From: Jerome Jutteau <mojo@couak.net>
Date: Mon, 23 Feb 2015 12:34:50 +0000 (+0100)
Subject: Closes #6 can use several upload passwords in options
X-Git-Tag: 1.1~167
X-Git-Url: https://git.p6c8.net/jirafeau_project.git/commitdiff_plain/6c49ea194c030a04ce8b303aae2a51dce01c7382?ds=sidebyside;hp=4013663192eb94fd4519e22d0e6dc1fb61b15957

Closes #6 can use several upload passwords in options
---

diff --git a/index.php b/index.php
index 127d9e6..81fca81 100644
--- a/index.php
+++ b/index.php
@@ -35,19 +35,22 @@ if (has_error ())
 }
 
 /* Ask password if upload password is set. */
-if (strlen ($cfg['upload_password']) > 0)
+if (jirafeau_has_upload_password ($cfg))
 {
     session_start();
 
     /* Unlog if asked. */
     if (isset ($_POST['action']) && (strcmp ($_POST['action'], 'logout') == 0))
-        $_SESSION['upload_auth'] = false;
+        session_unset ();
 
     /* Auth. */
     if (isset ($_POST['upload_password']))
     {
-        if (strcmp ($cfg['upload_password'], $_POST['upload_password']) == 0)
+        if (jirafeau_challenge_upload_password ($cfg, $_POST['upload_password']))
+        {
             $_SESSION['upload_auth'] = true;
+            $_SESSION['user_upload_password'] = $_POST['upload_password'];
+        }
         else
         {
             $_SESSION['admin_auth'] = false;
@@ -152,8 +155,20 @@ if (strlen ($cfg['upload_password']) > 0)
         </tr>
 		<p id="max_file_size" class="config"></p>
     <p>
-
-    <input type="hidden" id="upload_password" name="upload_password" value="<?php echo $cfg['upload_password']?>"/>
+    <?php
+    if (jirafeau_has_upload_password ($cfg) && $_SESSION['upload_auth'])
+    {
+    ?>
+    <input type="hidden" id="upload_password" name="upload_password" value="<?php echo $_SESSION['user_upload_password'] ?>"/>
+    <?php
+    }
+    else
+    {
+    ?>
+    <input type="hidden" id="upload_password" name="upload_password" value=""/>
+    <?php
+    }
+    ?>
     <input type="submit" id="send" value="<?php echo t('Send'); ?>"
     onclick="
         document.getElementById('upload').style.display = 'none';
@@ -165,7 +180,7 @@ if (strlen ($cfg['upload_password']) > 0)
     </div> </fieldset>
 
     <?php
-    if (strlen ($cfg['upload_password']) > 0)
+    if (jirafeau_has_upload_password ($cfg))
     {
     ?>
     <form action = "<?php echo basename(__FILE__); ?>" method = "post">
diff --git a/install.php b/install.php
index 81a00cc..3bfbea8 100644
--- a/install.php
+++ b/install.php
@@ -52,6 +52,9 @@ jirafeau_export_cfg ($cfg)
             fwrite ($handle, jirafeau_quoted ($item));
         else if (is_int ($item))
             fwrite ($handle, $item);
+        else if (is_array ($item))
+            fwrite ($handle, str_replace(array("\n", "\r"), "",
+                                         var_export ($item, true)));
         else
             fwrite ($handle, 'null');
         fwrite ($handle, ';'.NL);
diff --git a/lib/config.original.php b/lib/config.original.php
index 716675e..d955d19 100644
--- a/lib/config.original.php
+++ b/lib/config.original.php
@@ -21,7 +21,7 @@
  * default configuration
  * if you want to change this, overwrite in a config.local.php file
  */
- global $cfg;
+global $cfg;
  
 /* don't forget the ending '/' */
 $cfg['web_root'] = '';
@@ -52,8 +52,13 @@ $cfg['enable_blocks'] = false;
 $cfg['enable_crypt'] = false;
 /* Split lenght of link refenrece. */
 $cfg['link_name_lenght'] = 8;
-/* Upload password. Empty string disable the password. */
-$cfg['upload_password'] = '';
+/* Upload password(s). Empty array disable password authentification.
+ * $cfg['upload_password'] = array();               // No password
+ * $cfg['upload_password'] = array('psw1');         // One password
+ * $cfg['upload_password'] = array('psw1', 'psw2'); // Two passwords
+ * ... and so on
+ */
+$cfg['upload_password'] = array();
 
 /* Installation is done ? */
 $cfg['installation_done'] = false;
diff --git a/lib/functions.php b/lib/functions.php
index 76ae4b0..1e5b083 100644
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -1385,4 +1385,28 @@ jirafeau_decrypt_file ($fp_src, $fp_dst, $k)
     return true;
 }
 
-?>
+/**
+ * Check if Jirafeau is password protected for visitors.
+ * @return true if Jirafeau is password protected, false otherwise.
+ */
+function jirafeau_has_upload_password ($cfg)
+{
+    return count ($cfg['upload_password']) > 0;
+}
+
+/**
+ * Challenge password for a visitor.
+ * @param $password password to be challenged
+ * @return true if password is valid, false otherwise.
+ */
+function jirafeau_challenge_upload_password ($cfg, $password)
+{
+    if (!jirafeau_has_upload_password($cfg))
+        return false;
+    forEach ($cfg['upload_password'] as $p)
+        if ($password == $p)
+            return true;
+    error_log("password not found $password");
+    return false;
+}
+
diff --git a/script.php b/script.php
index 44fe449..d109d4a 100644
--- a/script.php
+++ b/script.php
@@ -263,7 +263,9 @@ if (has_error ())
 if (isset ($_FILES['file']) && is_writable (VAR_FILES)
     && is_writable (VAR_LINKS))
 {
-    if (strlen ($cfg['upload_password']) > 0 && (!isset ($_POST['upload_password']) || $_POST['upload_password'] != $cfg['upload_password']))
+    if (jirafeau_has_upload_password ($cfg) &&
+         (!isset ($_POST['upload_password']) ||
+          !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])))
     {
         echo "Error";
         exit;
@@ -529,7 +531,9 @@ fi
 /* Initialize an asynchronous upload. */
 elseif (isset ($_GET['init_async']))
 {
-    if (strlen ($cfg['upload_password']) > 0 && (!isset ($_POST['upload_password']) || $_POST['upload_password'] != $cfg['upload_password']))
+    if (jirafeau_has_upload_password ($cfg) &&
+         (!isset ($_POST['upload_password']) ||
+          !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])))
     {
         echo "Error";
         exit;
@@ -603,7 +607,9 @@ elseif (isset ($_GET['end_async']))
 /* Initialize block. */
 elseif (isset ($_GET['init_block']) && $cfg['enable_blocks'])
 {
-    if (strlen ($cfg['upload_password']) > 0 && (!isset ($_POST['upload_password']) || $_POST['upload_password'] != $cfg['upload_password']))
+    if (jirafeau_has_upload_password ($cfg) &&
+         (!isset ($_POST['upload_password']) ||
+          !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])))
     {
         echo "Error";
         exit;