X-Git-Url: https://git.p6c8.net/jirafeau.git/blobdiff_plain/96707e02b8b24054e0827eaf169cc88504a1e78c..16e3d41d8aac70a5e6c3adde4abfe80bf96e5bde:/index.php diff --git a/index.php b/index.php index b8feabd..8cd556d 100644 --- a/index.php +++ b/index.php @@ -18,6 +18,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ +session_start(); define('JIRAFEAU_ROOT', dirname(__FILE__) . '/'); require(JIRAFEAU_ROOT . 'lib/settings.php'); @@ -34,105 +35,116 @@ if (has_error()) { require(JIRAFEAU_ROOT . 'lib/template/header.php'); /* Check if user is allowed to upload. */ -if (!jirafeau_challenge_upload_ip($cfg, get_ip_address($cfg))) { - echo '

' . t('Access denied') . '

'; - require(JIRAFEAU_ROOT.'lib/template/footer.php'); - exit; -} - -/* Ask password if upload password is set. */ -if (jirafeau_has_upload_password($cfg)) { - session_start(); +// First check: Challenge by IP +if (true === jirafeau_challenge_upload_ip($cfg['upload_ip'], get_ip_address($cfg))) { + // Is an upload password required? + if (jirafeau_has_upload_password($cfg)) { + // Logout action + if (isset($_POST['action']) && (strcmp($_POST['action'], 'logout') == 0)) { + session_unset(); + } - /* Unlog if asked. */ - if (isset($_POST['action']) && (strcmp($_POST['action'], 'logout') == 0)) { - session_unset(); - } + // Challenge by password + // …save successful logins in session + if (isset($_POST['upload_password'])) { + if (jirafeau_challenge_upload_password($cfg, $_POST['upload_password'])) { + $_SESSION['upload_auth'] = true; + $_SESSION['user_upload_password'] = $_POST['upload_password']; + } else { + $_SESSION['admin_auth'] = false; + jirafeau_fatal_error(t('BAD_PSW'), $cfg); + } + } - /* Auth. */ - if (isset($_POST['upload_password'])) { - if (jirafeau_challenge_upload_password($cfg, $_POST['upload_password'])) { - $_SESSION['upload_auth'] = true; - $_SESSION['user_upload_password'] = $_POST['upload_password']; - } else { - $_SESSION['admin_auth'] = false; - echo '

' . t('Wrong password.') . '

'; + // Show login form if user session is not authorized yet + if (true === empty($_SESSION['upload_auth'])) { + ?> +
+
+ + + + + + + + + +
+
+
+
+
+ -
-
- - - - - - - - - -
- -
-
-
-
-

+

- - + + +

+ +

-

-

:

-

+

+ +

+ + +

-
-

:

-

+

+ +

+ + +

-
-

:

-

+
+

+ +

+ + +

-
-

:

+
+

:

- +

@@ -145,59 +157,59 @@ if (jirafeau_has_upload_password($cfg)) {
- +

')"/> + onchange="control_selected_file_size(, '')"/>

- + - + - +
::

@@ -246,9 +258,9 @@ if (jirafeau_has_upload_password($cfg)) { -
+ - +