diff --git a/etc/authentication.php b/etc/authentication.php index 9a075ae..236353c 100644 --- a/etc/authentication.php +++ b/etc/authentication.php @@ -5,6 +5,7 @@ $ldaptls = "yes"; $ldapbase = "dc=my,dc=server,dc=com"; $checkuser = "cn"; function basicAuth() { + global $realm; header('WWW-Authenticate: Basic realm="'.$realm.'"'); header('HTTP/1.0 401 Unauthorized'); exit; @@ -12,7 +13,7 @@ function basicAuth() { if (!isset($_SERVER['PHP_AUTH_USER'])) { basicAuth(); } else { - $tstusername = preg_replace('/[^a-z]/', '-', $_SERVER['PHP_AUTH_USER']); + $tstusername = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; $ldapconn = ldap_connect($ldaphost, 389) or error_die("connection to LDAP host failed"); @@ -21,8 +22,14 @@ if (!isset($_SERVER['PHP_AUTH_USER'])) { if ($ldaptls!="no" && $ldaptls!=0 && $ldaptlS) ldap_start_tls($ldapconn) or error_die($ldapconn, "cannot start LDAP TLS"); - $ldapbind = @ldap_bind($ldapconn, $checkuser.'='.$tstusername.','.$ldapbase, $password) - or basicAuth(); - $username = $tstuserbname; + if ($ldapbind = @ldap_bind($ldapconn, $checkuser.'='.$tstusername.','.$ldapbase, $password)) { + ldap_close($ldapconn); + $username = $tstusername; + } else { + error_log("user login failed: ".$checkuser.'='.$tstusername.','.$ldapbase); + error_log(ldap_error($ldapconn)); + ldap_close($ldapconn); + basicAuth(); + } } ?> \ No newline at end of file diff --git a/etc/settings.php b/etc/settings.php index c33e4d9..8db35e8 100644 --- a/etc/settings.php +++ b/etc/settings.php @@ -2,4 +2,6 @@ $imagepath = "/path/to/your/files"; $thumbpath = "/var/tmp/sharing-gallery/thumbnails/"; $max_validity_days = "30"; +$font = "DejaVu-Sans"; +$preview_num = "5"; ?> \ No newline at end of file diff --git a/html/index.php b/html/index.php index f24b4a9..c8a0c50 100644 --- a/html/index.php +++ b/html/index.php @@ -69,7 +69,7 @@ } function checkFile($fileToCheck, $thumb = false) { global $imagepath, $file, $subpath, $thumbpath, $imgfile; - if (!ereg('/', $fileToCheck) && is_file($imagepath.'/'.$fileToCheck)) { + if (!preg_match('/\//', $fileToCheck) && is_file($imagepath.'/'.$fileToCheck)) { $imgfile = $fileToCheck; } else { error_die('file not found', '404 Not Found'); @@ -113,9 +113,9 @@ $res['files'] = array(); if ($d=opendir($path)) { while (false!==($f=readdir($d))) - if (!ereg('^\.', $f) && is_dir($path.'/'.$f)) + if (!preg_match('/^\./', $f) && is_dir($path.'/'.$f)) $res['dirs'][] = $f; - elseif (!ereg('^\.', $f) && is_file($path.'/'.$f)) + elseif (!preg_match('/^\./', $f) && is_file($path.'/'.$f)) switch (strtolower(preg_replace('/.*\./', '', $f))) { case "jpg": case "jpeg": case "png": $res['files'][] = $f; @@ -159,7 +159,7 @@ if (!isset($_REQUEST['secret'])) { if ($username=="") error_die('not authorized', '403 Forbidden'); if (isset($_REQUEST['path'])) checkPath($_REQUEST['path']); - if (isset($_REQUEST['folder']) && !ereg('/', $_REQUEST['folder'])) { + if (isset($_REQUEST['folder']) && !preg_match('/\//', $_REQUEST['folder'])) { $file = $thumbpath.'/folders/'.$subpath.'/'.$_REQUEST['folder'].'.png'; $type="image/png"; if (!is_dir($thumbpath.'/folders/'.$subpath)) mkdir($thumbpath.'/folders/'.$subpath, 0777, true); @@ -169,7 +169,7 @@ $image->readImage('folder.png'); // read local template file $draw = new ImagickDraw(); $draw->setFillColor('black'); - $draw->setFont('arial'); + $draw->setFont($font); if (mb_strlen($txt)<2) { $draw->setFontSize(60); $x = 75; @@ -272,7 +272,7 @@ if (isset($_REQUEST['mailto'])) { $message = preg_replace('/PASSWORD/', $_REQUEST['password'], $_REQUEST['mailtext']); $link = (isset($_SERVER['HTTPS'])?'https://':'http://').$_SERVER['HTTP_HOST'].explode('?', $_SERVER['REQUEST_URI'])[0].'?secret='.$secret; - if (ereg('LINK', $message)) $message = preg_replace('/LINK/', $link, $message); + if (preg_match('/LINK/', $message)) $message = preg_replace('/LINK/', $link, $message); else $message .= "\n\n".$link; if (mail($_REQUEST['mailto'], $_REQUEST['subject'], $message, 'From: '.$_REQUEST['replyto']."\r\n".'Reply-To: '.$_REQUEST['replyto'])) { echo '