*/
function jirafeau_challenge_upload ($cfg, $ip, $password)
{
- // Allow if no ip restrictaion and no password restriction
- if ((count ($cfg['upload_ip']) == 0) and (count ($cfg['upload_password']) == 0)) {
- return true;
- }
-
- // Allow if ip is in array (no password)
- foreach ($cfg['upload_ip_nopassword'] as $i) {
- if ($i == $ip) {
- return true;
- }
- // CIDR test for IPv4 only.
- if (strpos ($i, '/') !== false)
- {
- list ($subnet, $mask) = explode('/', $i);
- if ((ip2long ($ip) & ~((1 << (32 - $mask)) - 1) ) == ip2long ($subnet)) {
- return true;
- }
- }
- }
-
- // Allow if ip is in array
- foreach ($cfg['upload_ip'] as $i) {
- if ($i == $ip) {
- return true;
- }
- // CIDR test for IPv4 only.
- if (strpos ($i, '/') !== false)
- {
- list ($subnet, $mask) = explode('/', $i);
- if ((ip2long ($ip) & ~((1 << (32 - $mask)) - 1) ) == ip2long ($subnet)) {
- return true;
- }
- }
- }
- if (!jirafeau_has_upload_password($cfg)) {
- return false;
- }
-
- foreach ($cfg['upload_password'] as $p) {
- if ($password == $p) {
- return true;
- }
- }
- return false;
+ return jirafeau_challenge_upload_ip_without_password($cfg, $ip) ||
+ (!jirafeau_has_upload_password($cfg) && !jirafeau_upload_has_ip_restriction($cfg)) ||
+ (jirafeau_challenge_upload_password($cfg, $password) && jirafeau_challenge_upload_ip($cfg, $ip));
}
/** Tell if we have some HTTP headers generated by a proxy */