From 6226f8a16c32eff0ff0e4dbde4bc700db20a9e0c Mon Sep 17 00:00:00 2001
From: Dmitriy Novash <novashdima@gmail.com>
Date: Tue, 24 May 2022 17:37:32 +0300
Subject: [PATCH] fix password decode on api requests

---
 src/main.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main.php b/src/main.php
index 9d20703..d67df5a 100644
--- a/src/main.php
+++ b/src/main.php
@@ -988,7 +988,7 @@ f00bar;
 
 		$credentials_header = $_SERVER['HTTP_X_IFM_AUTH'] ?? $_SERVER['HTTP_AUTHORIZATION'] ?? false;
 		if ($credentials_header && !$this->config['auth_ignore_basic']) {
-			$cred = explode(":", base64_decode(str_replace("Basic ", "", $credentials_header)));
+			$cred = explode(":", base64_decode(str_replace("Basic ", "", $credentials_header)), 2);
 			if (count($cred) == 2 && $this->checkCredentials($cred[0], $cred[1]))
 				return true;
 		}