From 8a39c65c417c32f2b27feaf901fe70840984c4c2 Mon Sep 17 00:00:00 2001
From: Ben de Roo <ben@de-roo.org>
Date: Sat, 6 Jun 2026 19:21:19 +0200
Subject: [PATCH] Update gab/index.php

---
 gab/index.php | 138 ++++++++++----------------------------------------
 1 file changed, 28 insertions(+), 110 deletions(-)

diff --git a/gab/index.php b/gab/index.php
index 03a0de4..2bbc34c 100644
--- a/gab/index.php
+++ b/gab/index.php
@@ -1,136 +1,54 @@
 <?php
 
-$password = "GabrielIsDeBeste123";
+$correct_password = "GabrielIsDeBeste123";
 
 $ip = $_SERVER['REMOTE_ADDR'];
-$dir = __DIR__ . "/bans";
+$banDir = __DIR__ . "/bans";
 
-if (!is_dir($dir)) {
-    mkdir($dir);
+if (!is_dir($banDir)) {
+    mkdir($banDir);
 }
 
-$file = "$dir/" . md5($ip) . ".json";
+$banFile = $banDir . "/" . md5($ip) . ".json";
 
 $data = [
     "attempts" => 0,
     "ban_until" => 0
 ];
 
-if (file_exists($file)) {
-    $data = json_decode(file_get_contents($file), true);
+if (file_exists($banFile)) {
+    $data = json_decode(file_get_contents($banFile), true);
 }
 
 if (time() < $data["ban_until"]) {
-    die("Verbannen tot " . date("Y-m-d H:i:s", $data["ban_until"]));
+    http_response_code(403);
+    exit("IP geblokkeerd tot " . date("Y-m-d H:i:s", $data["ban_until"]));
 }
 
-if ($_SERVER["REQUEST_METHOD"] === "POST") {
+// Basic Auth check
+if (!isset($_SERVER['PHP_AUTH_PW']) ||
+    $_SERVER['PHP_AUTH_PW'] !== $correct_password) {
 
-    if ($_POST["password"] === $password) {
+    $data["attempts"]++;
 
-        unlink($file);
-        echo "Ingelogd!";
-        exit;
-
-    } else {
-
-        $data["attempts"]++;
-
-        if ($data["attempts"] >= 10) {
-            $data["ban_until"] = time() + 86400; // 1 dag
-        }
-
-        file_put_contents($file, json_encode($data));
+    if ($data["attempts"] >= 10) {
+        $data["ban_until"] = time() + 86400; // 24 uur
     }
-}
-?>
 
-<form method="post">
-    <input type="password" name="password">
-    <button>Login</button>
-</form>
-<?php
+    file_put_contents($banFile, json_encode($data));
+
+    header('WWW-Authenticate: Basic realm="Foto Viewer"');
+    header('HTTP/1.0 401 Unauthorized');
+    exit('Wachtwoord vereist');
+}
+
+// reset bij succes
+if (file_exists($banFile)) {
+    unlink($banFile);
+}
+
 $images = array_values(array_filter(scandir('.'), function($file) {
     return preg_match('/\.(jpg|jpeg|png|gif|webp)$/i', $file);
 }));
-?>
 
-<!DOCTYPE html>
-<html lang="nl">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>Foto Viewer</title>
-
-<style>
-body {
-    margin: 0;
-    background: #111;
-    display: flex;
-    justify-content: center;
-    align-items: center;
-    height: 100vh;
-    overflow: hidden;
-}
-
-img {
-    max-width: 95vw;
-    max-height: 95vh;
-    object-fit: contain;
-}
-
-button {
-    position: fixed;
-    top: 50%;
-    transform: translateY(-50%);
-    font-size: 2rem;
-    padding: 10px 20px;
-    background: rgba(0,0,0,0.5);
-    color: white;
-    border: none;
-    cursor: pointer;
-}
-
-#prev { left: 20px; }
-#next { right: 20px; }
-</style>
-</head>
-<body>
-
-<button id="prev">◀</button>
-<img id="image">
-<button id="next">▶</button>
-
-<script>
-const images = <?= json_encode($images) ?>;
-
-let current = 0;
-const img = document.getElementById('image');
-
-function showImage() {
-    img.src = images[current];
-}
-
-document.getElementById('prev').onclick = () => {
-    current = (current - 1 + images.length) % images.length;
-    showImage();
-};
-
-document.getElementById('next').onclick = () => {
-    current = (current + 1) % images.length;
-    showImage();
-};
-
-document.addEventListener('keydown', e => {
-    if (e.key === 'ArrowLeft') {
-        document.getElementById('prev').click();
-    } else if (e.key === 'ArrowRight') {
-        document.getElementById('next').click();
-    }
-});
-
-showImage();
-</script>
-
-</body>
-</html>
\ No newline at end of file
+?>
\ No newline at end of file