From c0dc815574d7d819c05a1aed5c27064215a40315 Mon Sep 17 00:00:00 2001
From: Jeroen Domburg <jeroen@spritesmods.com>
Date: Thu, 11 Dec 2014 21:37:33 +0100
Subject: [PATCH] Final comments

---
 user/auth.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/user/auth.c b/user/auth.c
index d181335..b2381c3 100644
--- a/user/auth.c
+++ b/user/auth.c
@@ -40,9 +40,9 @@ int ICACHE_FLASH_ATTR authBasic(HttpdConnData *connData) {
 	r=httpdGetHeader(connData, "Authorization", hdr, sizeof(hdr));
 	if (r && strncmp(hdr, "Basic", 5)==0) {
 		r=base64_decode(strlen(hdr)-6, hdr+6, sizeof(userpass), (unsigned char *)userpass);
-		if (r<0) r=0;
-		userpass[r]=0;
-		os_printf("Auth: %s\n", userpass);
+		if (r<0) r=0; //just clean out string on decode error
+		userpass[r]=0; //zero-terminate user:pass string
+//		os_printf("Auth: %s\n", userpass);
 		while (((AuthGetUserPw)(connData->cgiArg))(connData, no,
 				user, AUTH_MAX_USER_LEN, pass, AUTH_MAX_PASS_LEN)) {
 			//Check user/pass against auth header
@@ -53,7 +53,7 @@ int ICACHE_FLASH_ATTR authBasic(HttpdConnData *connData) {
 				//Authenticated. Yay!
 				return HTTPD_CGI_AUTHENTICATED;
 			}
-			no++;
+			no++; //Not authenticated with this user/pass. Check next user/pass combo.
 		}
 	}
 
@@ -63,6 +63,7 @@ int ICACHE_FLASH_ATTR authBasic(HttpdConnData *connData) {
 	httpdHeader(connData, "WWW-Authenticate", "Basic realm=\""HTTP_AUTH_REALM"\"");
 	httpdEndHeaders(connData);
 	espconn_sent(connData->conn, (uint8 *)forbidden, os_strlen(forbidden));
+	//Okay, all done.
 	return HTTPD_CGI_DONE;
 }