}
/* Ask password if upload password is set. */
-if (strlen ($cfg['upload_password']) > 0)
+if (jirafeau_has_upload_password ($cfg))
{
session_start();
/* Unlog if asked. */
if (isset ($_POST['action']) && (strcmp ($_POST['action'], 'logout') == 0))
- $_SESSION['upload_auth'] = false;
+ session_unset ();
/* Auth. */
if (isset ($_POST['upload_password']))
{
- if (strcmp ($cfg['upload_password'], $_POST['upload_password']) == 0)
+ if (jirafeau_challenge_upload_password ($cfg, $_POST['upload_password']))
+ {
$_SESSION['upload_auth'] = true;
+ $_SESSION['user_upload_password'] = $_POST['upload_password'];
+ }
else
{
$_SESSION['admin_auth'] = false;
</tr>
<p id="max_file_size" class="config"></p>
<p>
-
- <input type="hidden" id="upload_password" name="upload_password" value="<?php echo $cfg['upload_password']?>"/>
+ <?php
+ if (jirafeau_has_upload_password ($cfg) && $_SESSION['upload_auth'])
+ {
+ ?>
+ <input type="hidden" id="upload_password" name="upload_password" value="<?php echo $_SESSION['user_upload_password'] ?>"/>
+ <?php
+ }
+ else
+ {
+ ?>
+ <input type="hidden" id="upload_password" name="upload_password" value=""/>
+ <?php
+ }
+ ?>
<input type="submit" id="send" value="<?php echo t('Send'); ?>"
onclick="
document.getElementById('upload').style.display = 'none';
</div> </fieldset>
<?php
- if (strlen ($cfg['upload_password']) > 0)
+ if (jirafeau_has_upload_password ($cfg))
{
?>
<form action = "<?php echo basename(__FILE__); ?>" method = "post">
fwrite ($handle, jirafeau_quoted ($item));
else if (is_int ($item))
fwrite ($handle, $item);
+ else if (is_array ($item))
+ fwrite ($handle, str_replace(array("\n", "\r"), "",
+ var_export ($item, true)));
else
fwrite ($handle, 'null');
fwrite ($handle, ';'.NL);
* default configuration
* if you want to change this, overwrite in a config.local.php file
*/
- global $cfg;
+global $cfg;
/* don't forget the ending '/' */
$cfg['web_root'] = '';
$cfg['enable_crypt'] = false;
/* Split lenght of link refenrece. */
$cfg['link_name_lenght'] = 8;
-/* Upload password. Empty string disable the password. */
-$cfg['upload_password'] = '';
+/* Upload password(s). Empty array disable password authentification.
+ * $cfg['upload_password'] = array(); // No password
+ * $cfg['upload_password'] = array('psw1'); // One password
+ * $cfg['upload_password'] = array('psw1', 'psw2'); // Two passwords
+ * ... and so on
+ */
+$cfg['upload_password'] = array();
/* Installation is done ? */
$cfg['installation_done'] = false;
return true;
}
-?>
+/**
+ * Check if Jirafeau is password protected for visitors.
+ * @return true if Jirafeau is password protected, false otherwise.
+ */
+function jirafeau_has_upload_password ($cfg)
+{
+ return count ($cfg['upload_password']) > 0;
+}
+
+/**
+ * Challenge password for a visitor.
+ * @param $password password to be challenged
+ * @return true if password is valid, false otherwise.
+ */
+function jirafeau_challenge_upload_password ($cfg, $password)
+{
+ if (!jirafeau_has_upload_password($cfg))
+ return false;
+ forEach ($cfg['upload_password'] as $p)
+ if ($password == $p)
+ return true;
+ error_log("password not found $password");
+ return false;
+}
+
if (isset ($_FILES['file']) && is_writable (VAR_FILES)\r
&& is_writable (VAR_LINKS))\r
{\r
- if (strlen ($cfg['upload_password']) > 0 && (!isset ($_POST['upload_password']) || $_POST['upload_password'] != $cfg['upload_password']))\r
+ if (jirafeau_has_upload_password ($cfg) &&\r
+ (!isset ($_POST['upload_password']) ||\r
+ !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])))\r
{\r
echo "Error";\r
exit;\r
/* Initialize an asynchronous upload. */\r
elseif (isset ($_GET['init_async']))\r
{\r
- if (strlen ($cfg['upload_password']) > 0 && (!isset ($_POST['upload_password']) || $_POST['upload_password'] != $cfg['upload_password']))\r
+ if (jirafeau_has_upload_password ($cfg) &&\r
+ (!isset ($_POST['upload_password']) ||\r
+ !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])))\r
{\r
echo "Error";\r
exit;\r
/* Initialize block. */\r
elseif (isset ($_GET['init_block']) && $cfg['enable_blocks'])\r
{\r
- if (strlen ($cfg['upload_password']) > 0 && (!isset ($_POST['upload_password']) || $_POST['upload_password'] != $cfg['upload_password']))\r
+ if (jirafeau_has_upload_password ($cfg) &&\r
+ (!isset ($_POST['upload_password']) ||\r
+ !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])))\r
{\r
echo "Error";\r
exit;\r
git.p6c8.net / jirafeau_project.git / commitdiff