-/* Ask password if upload password is set. */
-if (strlen ($cfg['upload_password']) > 0)
-{
- session_start();
-
- /* Unlog if asked. */
- if (isset ($_POST['action']) && (strcmp ($_POST['action'], 'logout') == 0))
- $_SESSION['upload_auth'] = false;
-
- /* Auth. */
- if (isset ($_POST['upload_password']))
- {
- if (strcmp ($cfg['upload_password'], $_POST['upload_password']) == 0)
- $_SESSION['upload_auth'] = true;
- else
- {
- $_SESSION['admin_auth'] = false;
- echo '<div class="error"><p>' . t('Wrong password.') . '</p></div>';
- require (JIRAFEAU_ROOT.'lib/template/footer.php');
- exit;
+// Logout action
+if (isset($_POST['action']) && (strcmp($_POST['action'], 'logout') == 0)) {
+ jirafeau_session_end();
+}
+
+/* Check if user is allowed to upload. */
+// First check: Is user already logged
+if (jirafeau_user_session_logged()) {}
+// Second check: Challenge by IP NO PASSWORD
+elseif (true === jirafeau_challenge_upload_ip_without_password($cfg, get_ip_address($cfg))) {
+ jirafeau_user_session_start();
+}
+// Third check: Challenge by IP
+elseif (true === jirafeau_challenge_upload_ip($cfg, get_ip_address($cfg))) {
+ // Is an upload password required?
+ if (jirafeau_has_upload_password($cfg)) {
+ // Challenge by password
+ if (isset($_POST['upload_password'])) {
+ if (jirafeau_challenge_upload_password($cfg, $_POST['upload_password'])) {
+ jirafeau_user_session_start();
+ } else {
+ jirafeau_session_end();
+ jirafeau_fatal_error(t('BAD_PSW'), $cfg);
+ }