Closes #6 can use several upload passwords in options

2025-01-17 12:58:20 +01:00 · 2015-02-23 13:34:50 +01:00 · 2015-02-23 13:34:50 +01:00 · 6c49ea194c
commit 6c49ea194c
parent 4013663192
5 changed files with 66 additions and 13 deletions
--- a/index.php
+++ b/index.php
@ -35,19 +35,22 @@ if (has_error ())
 }

 /* Ask password if upload password is set. */
-if (strlen ($cfg['upload_password']) > 0)
+if (jirafeau_has_upload_password ($cfg))
 {
    session_start();

    /* Unlog if asked. */
    if (isset ($_POST['action']) && (strcmp ($_POST['action'], 'logout') == 0))
-        $_SESSION['upload_auth'] = false;
+        session_unset ();

    /* Auth. */
    if (isset ($_POST['upload_password']))
    {
-        if (strcmp ($cfg['upload_password'], $_POST['upload_password']) == 0)
+        if (jirafeau_challenge_upload_password ($cfg, $_POST['upload_password']))
+        {
            $_SESSION['upload_auth'] = true;
+            $_SESSION['user_upload_password'] = $_POST['upload_password'];
+        }
        else
        {
            $_SESSION['admin_auth'] = false;
@ -152,8 +155,20 @@ if (strlen ($cfg['upload_password']) > 0)
        </tr>
 		<p id="max_file_size" class="config"></p>
    <p>
-
-    <input type="hidden" id="upload_password" name="upload_password" value="<?php echo $cfg['upload_password']?>"/>
+    <?php
+    if (jirafeau_has_upload_password ($cfg) && $_SESSION['upload_auth'])
+    {
+    ?>
+    <input type="hidden" id="upload_password" name="upload_password" value="<?php echo $_SESSION['user_upload_password'] ?>"/>
+    <?php
+    }
+    else
+    {
+    ?>
+    <input type="hidden" id="upload_password" name="upload_password" value=""/>
+    <?php
+    }
+    ?>
    <input type="submit" id="send" value="<?php echo t('Send'); ?>"
    onclick="
        document.getElementById('upload').style.display = 'none';
@ -165,7 +180,7 @@ if (strlen ($cfg['upload_password']) > 0)
    </div> </fieldset>

    <?php
-    if (strlen ($cfg['upload_password']) > 0)
+    if (jirafeau_has_upload_password ($cfg))
    {
    ?>
    <form action = "<?php echo basename(__FILE__); ?>" method = "post">
--- a/install.php
+++ b/install.php
@ -52,6 +52,9 @@ jirafeau_export_cfg ($cfg)
            fwrite ($handle, jirafeau_quoted ($item));
        else if (is_int ($item))
            fwrite ($handle, $item);
+        else if (is_array ($item))
+            fwrite ($handle, str_replace(array("\n", "\r"), "",
+                                         var_export ($item, true)));
        else
            fwrite ($handle, 'null');
        fwrite ($handle, ';'.NL);
--- a/lib/config.original.php
+++ b/lib/config.original.php
@ -21,7 +21,7 @@
 * default configuration
 * if you want to change this, overwrite in a config.local.php file
 */
- global $cfg;
+global $cfg;
 
 /* don't forget the ending '/' */
 $cfg['web_root'] = '';
@ -52,8 +52,13 @@ $cfg['enable_blocks'] = false;
 $cfg['enable_crypt'] = false;
 /* Split lenght of link refenrece. */
 $cfg['link_name_lenght'] = 8;
-/* Upload password. Empty string disable the password. */
-$cfg['upload_password'] = '';
+/* Upload password(s). Empty array disable password authentification.
+ * $cfg['upload_password'] = array();               // No password
+ * $cfg['upload_password'] = array('psw1');         // One password
+ * $cfg['upload_password'] = array('psw1', 'psw2'); // Two passwords
+ * ... and so on
+ */
+$cfg['upload_password'] = array();

 /* Installation is done ? */
 $cfg['installation_done'] = false;
--- a/lib/functions.php
+++ b/lib/functions.php
@ -1385,4 +1385,28 @@ jirafeau_decrypt_file ($fp_src, $fp_dst, $k)
    return true;
 }

-?>
+/**
+ * Check if Jirafeau is password protected for visitors.
+ * @return true if Jirafeau is password protected, false otherwise.
+ */
+function jirafeau_has_upload_password ($cfg)
+{
+    return count ($cfg['upload_password']) > 0;
+}
+
+/**
+ * Challenge password for a visitor.
+ * @param $password password to be challenged
+ * @return true if password is valid, false otherwise.
+ */
+function jirafeau_challenge_upload_password ($cfg, $password)
+{
+    if (!jirafeau_has_upload_password($cfg))
+        return false;
+    forEach ($cfg['upload_password'] as $p)
+        if ($password == $p)
+            return true;
+    error_log("password not found $password");
+    return false;
+}
+
--- a/script.php
+++ b/script.php
@ -263,7 +263,9 @@ if (has_error ())
 if (isset ($_FILES['file']) && is_writable (VAR_FILES)
    && is_writable (VAR_LINKS))
 {
-    if (strlen ($cfg['upload_password']) > 0 && (!isset ($_POST['upload_password']) || $_POST['upload_password'] != $cfg['upload_password']))
+    if (jirafeau_has_upload_password ($cfg) &&
+         (!isset ($_POST['upload_password']) ||
+          !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])))
    {
        echo "Error";
        exit;
@ -529,7 +531,9 @@ fi
 /* Initialize an asynchronous upload. */
 elseif (isset ($_GET['init_async']))
 {
-    if (strlen ($cfg['upload_password']) > 0 && (!isset ($_POST['upload_password']) || $_POST['upload_password'] != $cfg['upload_password']))
+    if (jirafeau_has_upload_password ($cfg) &&
+         (!isset ($_POST['upload_password']) ||
+          !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])))
    {
        echo "Error";
        exit;
@ -603,7 +607,9 @@ elseif (isset ($_GET['end_async']))
 /* Initialize block. */
 elseif (isset ($_GET['init_block']) && $cfg['enable_blocks'])
 {
-    if (strlen ($cfg['upload_password']) > 0 && (!isset ($_POST['upload_password']) || $_POST['upload_password'] != $cfg['upload_password']))
+    if (jirafeau_has_upload_password ($cfg) &&
+         (!isset ($_POST['upload_password']) ||
+          !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])))
    {
        echo "Error";
        exit;