From 814a694cd2782c11983433ba053111c4743d07f3 Mon Sep 17 00:00:00 2001 From: Patrick Canterino Date: Sat, 6 Jul 2024 14:10:47 +0200 Subject: [PATCH 1/1] Note the authentication type (by password or by IP no password) in the session This allows us to show the logout button only if the user is authenticated by password --- index.php | 4 +++- lib/settings.php | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/index.php b/index.php index 24565bd..78c1beb 100644 --- a/index.php +++ b/index.php @@ -50,6 +50,7 @@ if (jirafeau_user_session_logged()) { // Second check: Challenge by IP NO PASSWORD elseif (true === jirafeau_challenge_upload_ip_without_password($cfg, get_ip_address($cfg))) { jirafeau_user_session_start(); + $_SESSION['user_auth_type'] = JIRAFEAU_USER_AUTH_BY_IP_NO_PASSWORD; } // Third check: Challenge by IP elseif (true === jirafeau_challenge_upload_ip($cfg, get_ip_address($cfg))) { @@ -59,6 +60,7 @@ elseif (true === jirafeau_challenge_upload_ip($cfg, get_ip_address($cfg))) { if (isset($_POST['upload_password'])) { if (jirafeau_challenge_upload_password($cfg, $_POST['upload_password'])) { jirafeau_user_session_start(); + $_SESSION['user_auth_type'] = JIRAFEAU_USER_AUTH_BY_PASSWORD; } else { jirafeau_session_end(); jirafeau_fatal_error(t('BAD_PSW'), $cfg); @@ -290,7 +292,7 @@ if ($cfg['maximal_upload_size'] >= 1024) {
diff --git a/lib/settings.php b/lib/settings.php index 86a14e2..2c2235a 100644 --- a/lib/settings.php +++ b/lib/settings.php @@ -75,6 +75,9 @@ define('JIRAFEAU_MONTH', 2592000); // JIRAFEAU_DAY * 30 define('JIRAFEAU_QUARTER', 7776000); // JIRAFEAU_DAY * 90 define('JIRAFEAU_YEAR', 31536000); // JIRAFEAU_DAY * 365 +define('JIRAFEAU_USER_AUTH_BY_IP_NO_PASSWORD', 1); +define('JIRAFEAU_USER_AUTH_BY_PASSWORD', 2); + define('JIRAFEAU_SODIUM_CHUNKSIZE', 1024); // Define some Sodium constants from newer PHP versions if they are not available -- 2.34.1