webservices
/
sharing-gallery
1
0
Fork 0
Code Issues Pull Requests Releases Activity

bugs fixed

Browse Source
master
Marc Wäckerlin 8 years ago
parent 7637b49aac
commit b58abf70b7
3 changed files with 22 additions and 13 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      etc/authentication.php
  2. 2
      etc/settings.php
  3. 18
      html/index.php

15
etc/authentication.php
Unescape View File

@ -5,6 +5,7 @@ $ldaptls = "yes";
$ldapbase = "dc=my,dc=server,dc=com";
$checkuser = "cn";
function basicAuth() {
global $realm;
header('WWW-Authenticate: Basic realm="'.$realm.'"');
header('HTTP/1.0 401 Unauthorized');
exit;
@ -12,7 +13,7 @@ function basicAuth() {
if (!isset($_SERVER['PHP_AUTH_USER'])) {
basicAuth();
} else {
$tstusername = preg_replace('/[^a-z]/', '-', $_SERVER['PHP_AUTH_USER']);
$tstusername = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
$ldapconn = ldap_connect($ldaphost, 389)
or error_die("connection to LDAP host failed");
@ -21,8 +22,14 @@ if (!isset($_SERVER['PHP_AUTH_USER'])) {
if ($ldaptls!="no" && $ldaptls!=0 && $ldaptlS)
ldap_start_tls($ldapconn)
or error_die($ldapconn, "cannot start LDAP TLS");
$ldapbind = @ldap_bind($ldapconn, $checkuser.'='.$tstusername.','.$ldapbase, $password)
or basicAuth();
$username = $tstuserbname;
if ($ldapbind = @ldap_bind($ldapconn, $checkuser.'='.$tstusername.','.$ldapbase, $password)) {
ldap_close($ldapconn);
$username = $tstusername;
} else {
error_log("user login failed: ".$checkuser.'='.$tstusername.','.$ldapbase);
error_log(ldap_error($ldapconn));
ldap_close($ldapconn);
basicAuth();
}
}
?>

2
etc/settings.php
Unescape View File

@ -2,4 +2,6 @@
$imagepath = "/path/to/your/files";
$thumbpath = "/var/tmp/sharing-gallery/thumbnails/";
$max_validity_days = "30";
$font = "DejaVu-Sans";
$preview_num = "5";
?>

18
html/index.php
Unescape View File

@ -69,7 +69,7 @@
}
function checkFile($fileToCheck, $thumb = false) {
global $imagepath, $file, $subpath, $thumbpath, $imgfile;
if (!ereg('/', $fileToCheck) && is_file($imagepath.'/'.$fileToCheck)) {
if (!preg_match('/\//', $fileToCheck) && is_file($imagepath.'/'.$fileToCheck)) {
$imgfile = $fileToCheck;
} else {
error_die('file not found', '404 Not Found');
@ -113,9 +113,9 @@
$res['files'] = array();
if ($d=opendir($path)) {
while (false!==($f=readdir($d)))
if (!ereg('^\.', $f) && is_dir($path.'/'.$f))
if (!preg_match('/^\./', $f) && is_dir($path.'/'.$f))
$res['dirs'][] = $f;
elseif (!ereg('^\.', $f) && is_file($path.'/'.$f))
elseif (!preg_match('/^\./', $f) && is_file($path.'/'.$f))
switch (strtolower(preg_replace('/.*\./', '', $f))) {
case "jpg": case "jpeg": case "png":
$res['files'][] = $f;
@ -159,7 +159,7 @@
if (!isset($_REQUEST['secret'])) {
if ($username=="") error_die('not authorized', '403 Forbidden');
if (isset($_REQUEST['path'])) checkPath($_REQUEST['path']);
if (isset($_REQUEST['folder']) && !ereg('/', $_REQUEST['folder'])) {
if (isset($_REQUEST['folder']) && !preg_match('/\//', $_REQUEST['folder'])) {
$file = $thumbpath.'/folders/'.$subpath.'/'.$_REQUEST['folder'].'.png';
$type="image/png";
if (!is_dir($thumbpath.'/folders/'.$subpath)) mkdir($thumbpath.'/folders/'.$subpath, 0777, true);
@ -169,7 +169,7 @@
$image->readImage('folder.png'); // read local template file
$draw = new ImagickDraw();
$draw->setFillColor('black');
$draw->setFont('arial');
$draw->setFont($font);
if (mb_strlen($txt)<2) {
$draw->setFontSize(60);
$x = 75;
@ -272,7 +272,7 @@
if (isset($_REQUEST['mailto'])) {
$message = preg_replace('/PASSWORD/', $_REQUEST['password'], $_REQUEST['mailtext']);
$link = (isset($_SERVER['HTTPS'])?'https://':'http://').$_SERVER['HTTP_HOST'].explode('?', $_SERVER['REQUEST_URI'])[0].'?secret='.$secret;
if (ereg('LINK', $message)) $message = preg_replace('/LINK/', $link, $message);
if (preg_match('/LINK/', $message)) $message = preg_replace('/LINK/', $link, $message);
else $message .= "\n\n".$link;
if (mail($_REQUEST['mailto'], $_REQUEST['subject'], $message, 'From: '.$_REQUEST['replyto']."\r\n".'Reply-To: '.$_REQUEST['replyto'])) {
echo '<h2>Mail Successfully Sent</h2>';
@ -324,8 +324,8 @@
echo '<a href="?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos+1]).'&view"><img src="?folder=→" alt="next"/></a>';
echo '<div class="image"><img style="width: 100%" src="?path='.urlencode($subpath).'&file='.urlencode($imgfile).'" alt="'.urlencode($imgfile).'"/></div>';
if ($pos!==NULL) {
$lower = max(0, $pos-floor($preview_num/2));
$higher = min(count($objects['files']), $lower+$preview_num);
$lower = max(0, $pos-floor(((int)$preview_num)/2));
$higher = min(count($objects['files']), $lower+((int)$preview_num));
for ($i=$lower; $i<$higher; ++$i)
makelink('?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&view', '?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&thumb', $objects['files'][$i], 'style="width: '.round(100/($higher-$lower), 3).'%"');
}
@ -343,7 +343,7 @@
echo '<a href="?path='.urlencode($subpath).'&select">Auswahl-Modus</a>';
}
echo '<div class="dirs">';
if (ereg('/', $subpath)) {
if (preg_match('/\//', $subpath)) {
echo '<a href="?path='.urlencode(preg_replace('/\/[^\/]+$/', '', $subpath)).'"><img src="?folder=↑" alt="↑"/></a>';
} elseif ($subpath!="") {
echo '<a href="?"><img src="?folder=↑" alt="↑"/></a>';

Write Preview
Loading…
Cancel
Save