mirror_php/Jirafeau
1
0
Fork 0
mirror of https://gitlab.com/mojo42/Jirafeau.git synced 2025-04-22 12:36:17 +02:00
Code Issues Projects Releases Wiki Activity

remove clear text password storage

Browse Source
This commit is contained in:
Jerome Jutteau 2012-12-05 18:52:27 +00:00
parent 8dc8b4bc88
commit ab330a749d
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
file.php
View File

@ -102,7 +102,7 @@ if(isset($_GET['h']) && !empty($_GET['h'])) {
require(JIRAFEAU_ROOT . 'lib/template/footer.php');
exit;
} else {
if($key != $_POST['key']) {
if($key != md5($_POST['key'])) {
header("HTTP/1.0 403 Forbidden");
require(JIRAFEAU_ROOT . 'lib/template/header.php');

7
lib/functions.php
View File

@ -173,10 +173,15 @@ function jirafeau_upload($file, $one_time_download, $key, $time, $cfg, $ip) {
for ($i = 0; $i < 8; $i++)
$delete_link_code .= dechex(rand(0,16));
/* md5 password or empty */
$password = '';
if (!empty($key))
$password = md5($key);
/* create link file */
$link_tmp_name = VAR_LINKS . $md5 . rand(0, 10000) . '.tmp';
$handle = fopen($link_tmp_name, 'w');
fwrite($handle, $name . NL . $mime_type . NL . $size . NL . $key . NL . $time . NL . $md5 . NL . ($one_time_download ? 'O' : 'R') . NL . date('U') . NL . $ip . NL . $delete_link_code . NL);
fwrite($handle, $name . NL . $mime_type . NL . $size . NL . $password . NL . $time . NL . $md5 . NL . ($one_time_download ? 'O' : 'R') . NL . date('U') . NL . $ip . NL . $delete_link_code . NL);
fclose($handle);
$md5_link = md5_file($link_tmp_name);
if(!rename($link_tmp_name, VAR_LINKS . $md5_link)) {