1 files changed, 30 insertions, 7 deletions

diff --git a/cgi-bin/mat.cgi b/cgi-bin/mat.cgi
index 52239d5..d8845f7 100755
--- a/cgi-bin/mat.cgi
+++ b/cgi-bin/mat.cgi
@@ -14,6 +14,7 @@ my $q = new CGI::Simple;
 my $id = $q->param('id');
 my $action = $q->param('action');
 my $storage = $q->param('storage');
+my $password = $q->param('password');
 my $session = CGI::Session->new(undef, undef, {Directory =>
     $Config{'session_directory'}});
 
@@ -85,29 +86,51 @@ sub cmd_relocate($$)
   cmd_view($id);
 }
 
+sub cmd_login($)
+{
+  my ( $password ) = @_;
+
+  if ( $password and ($password eq $Config{'password'} )) {
+    $session->param('authenticated', "yes");
+    print "welcome.";
+  } else {
+    print "<form>\n";
+    print "<input name=password>\n";
+    print "<input type=submit>\n";
+    print "</form>\n";
+  }
+}
+
 ### MAIN PROGRAM ##############################################################
 
 misconfigured unless ($Config{'database'});
 misconfigured unless $session;
-invalid_input unless ($id and $action);
+invalid_input unless $action;
+
+if ($action eq "view") {
+  invalid_input unless ($id and $id =~ m/^[0-9]+$/);
+} elsif ($action eq "relocate") {
+  invalid_input unless (($id =~ m/^[0-9]+$/) and ($storage =~ /^[a-z0-9]*$/));
+} elsif ($action eq "login") {
+} else {
+  invalid_input;
+}
 
-invalid_input unless (($id =~ m/^[0-9]+$/)
-    and ($action =~ m/^view|relocate$/) and ($storage =~ /^[a-z0-9]*$/));
 send_cookie;
 
 for ($action) {
   if    (/^view$/) {
     cmd_view($id);
-  }
-  elsif (/^relocate$/) {
+  } elsif (/^relocate$/) {
     if ($session->param('authenticated') eq "yes") {
       $session->expire("5y");
       cmd_relocate($id, $storage);
     } else {
       unauthorized();
     }
-  }
-  else {
+  } elsif (/^login$/) {
+    cmd_login($password);
+  } else {
     invalid_input;
   }
 }