If no IP addresses are listed at 'upload_ip_nopassword', index.php won't
show any login form and indicate the session as authenticated. During
the actual upload, script.php will show the error 'Error 2: No password
nor allowed IP'.
The reason is that jirafeau_challenge_upload_ip returns true if the
supplied IP whitelist is empty, but uploading without a password doesn't
work this way (and shouldn't).
I took the liberty to split 'jirafeau_challenge_upload_ip' into one
function for the normal IP check, and one for checking if allowed to
upload without a password. Having function names that clearly
communicates the intent makes it easier to avoid bugs.