Drop out of authenticated() function when cannot find htpasswd file.

backend-php/include/inc.php

@@ -807,18 +807,18 @@ function authenticated() {
             global $LANG;
             if (!isset($_POST["usr"])) die($LANG["username_required"]);
             requirePOST("pwd", "usr");
-            if (file_exists(getConfig("htpasswd_path"))) {
-                $file = fopen(getConfig("htpasswd_path"), "r");
-                $authed = false;
-                while (($line = fgets($file)) !== false && !$authed) {
-                    $creds = explode(":", trim($line));
-                    if ($creds[0] == $_POST["usr"]) {
-                        $authed = password_verify($_POST["pwd"], $creds[1]);
-                    }
-                }
-                fclose($file);
-                return $authed;
-            }
+			// Jump out if we cannot find the htpasswd file.
+			if (!file_exists(getConfig("htpasswd_path"))) die($LANG["cannot_find_htpasswd_file"]);
+			$file = fopen(getConfig("htpasswd_path"), "r");
+			$authed = false;
+			while (($line = fgets($file)) !== false && !$authed) {
+				$creds = explode(":", trim($line));
+				if ($creds[0] == $_POST["usr"]) {
+					$authed = password_verify($_POST["pwd"], $creds[1]);
+				}
+			}
+			fclose($file);
+			return $authed;
 
         case LDAP:
             // LDAP-based authentication.

backend-php/include/lang/en/texts.php

@@ -24,3 +24,4 @@ $LANG['ldap_connection_failed'] = 'Failed to connect to the LDAP server!';
 $LANG['ldap_search_failed'] = 'Failed to look up user on the LDAP server!';
 $LANG['ldap_user_unauthorized'] = 'User not found, not authorized, or incorrect password!';
 $LANG['ldap_search_ambiguous'] = 'Matched multiple users - the LDAP filter is too broad!';
+$LANG['cannot_find_password_file'] = 'Cannot find password file!';