relative;
+			top:-1em;
+			margin-top:-5px;
+			font-size:inherit;
+			background:transparent;
+			color:#474747;
+			text-align:right;
+		}
+	</style>
+<body onload="document.getElementById('password').focus()">
+	<form action="/" class="login">
+		<input type="hidden" name="username" id="username" value="login" />
+		<label>Passwort <?php echo $_SERVER['PHP_AUTH_USER'].$_SERVER['REMOTE_USER'] ?><br/>
+			<input type="password" id="password" /></label>
+		<button type="submit" />&gt;</button>
+		<br style="clear:both" />
+	</form>
+</body>
+</html>
+
+<script type="text/javascript">
+//~ ajax-main-functions --------------------------------------------- ~
+function createHTTPObject()
+{
+  var xmlhttp;
+  /*@cc_on
+  @if (@_jscript_version >= 5) try {
+  xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
+  } catch (e) {
+  try {
+  xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
+  } catch (E){
+  xmlhttp = false;
+  }
+  } @else xmlhttp = false; @end @*/
+
+  if (!xmlhttp && typeof XMLHttpRequest != 'undefined')
+    {
+      try { xmlhttp = new XMLHttpRequest(); }
+      catch (e) { xmlhttp = false; }
+    }
+    return xmlhttp;
+}
+
+function formSubmit(e)
+{
+	var form     = e.target;
+	var username = document.getElementById("username");
+	var password = document.getElementById("password");
+	var http     = createHTTPObject();
+  /* console.log("username: " + username.value + " password: " + password.value); */
+	http.open("get", "index.html", false, username.value, password.value);
+	http.send("");
+	if (http.status == 200) /* content got delivered, we are clear to pass (password was right) */
+	{ window.location = "http://ostsee.halbtotal.de/index.html"; return false; }
+	else if (http.status == 401) /* 401=authorization required when password was wrong */
+	{ password.value = ''; return false; }
+	else /* other errors lead to the default login page */
+	{ return false; }
+}
+
+for(var i in document.forms)
+{ document.forms[i].onsubmit=formSubmit; }
+</script>
+<!-- vim: set ts=2 sw=2 :smartindent -->
+
-- 
cgit v1.2.3