X-Git-Url: https://git.p6c8.net/jirafeau.git/blobdiff_plain/96707e02b8b24054e0827eaf169cc88504a1e78c..f59f39f5ecae40b15bd39d43a59e73198ed4820e:/lib/functions.php diff --git a/lib/functions.php b/lib/functions.php index 4d698c2..7d15e1b 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -120,6 +120,21 @@ function jirafeau_human_size($octets) return round($o, 1) . $u[$p]; } +// Convert UTC timestamp to a datetime field +function jirafeau_get_datetimefield($timestamp) +{ + $content = '' + . strftime('%Y-%m-%d %H:%M', $timestamp) . ' (GMT)'; + return $content; +} + +function jirafeau_fatal_error($errorText, $cfg = array()) +{ + echo '

Error

' . $errorText . '

'; + require(JIRAFEAU_ROOT . 'lib/template/footer.php'); + exit; +} + function jirafeau_clean_rm_link($link) { $p = s2p("$link"); @@ -594,13 +609,12 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) /* Print link informations. */ echo ''; echo '' . - '' . htmlspecialchars($l['file_name']) . ''; echo ''; echo '' . $l['mime_type'] . ''; echo '' . jirafeau_human_size($l['file_size']) . ''; - echo '' . ($l['time'] == -1 ? '' : strftime('%c', $l['time'])) . - ''; + echo '' . ($l['time'] == -1 ? '∞' : jirafeau_get_datetimefield($l['time'])) . ''; echo ''; if ($l['onetime'] == 'O') { echo 'Y'; @@ -608,20 +622,20 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) echo 'N'; } echo ''; - echo '' . strftime('%c', $l['upload_date']) . ''; + echo '' . jirafeau_get_datetimefield($l['upload_date']) . ''; echo '' . $l['ip'] . ''; echo '' . - '
' . + '' . '' . '' . '' . '
' . - '
' . + '' . '' . '' . '' . '
' . - '
' . + '' . '' . '' . '' . @@ -1056,26 +1070,69 @@ function jirafeau_challenge_upload_password($cfg, $password) /** * Test if visitor's IP is authorized to upload. - * @param $ip IP to be challenged + * + * @param $allowedIpList array of allowed IPs + * @param $challengedIp IP to be challenged * @return true if IP is authorized, false otherwise. */ -function jirafeau_challenge_upload_ip($cfg, $ip) +function jirafeau_challenge_upload_ip($allowedIpList, $challengedIp) { - if (count($cfg['upload_ip']) == 0) { + // skip if list is empty = all IPs allowed + if (count($allowedIpList) == 0) { return true; } - foreach ($cfg['upload_ip'] as $i) { - if ($i == $ip) { + // test given IP against each allowed IP + foreach ($allowedIpList as $i) { + if ($i == $challengedIp) { return true; } // CIDR test for IPv4 only. if (strpos($i, '/') !== false) { list($subnet, $mask) = explode('/', $i); - if ((ip2long($ip) & ~((1 << (32 - $mask)) - 1)) == ip2long($subnet)) { + if ((ip2long($challengedIp) & ~((1 << (32 - $mask)) - 1)) == ip2long($subnet)) { + return true; + } + } + } + return false; +} + +/** + * Test if visitor's IP is authorized or password is supplied and authorized + * @param $ip IP to be challenged + * @param $password password to be challenged + * @return true if access is valid, false otherwise. + */ +function jirafeau_challenge_upload ($cfg, $ip, $password) +{ + // Allow if no ip restrictaion and no password restriction + if ((count ($cfg['upload_ip']) == 0) and (count ($cfg['upload_password']) == 0)) { + return true; + } + + // Allow if ip is in array + foreach ($cfg['upload_ip'] as $i) { + if ($i == $ip) { + return true; + } + // CIDR test for IPv4 only. + if (strpos ($i, '/') !== false) + { + list ($subnet, $mask) = explode('/', $i); + if ((ip2long ($ip) & ~((1 << (32 - $mask)) - 1) ) == ip2long ($subnet)) { return true; } } } + if (!jirafeau_has_upload_password($cfg)) { + return false; + } + + foreach ($cfg['upload_password'] as $p) { + if ($password == $p) { + return true; + } + } return false; }