From cff0f429b920dd061210820f57b3163874ee2b64 Mon Sep 17 00:00:00 2001
From: bohwaz <github.bohwaz@miam.kd2.org>
Date: Tue, 22 Nov 2022 16:10:04 +0100
Subject: [PATCH] Always ask for auth when anonymous read and write is disabled

---
 index.php  | 32 ++++++++++++++++++++++++--------
 server.php | 28 ++++++++++++++++++++++------
 2 files changed, 46 insertions(+), 14 deletions(-)

diff --git a/index.php b/index.php
index ee4fef4..ca693e5 100644
--- a/index.php
+++ b/index.php
@@ -1784,14 +1784,30 @@ namespace PicoDAV
 			return $out;
 		}
 
-		function error(WebDAV_Exception $e)
+		public function route(?string $uri = null): bool
+		{
+			if (!ANONYMOUS_WRITE && !ANONYMOUS_READ) {
+				$this->requireAuth();
+				return true;
+			}
+
+			return parent::route($uri);
+		}
+
+		protected function requireAuth(): void
+		{
+			if ($this->storage->auth()) {
+				return;
+			}
+
+			http_response_code(401);
+			header('WWW-Authenticate: Basic realm="Please login"');
+			echo '<h2>Error 401</h2><h1>You need to login to access this.</h1>';
+		}
+
+		public function error(WebDAV_Exception $e)
 		{
 			if ($e->getCode() == 403 && !$this->storage->auth() && count($this->storage->users)) {
-				$user = $_SERVER['PHP_AUTH_USER'] ?? null;
-
-				http_response_code(401);
-				header('WWW-Authenticate: Basic realm="Please login"');
-				echo '<h2>Error 401</h2><h1>You need to login to access this.</h1>';
 				return;
 			}
 
@@ -1851,11 +1867,11 @@ RewriteRule ^.*$ /index.php [END]
 		$fp = fopen(__FILE__, 'r');
 
 		if ($relative_uri == '.webdav/webdav.js') {
-			fseek($fp, 49803, SEEK_SET);
+			fseek($fp, 50046, SEEK_SET);
 			echo fread($fp, 27769);
 		}
 		else {
-			fseek($fp, 49803 + 27769, SEEK_SET);
+			fseek($fp, 50046 + 27769, SEEK_SET);
 			echo fread($fp, 6988);
 		}
 
diff --git a/server.php b/server.php
index 0c394a0..8fe4a72 100644
--- a/server.php
+++ b/server.php
@@ -508,14 +508,30 @@ namespace PicoDAV
 			return $out;
 		}
 
-		function error(WebDAV_Exception $e)
+		public function route(?string $uri = null): bool
+		{
+			if (!ANONYMOUS_WRITE && !ANONYMOUS_READ) {
+				$this->requireAuth();
+				return true;
+			}
+
+			return parent::route($uri);
+		}
+
+		protected function requireAuth(): void
+		{
+			if ($this->storage->auth()) {
+				return;
+			}
+
+			http_response_code(401);
+			header('WWW-Authenticate: Basic realm="Please login"');
+			echo '<h2>Error 401</h2><h1>You need to login to access this.</h1>';
+		}
+
+		public function error(WebDAV_Exception $e)
 		{
 			if ($e->getCode() == 403 && !$this->storage->auth() && count($this->storage->users)) {
-				$user = $_SERVER['PHP_AUTH_USER'] ?? null;
-
-				http_response_code(401);
-				header('WWW-Authenticate: Basic realm="Please login"');
-				echo '<h2>Error 401</h2><h1>You need to login to access this.</h1>';
 				return;
 			}