static L<S> standaloneWebAuth_authorizedCookies;
static Lock standaloneWebAuth_lock = lock();

// pair(response, authorized)
static Pair<S, Bool> standaloneWebAuth(S url, S cookie, S pw) {
  lock standaloneWebAuth_lock;
  if (standaloneWebAuth_authorizedCookies == null) {
    standaloneWebAuth_authorizedCookies = new L;
    load("standaloneWebAuth_authorizedCookies");
  }
  
  if (empty(cookie)) ret pair(null, false);

  bool in = contains(standaloneWebAuth_authorizedCookies, cookie);
  if (in) ret pair(null, true);
    
  S realPW = standaloneWebAuth_realPW();
  if (empty(realPW)) {
    print("No password set by admin - please put password in: " + standaloneWebAuth_realPWFile().getAbsolutePath());
    ret pair(null, false);
  }
    
  if (nempty(pw)) {
    if (neq(pw, realPW)) {
      logQuotedWithDate("bad-login-attempts.txt", print("XXX - Alert, bad PW entered on web - XXX - IP: " + clientIP());
      ret pair("Bad PW, bugger", false);
    } else {
      standaloneWebAuth_authorizedCookies.add(cookie);
      save("standaloneWebAuth_authorizedCookies");
      ret pair(null, true);
    }
  }
  
  ret pair(standaloneWebAuth_showForm(), false);
}

static S standaloneWebAuth_showForm(S url) {
  S formContents = tag("p", "Enter deh pass word: " + htag("input", "", "type", "password", "name", "pw"));
  formContents += tag("input", "", "type", "submit", "value", "Submit!");
  ret tag("form", formContents, "method", "POST", "action", url);
}

static File standaloneWebAuth_realPWFile() {
  ret secretProgramFile("master-pw");
}

static S standaloneWebAuth_realPW() {
  ret trim(loadTextFile(standaloneWebAuth_realPWFile()));
}