static L<S> standaloneWebAuth_authorizedCookies;
static Lock standaloneWebAuth_lock = lock();

// make sure that pw = params.get("pw")
// returns pair(response, authorized)
static Pair<S, Bool> standaloneWebAuth(S url, S cookie, S pw) {
  lock standaloneWebAuth_lock;
  
  if (empty(cookie)) ret pair(null, false);

  S realPW = standaloneWebAuth_realPW();
  
  // No PW set?
  
  if (empty(realPW)) {
    print("No password set by admin - please put password in: " + standaloneWebAuth_realPWFile().getAbsolutePath());
    ret pair(null, false);
  }
    
  if (nempty(pw)) {
    if (eqic(pw, "logout")) {
      standaloneWebAuth_authorizedCookies().remove(cookie);
      ret pair("OK, logged out.", false);
    }
    if (neq(pw, realPW)) {
      logQuotedWithDate("bad-login-attempts.txt", print("XXX - Alert, bad PW entered on web - XXX - IP: " + clientIP());
      ret pair("Bad PW, bugger", false);
    }
    
    standaloneWebAuth_authorizedCookies.add(cookie);
    save("standaloneWebAuth_authorizedCookies");
    ret pair(null, true);
  }
  
  bool in = contains(standaloneWebAuth_authorizedCookies(), cookie);
  if (in) ret pair(null, true);
    
  ret pair(null, false);
}

static S standaloneWebAuth_showForm(S url, S cookie) {
  bool in = nempty(cookie) && contains(standaloneWebAuth_authorizedCookies(), cookie);
  S formContents = tag("p", "Enter deh pass word: " + htag("input", "", "type", "password", "name", "pw"));
  formContents += tag("input", "", "type", "submit", "value", "Submit!");
  ret p((in ? "You're in." : "You're not in.") + " " + (nempty(cookie) ? "Have cookie." : "No cookie."))
    + tag("form", formContents, "method", "POST", "action", url)
    + tag("form", hhidden("pw", "logout") + hsubmit("Log out"), 
      "method", "POST", "action", url);
}

static File standaloneWebAuth_realPWFile() {
  ret secretProgramFile("master-pw");
}

static S standaloneWebAuth_realPW() {
  ret trim(loadTextFile(standaloneWebAuth_realPWFile()));
}

static L<S> standaloneWebAuth_authorizedCookies() {
  lock standaloneWebAuth_lock;
  if (standaloneWebAuth_authorizedCookies == null) {
    standaloneWebAuth_authorizedCookies = new L;
    load("standaloneWebAuth_authorizedCookies");
  }
  ret standaloneWebAuth_authorizedCookies;
}