bugs fixed

7 years ago · b58abf70b7
parent 7637b49aac
commit b58abf70b7
3 changed files with 22 additions and 13 deletions
--- a/etc/authentication.php
+++ b/etc/authentication.php
@ -5,6 +5,7 @@ $ldaptls = "yes";
 $ldapbase = "dc=my,dc=server,dc=com";
 $checkuser = "cn";
 function basicAuth() {
    global $realm;
    header('WWW-Authenticate: Basic realm="'.$realm.'"');
    header('HTTP/1.0 401 Unauthorized');
    exit;
@ -12,7 +13,7 @@ function basicAuth() {
 if (!isset($_SERVER['PHP_AUTH_USER'])) {
    basicAuth();
 } else {
-    $tstusername = preg_replace('/[^a-z]/', '-', $_SERVER['PHP_AUTH_USER']);
+    $tstusername = $_SERVER['PHP_AUTH_USER'];
    $password = $_SERVER['PHP_AUTH_PW'];
    $ldapconn = ldap_connect($ldaphost, 389) 
        or error_die("connection to LDAP host failed");
@ -21,8 +22,14 @@ if (!isset($_SERVER['PHP_AUTH_USER'])) {
    if ($ldaptls!="no" && $ldaptls!=0 && $ldaptlS)
        ldap_start_tls($ldapconn)
            or error_die($ldapconn, "cannot start LDAP TLS");
-    $ldapbind = @ldap_bind($ldapconn, $checkuser.'='.$tstusername.','.$ldapbase, $password)
+    if ($ldapbind = @ldap_bind($ldapconn, $checkuser.'='.$tstusername.','.$ldapbase, $password)) {
-        or basicAuth();
+        ldap_close($ldapconn);
-    $username = $tstuserbname;
+        $username = $tstusername;
    } else {
        error_log("user login failed: ".$checkuser.'='.$tstusername.','.$ldapbase);
        error_log(ldap_error($ldapconn));
        ldap_close($ldapconn);
        basicAuth();
    }
 }
 ?>
--- a/etc/settings.php
+++ b/etc/settings.php
@ -2,4 +2,6 @@
 $imagepath = "/path/to/your/files";
 $thumbpath = "/var/tmp/sharing-gallery/thumbnails/";
 $max_validity_days = "30";
 $font = "DejaVu-Sans";
 $preview_num = "5";
 ?>
--- a/html/index.php
+++ b/html/index.php
@ -69,7 +69,7 @@
   }
   function checkFile($fileToCheck, $thumb = false) {
     global $imagepath, $file, $subpath, $thumbpath, $imgfile;
-     if (!ereg('/', $fileToCheck) && is_file($imagepath.'/'.$fileToCheck)) {
+     if (!preg_match('/\//', $fileToCheck) && is_file($imagepath.'/'.$fileToCheck)) {
       $imgfile = $fileToCheck;
     } else {
       error_die('file not found', '404 Not Found');
@ -113,9 +113,9 @@
     $res['files'] = array();
     if ($d=opendir($path)) {
       while (false!==($f=readdir($d)))
-         if (!ereg('^\.', $f) && is_dir($path.'/'.$f))
+         if (!preg_match('/^\./', $f) && is_dir($path.'/'.$f))
           $res['dirs'][] = $f;
-         elseif (!ereg('^\.', $f) && is_file($path.'/'.$f))
+         elseif (!preg_match('/^\./', $f) && is_file($path.'/'.$f))
           switch (strtolower(preg_replace('/.*\./', '', $f))) {
             case "jpg": case "jpeg": case "png":
               $res['files'][] = $f;
@ -159,7 +159,7 @@
   if (!isset($_REQUEST['secret'])) {
     if ($username=="") error_die('not authorized', '403 Forbidden');
     if (isset($_REQUEST['path'])) checkPath($_REQUEST['path']);
-     if (isset($_REQUEST['folder']) && !ereg('/', $_REQUEST['folder'])) {
+     if (isset($_REQUEST['folder']) && !preg_match('/\//', $_REQUEST['folder'])) {
       $file = $thumbpath.'/folders/'.$subpath.'/'.$_REQUEST['folder'].'.png';
       $type="image/png";
       if (!is_dir($thumbpath.'/folders/'.$subpath)) mkdir($thumbpath.'/folders/'.$subpath, 0777, true);
@ -169,7 +169,7 @@
         $image->readImage('folder.png'); // read local template file
         $draw = new ImagickDraw();
         $draw->setFillColor('black');
-         $draw->setFont('arial');
+         $draw->setFont($font);
         if (mb_strlen($txt)<2) {
           $draw->setFontSize(60);
           $x = 75;
@ -272,7 +272,7 @@
 	 if (isset($_REQUEST['mailto'])) {
           $message = preg_replace('/PASSWORD/', $_REQUEST['password'], $_REQUEST['mailtext']);
           $link = (isset($_SERVER['HTTPS'])?'https://':'http://').$_SERVER['HTTP_HOST'].explode('?', $_SERVER['REQUEST_URI'])[0].'?secret='.$secret;
-           if (ereg('LINK', $message)) $message = preg_replace('/LINK/', $link, $message);
+           if (preg_match('/LINK/', $message)) $message = preg_replace('/LINK/', $link, $message);
   	   else $message .= "\n\n".$link;
           if (mail($_REQUEST['mailto'], $_REQUEST['subject'], $message, 'From: '.$_REQUEST['replyto']."\r\n".'Reply-To: '.$_REQUEST['replyto'])) {
             echo '<h2>Mail Successfully Sent</h2>';
@ -324,8 +324,8 @@
             echo '<a href="?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos+1]).'&view"><img src="?folder=→" alt="next"/></a>';
           echo '<div class="image"><img style="width: 100%" src="?path='.urlencode($subpath).'&file='.urlencode($imgfile).'" alt="'.urlencode($imgfile).'"/></div>';
 	   if ($pos!==NULL) {
-     	     $lower = max(0, $pos-floor($preview_num/2));
+           $lower = max(0, $pos-floor(((int)$preview_num)/2));
-             $higher = min(count($objects['files']), $lower+$preview_num);
+           $higher = min(count($objects['files']), $lower+((int)$preview_num));
 	     for ($i=$lower; $i<$higher; ++$i)
 	       makelink('?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&view', '?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&thumb', $objects['files'][$i], 'style="width: '.round(100/($higher-$lower), 3).'%"');
 	   }
@ -343,7 +343,7 @@
             echo '<a href="?path='.urlencode($subpath).'&select">Auswahl-Modus</a>';
           }
           echo '<div class="dirs">';
-           if (ereg('/', $subpath)) {
+           if (preg_match('/\//', $subpath)) {
             echo '<a href="?path='.urlencode(preg_replace('/\/[^\/]+$/', '', $subpath)).'"><img src="?folder=↑" alt="↑"/></a>';
           } elseif ($subpath!="") {
             echo '<a href="?"><img src="?folder=↑" alt="↑"/></a>';