This is a cleaner way to upload files and also prepare for #311.
Signed-off-by: Jerome Jutteau <jerome@jutteau.fr>
/* Logout if requested. */
if (jirafeau_admin_session_logged() && isset($_POST['action']) && (strcmp($_POST['action'], 'logout') == 0)) {
/* Logout if requested. */
if (jirafeau_admin_session_logged() && isset($_POST['action']) && (strcmp($_POST['action'], 'logout') == 0)) {
- jirafeau_admin_session_end();
+ jirafeau_session_end();
}
if (!jirafeau_admin_session_logged()) {
}
if (!jirafeau_admin_session_logged()) {
require(JIRAFEAU_ROOT . 'lib/template/footer.php');
exit;
}
require(JIRAFEAU_ROOT . 'lib/template/footer.php');
exit;
}
require(JIRAFEAU_ROOT . 'lib/template/header.php');
require(JIRAFEAU_ROOT . 'lib/template/header.php');
+// Logout action
+if (isset($_POST['action']) && (strcmp($_POST['action'], 'logout') == 0)) {
+ jirafeau_session_end();
+}
+
/* Check if user is allowed to upload. */
/* Check if user is allowed to upload. */
-// First check: Challenge by IP NO PASSWORD
-if (true === jirafeau_challenge_upload_ip_without_password($cfg, get_ip_address($cfg))) {
- $_SESSION['upload_auth'] = true;
- $_POST['upload_password'] = '';
- $_SESSION['user_upload_password'] = $_POST['upload_password'];
+// First check: Is user already logged
+if (jirafeau_user_session_logged()) {}
+// Second check: Challenge by IP NO PASSWORD
+elseif (true === jirafeau_challenge_upload_ip_without_password($cfg, get_ip_address($cfg))) {
+ jirafeau_user_session_start();
-// Second check: Challenge by IP
+// Third check: Challenge by IP
elseif (true === jirafeau_challenge_upload_ip($cfg, get_ip_address($cfg))) {
// Is an upload password required?
if (jirafeau_has_upload_password($cfg)) {
elseif (true === jirafeau_challenge_upload_ip($cfg, get_ip_address($cfg))) {
// Is an upload password required?
if (jirafeau_has_upload_password($cfg)) {
- // Logout action
- if (isset($_POST['action']) && (strcmp($_POST['action'], 'logout') == 0)) {
- session_unset();
- }
-
- // …save successful logins in session
if (isset($_POST['upload_password'])) {
if (jirafeau_challenge_upload_password($cfg, $_POST['upload_password'])) {
if (isset($_POST['upload_password'])) {
if (jirafeau_challenge_upload_password($cfg, $_POST['upload_password'])) {
- $_SESSION['upload_auth'] = true;
- $_SESSION['user_upload_password'] = $_POST['upload_password'];
+ jirafeau_user_session_start();
- $_SESSION['admin_auth'] = false;
+ jirafeau_session_end();
jirafeau_fatal_error(t('BAD_PSW'), $cfg);
}
}
// Show login form if user session is not authorized yet
jirafeau_fatal_error(t('BAD_PSW'), $cfg);
}
}
// Show login form if user session is not authorized yet
- if (true === empty($_SESSION['upload_auth'])) {
+ if (!jirafeau_user_session_logged()) {
?>
<form method="post" class="form login">
<fieldset>
?>
<form method="post" class="form login">
<fieldset>
</tr>
<tr class = "nav">
<td class = "nav next">
</tr>
<tr class = "nav">
<td class = "nav next">
- <input type = "submit" name = "key" value =
- "<?php echo t('LOGIN'); ?>" />
+ <input type = "submit" name = "key" value = "<?php echo t('LOGIN'); ?>" />
<p id="max_file_size" class="config"></p>
<p>
<p id="max_file_size" class="config"></p>
<p>
- <?php
- if (jirafeau_has_upload_password($cfg) && $_SESSION['upload_auth']) {
- ?>
- <input type="hidden" id="upload_password" name="upload_password" value="<?php echo $_SESSION['user_upload_password'] ?>"/>
- <?php
- } else {
- ?>
- <input type="hidden" id="upload_password" name="upload_password" value=""/>
- <?php
- }
- ?>
<input type="submit" id="send" value="<?php echo t('SEND'); ?>"
onclick="
document.getElementById('upload').style.display = 'none';
<input type="submit" id="send" value="<?php echo t('SEND'); ?>"
onclick="
document.getElementById('upload').style.display = 'none';
- if (jirafeau_has_upload_password($cfg)
- && false === jirafeau_challenge_upload_ip_without_password($cfg, get_ip_address($cfg))) {
- ?>
+ if (jirafeau_user_session_logged()) {
+ ?>
<form method="post" class="form logout">
<input type = "hidden" name = "action" value = "logout"/>
<input type = "submit" value = "<?php echo t('LOGOUT'); ?>" />
<form method="post" class="form logout">
<input type = "hidden" name = "action" value = "logout"/>
<input type = "submit" value = "<?php echo t('LOGOUT'); ?>" />
require(JIRAFEAU_ROOT . 'lib/settings.php');
require(JIRAFEAU_ROOT . 'lib/functions.php');
require(JIRAFEAU_ROOT . 'lib/lang.php');
require(JIRAFEAU_ROOT . 'lib/settings.php');
require(JIRAFEAU_ROOT . 'lib/functions.php');
require(JIRAFEAU_ROOT . 'lib/lang.php');
?>
// @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-v3-or-Later
var web_root = "<?php echo $cfg['web_root']; ?>";
?>
// @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-v3-or-Later
var web_root = "<?php echo $cfg['web_root']; ?>";
-function classic_upload (file, time, password, one_time, upload_password)
+function classic_upload (file, time, password, one_time)
{
// Delay time estimation init as we can't have file size
upload_time_estimation_init(0);
{
// Delay time estimation init as we can't have file size
upload_time_estimation_init(0);
form.append ("key", password);
if (one_time)
form.append ("one_time_download", '1');
form.append ("key", password);
if (one_time)
form.append ("one_time_download", '1');
- if (upload_password.length > 0)
- form.append ("upload_password", upload_password);
-
var async_global_transfering = 0;
var async_global_last_code;
var async_global_transfering = 0;
var async_global_last_code;
-function async_upload_start (max_size, file, time, password, one_time, upload_password)
+function async_upload_start (max_size, file, time, password, one_time)
{
async_global_transfered = 0;
async_global_file = file;
{
async_global_transfered = 0;
async_global_file = file;
form.append ("key", password);
if (one_time)
form.append ("one_time_download", '1');
form.append ("key", password);
if (one_time)
form.append ("one_time_download", '1');
- if (upload_password.length > 0)
- form.append ("upload_password", upload_password);
// Start time estimation
upload_time_estimation_init(async_global_file.size);
// Start time estimation
upload_time_estimation_init(async_global_file.size);
document.getElementById('file_select').files[0],
document.getElementById('select_time').value,
document.getElementById('input_key').value,
document.getElementById('file_select').files[0],
document.getElementById('select_time').value,
document.getElementById('input_key').value,
- one_time,
- document.getElementById('upload_password').value
document.getElementById('file_select').files[0],
document.getElementById('select_time').value,
document.getElementById('input_key').value,
document.getElementById('file_select').files[0],
document.getElementById('select_time').value,
document.getElementById('input_key').value,
- one_time,
- document.getElementById('upload_password').value
}
function color_scheme_preferences() {
}
function color_scheme_preferences() {
let dark_mode_steel_sheet = "<?php echo 'media/' . $cfg['dark_style'] . '/style.css.php'; ?>"
if (window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches) {
set_dark_mode();
let dark_mode_steel_sheet = "<?php echo 'media/' . $cfg['dark_style'] . '/style.css.php'; ?>"
if (window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches) {
set_dark_mode();
$_SESSION['admin_csrf'] = md5(uniqid(mt_rand(), true));
}
$_SESSION['admin_csrf'] = md5(uniqid(mt_rand(), true));
}
-function jirafeau_admin_session_end()
+function jirafeau_session_end()
{
$_SESSION = array();
session_destroy();
{
$_SESSION = array();
session_destroy();
return "<input type='hidden' name='admin_csrf' value='". $_SESSION['admin_csrf'] . "'/>";
}
return "<input type='hidden' name='admin_csrf' value='". $_SESSION['admin_csrf'] . "'/>";
}
+function jirafeau_user_session_start()
+{
+ $_SESSION['user_auth'] = true;
+}
+
+function jirafeau_user_session_logged()
+{
+ return isset($_SESSION['user_auth']) &&
+ $_SESSION['user_auth'] === true;
+}
+
function jirafeau_dir_size($dir)
{
$size = 0;
function jirafeau_dir_size($dir)
{
$size = 0;
/* Upload file */
if (isset($_FILES['file']) && is_writable(VAR_FILES)
&& is_writable(VAR_LINKS)) {
/* Upload file */
if (isset($_FILES['file']) && is_writable(VAR_FILES)
&& is_writable(VAR_LINKS)) {
- if (isset($_POST['upload_password'])) {
- if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
+ if (!jirafeau_user_session_logged()) {
+ if (isset($_POST['upload_password']) &&
+ !jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
echo 'Error 3: Invalid password';
exit;
echo 'Error 3: Invalid password';
exit;
- }
- } else {
- if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), null)) {
+ } elseif (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), null)) {
echo 'Error 2: No password nor allowed IP';
exit;
}
}
echo 'Error 2: No password nor allowed IP';
exit;
}
}
$key = '';
if (isset($_POST['key'])) {
$key = $_POST['key'];
$key = '';
if (isset($_POST['key'])) {
$key = $_POST['key'];
$res = jirafeau_upload(
$_FILES['file'],
isset($_POST['one_time_download']),
$res = jirafeau_upload(
$_FILES['file'],
isset($_POST['one_time_download']),
}
/* Initialize an asynchronous upload. */
elseif (isset($_GET['init_async'])) {
}
/* Initialize an asynchronous upload. */
elseif (isset($_GET['init_async'])) {
- if (isset($_POST['upload_password'])) {
+ if (jirafeau_user_session_logged()) {}
+ elseif (isset($_POST['upload_password'])) {
if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
echo 'Error 20: Invalid password';
exit;
if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
echo 'Error 20: Invalid password';
exit;
echo jirafeau_async_init(
$_POST['filename'],
$type,
echo jirafeau_async_init(
$_POST['filename'],
$type,