From: Jerome Jutteau Date: Mon, 23 Feb 2015 12:34:50 +0000 (+0100) Subject: Closes #6 can use several upload passwords in options X-Git-Tag: 1.1~167 X-Git-Url: https://git.p6c8.net/jirafeau_project.git/commitdiff_plain/6c49ea194c030a04ce8b303aae2a51dce01c7382?ds=sidebyside Closes #6 can use several upload passwords in options --- diff --git a/index.php b/index.php index 127d9e6..81fca81 100644 --- a/index.php +++ b/index.php @@ -35,19 +35,22 @@ if (has_error ()) } /* Ask password if upload password is set. */ -if (strlen ($cfg['upload_password']) > 0) +if (jirafeau_has_upload_password ($cfg)) { session_start(); /* Unlog if asked. */ if (isset ($_POST['action']) && (strcmp ($_POST['action'], 'logout') == 0)) - $_SESSION['upload_auth'] = false; + session_unset (); /* Auth. */ if (isset ($_POST['upload_password'])) { - if (strcmp ($cfg['upload_password'], $_POST['upload_password']) == 0) + if (jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])) + { $_SESSION['upload_auth'] = true; + $_SESSION['user_upload_password'] = $_POST['upload_password']; + } else { $_SESSION['admin_auth'] = false; @@ -152,8 +155,20 @@ if (strlen ($cfg['upload_password']) > 0)

- - + + + + + " method = "post"> diff --git a/install.php b/install.php index 81a00cc..3bfbea8 100644 --- a/install.php +++ b/install.php @@ -52,6 +52,9 @@ jirafeau_export_cfg ($cfg) fwrite ($handle, jirafeau_quoted ($item)); else if (is_int ($item)) fwrite ($handle, $item); + else if (is_array ($item)) + fwrite ($handle, str_replace(array("\n", "\r"), "", + var_export ($item, true))); else fwrite ($handle, 'null'); fwrite ($handle, ';'.NL); diff --git a/lib/config.original.php b/lib/config.original.php index 716675e..d955d19 100644 --- a/lib/config.original.php +++ b/lib/config.original.php @@ -21,7 +21,7 @@ * default configuration * if you want to change this, overwrite in a config.local.php file */ - global $cfg; +global $cfg; /* don't forget the ending '/' */ $cfg['web_root'] = ''; @@ -52,8 +52,13 @@ $cfg['enable_blocks'] = false; $cfg['enable_crypt'] = false; /* Split lenght of link refenrece. */ $cfg['link_name_lenght'] = 8; -/* Upload password. Empty string disable the password. */ -$cfg['upload_password'] = ''; +/* Upload password(s). Empty array disable password authentification. + * $cfg['upload_password'] = array(); // No password + * $cfg['upload_password'] = array('psw1'); // One password + * $cfg['upload_password'] = array('psw1', 'psw2'); // Two passwords + * ... and so on + */ +$cfg['upload_password'] = array(); /* Installation is done ? */ $cfg['installation_done'] = false; diff --git a/lib/functions.php b/lib/functions.php index 76ae4b0..1e5b083 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -1385,4 +1385,28 @@ jirafeau_decrypt_file ($fp_src, $fp_dst, $k) return true; } -?> +/** + * Check if Jirafeau is password protected for visitors. + * @return true if Jirafeau is password protected, false otherwise. + */ +function jirafeau_has_upload_password ($cfg) +{ + return count ($cfg['upload_password']) > 0; +} + +/** + * Challenge password for a visitor. + * @param $password password to be challenged + * @return true if password is valid, false otherwise. + */ +function jirafeau_challenge_upload_password ($cfg, $password) +{ + if (!jirafeau_has_upload_password($cfg)) + return false; + forEach ($cfg['upload_password'] as $p) + if ($password == $p) + return true; + error_log("password not found $password"); + return false; +} + diff --git a/script.php b/script.php index 44fe449..d109d4a 100644 --- a/script.php +++ b/script.php @@ -263,7 +263,9 @@ if (has_error ()) if (isset ($_FILES['file']) && is_writable (VAR_FILES) && is_writable (VAR_LINKS)) { - if (strlen ($cfg['upload_password']) > 0 && (!isset ($_POST['upload_password']) || $_POST['upload_password'] != $cfg['upload_password'])) + if (jirafeau_has_upload_password ($cfg) && + (!isset ($_POST['upload_password']) || + !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password']))) { echo "Error"; exit; @@ -529,7 +531,9 @@ fi /* Initialize an asynchronous upload. */ elseif (isset ($_GET['init_async'])) { - if (strlen ($cfg['upload_password']) > 0 && (!isset ($_POST['upload_password']) || $_POST['upload_password'] != $cfg['upload_password'])) + if (jirafeau_has_upload_password ($cfg) && + (!isset ($_POST['upload_password']) || + !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password']))) { echo "Error"; exit; @@ -603,7 +607,9 @@ elseif (isset ($_GET['end_async'])) /* Initialize block. */ elseif (isset ($_GET['init_block']) && $cfg['enable_blocks']) { - if (strlen ($cfg['upload_password']) > 0 && (!isset ($_POST['upload_password']) || $_POST['upload_password'] != $cfg['upload_password'])) + if (jirafeau_has_upload_password ($cfg) && + (!isset ($_POST['upload_password']) || + !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password']))) { echo "Error"; exit;