webservices/sharing-gallery
1
0
Fork 0
Code Issues Pull Requests Releases Activity

bugs fixed

Browse Source
This commit is contained in:
Marc Wäckerlin
2017-02-28 12:25:29 +00:00
parent 7637b49aac
commit b58abf70b7
3 changed files with 22 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
etc/authentication.php
View File

@@ -5,6 +5,7 @@ $ldaptls = "yes";
$ldapbase = "dc=my,dc=server,dc=com"; $ldapbase = "dc=my,dc=server,dc=com";
$checkuser = "cn"; $checkuser = "cn";
function basicAuth() { function basicAuth() {
global $realm;
header('WWW-Authenticate: Basic realm="'.$realm.'"'); header('WWW-Authenticate: Basic realm="'.$realm.'"');
header('HTTP/1.0 401 Unauthorized'); header('HTTP/1.0 401 Unauthorized');
exit; exit;
@@ -12,7 +13,7 @@ function basicAuth() {
if (!isset($_SERVER['PHP_AUTH_USER'])) { if (!isset($_SERVER['PHP_AUTH_USER'])) {
basicAuth(); basicAuth();
} else { } else {
$tstusername = preg_replace('/[^a-z]/', '-', $_SERVER['PHP_AUTH_USER']); $tstusername = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW']; $password = $_SERVER['PHP_AUTH_PW'];
$ldapconn = ldap_connect($ldaphost, 389) $ldapconn = ldap_connect($ldaphost, 389)
or error_die("connection to LDAP host failed"); or error_die("connection to LDAP host failed");
@@ -21,8 +22,14 @@ if (!isset($_SERVER['PHP_AUTH_USER'])) {
if ($ldaptls!="no" && $ldaptls!=0 && $ldaptlS) if ($ldaptls!="no" && $ldaptls!=0 && $ldaptlS)
ldap_start_tls($ldapconn) ldap_start_tls($ldapconn)
or error_die($ldapconn, "cannot start LDAP TLS"); or error_die($ldapconn, "cannot start LDAP TLS");
$ldapbind = @ldap_bind($ldapconn, $checkuser.'='.$tstusername.','.$ldapbase, $password) if ($ldapbind = @ldap_bind($ldapconn, $checkuser.'='.$tstusername.','.$ldapbase, $password)) {
or basicAuth(); ldap_close($ldapconn);
$username = $tstuserbname; $username = $tstusername;
} else {
error_log("user login failed: ".$checkuser.'='.$tstusername.','.$ldapbase);
error_log(ldap_error($ldapconn));
ldap_close($ldapconn);
basicAuth();
}
} }
?> ?>

2
etc/settings.php
View File

@@ -2,4 +2,6 @@
$imagepath = "/path/to/your/files"; $imagepath = "/path/to/your/files";
$thumbpath = "/var/tmp/sharing-gallery/thumbnails/"; $thumbpath = "/var/tmp/sharing-gallery/thumbnails/";
$max_validity_days = "30"; $max_validity_days = "30";
$font = "DejaVu-Sans";
$preview_num = "5";
?> ?>

18
html/index.php
View File

@@ -69,7 +69,7 @@
} }
function checkFile($fileToCheck, $thumb = false) { function checkFile($fileToCheck, $thumb = false) {
global $imagepath, $file, $subpath, $thumbpath, $imgfile; global $imagepath, $file, $subpath, $thumbpath, $imgfile;
if (!ereg('/', $fileToCheck) && is_file($imagepath.'/'.$fileToCheck)) { if (!preg_match('/\//', $fileToCheck) && is_file($imagepath.'/'.$fileToCheck)) {
$imgfile = $fileToCheck; $imgfile = $fileToCheck;
} else { } else {
error_die('file not found', '404 Not Found'); error_die('file not found', '404 Not Found');
@@ -113,9 +113,9 @@
$res['files'] = array(); $res['files'] = array();
if ($d=opendir($path)) { if ($d=opendir($path)) {
while (false!==($f=readdir($d))) while (false!==($f=readdir($d)))
if (!ereg('^\.', $f) && is_dir($path.'/'.$f)) if (!preg_match('/^\./', $f) && is_dir($path.'/'.$f))
$res['dirs'][] = $f; $res['dirs'][] = $f;
elseif (!ereg('^\.', $f) && is_file($path.'/'.$f)) elseif (!preg_match('/^\./', $f) && is_file($path.'/'.$f))
switch (strtolower(preg_replace('/.*\./', '', $f))) { switch (strtolower(preg_replace('/.*\./', '', $f))) {
case "jpg": case "jpeg": case "png": case "jpg": case "jpeg": case "png":
$res['files'][] = $f; $res['files'][] = $f;
@@ -159,7 +159,7 @@
if (!isset($_REQUEST['secret'])) { if (!isset($_REQUEST['secret'])) {
if ($username=="") error_die('not authorized', '403 Forbidden'); if ($username=="") error_die('not authorized', '403 Forbidden');
if (isset($_REQUEST['path'])) checkPath($_REQUEST['path']); if (isset($_REQUEST['path'])) checkPath($_REQUEST['path']);
if (isset($_REQUEST['folder']) && !ereg('/', $_REQUEST['folder'])) { if (isset($_REQUEST['folder']) && !preg_match('/\//', $_REQUEST['folder'])) {
$file = $thumbpath.'/folders/'.$subpath.'/'.$_REQUEST['folder'].'.png'; $file = $thumbpath.'/folders/'.$subpath.'/'.$_REQUEST['folder'].'.png';
$type="image/png"; $type="image/png";
if (!is_dir($thumbpath.'/folders/'.$subpath)) mkdir($thumbpath.'/folders/'.$subpath, 0777, true); if (!is_dir($thumbpath.'/folders/'.$subpath)) mkdir($thumbpath.'/folders/'.$subpath, 0777, true);
@@ -169,7 +169,7 @@
$image->readImage('folder.png'); // read local template file $image->readImage('folder.png'); // read local template file
$draw = new ImagickDraw(); $draw = new ImagickDraw();
$draw->setFillColor('black'); $draw->setFillColor('black');
$draw->setFont('arial'); $draw->setFont($font);
if (mb_strlen($txt)<2) { if (mb_strlen($txt)<2) {
$draw->setFontSize(60); $draw->setFontSize(60);
$x = 75; $x = 75;
@@ -272,7 +272,7 @@
if (isset($_REQUEST['mailto'])) { if (isset($_REQUEST['mailto'])) {
$message = preg_replace('/PASSWORD/', $_REQUEST['password'], $_REQUEST['mailtext']); $message = preg_replace('/PASSWORD/', $_REQUEST['password'], $_REQUEST['mailtext']);
$link = (isset($_SERVER['HTTPS'])?'https://':'http://').$_SERVER['HTTP_HOST'].explode('?', $_SERVER['REQUEST_URI'])[0].'?secret='.$secret; $link = (isset($_SERVER['HTTPS'])?'https://':'http://').$_SERVER['HTTP_HOST'].explode('?', $_SERVER['REQUEST_URI'])[0].'?secret='.$secret;
if (ereg('LINK', $message)) $message = preg_replace('/LINK/', $link, $message); if (preg_match('/LINK/', $message)) $message = preg_replace('/LINK/', $link, $message);
else $message .= "\n\n".$link; else $message .= "\n\n".$link;
if (mail($_REQUEST['mailto'], $_REQUEST['subject'], $message, 'From: '.$_REQUEST['replyto']."\r\n".'Reply-To: '.$_REQUEST['replyto'])) { if (mail($_REQUEST['mailto'], $_REQUEST['subject'], $message, 'From: '.$_REQUEST['replyto']."\r\n".'Reply-To: '.$_REQUEST['replyto'])) {
echo '<h2>Mail Successfully Sent</h2>'; echo '<h2>Mail Successfully Sent</h2>';
@@ -324,8 +324,8 @@
echo '<a href="?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos+1]).'&view"><img src="?folder=→" alt="next"/></a>'; echo '<a href="?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos+1]).'&view"><img src="?folder=→" alt="next"/></a>';
echo '<div class="image"><img style="width: 100%" src="?path='.urlencode($subpath).'&file='.urlencode($imgfile).'" alt="'.urlencode($imgfile).'"/></div>'; echo '<div class="image"><img style="width: 100%" src="?path='.urlencode($subpath).'&file='.urlencode($imgfile).'" alt="'.urlencode($imgfile).'"/></div>';
if ($pos!==NULL) { if ($pos!==NULL) {
$lower = max(0, $pos-floor($preview_num/2)); $lower = max(0, $pos-floor(((int)$preview_num)/2));
$higher = min(count($objects['files']), $lower+$preview_num); $higher = min(count($objects['files']), $lower+((int)$preview_num));
for ($i=$lower; $i<$higher; ++$i) for ($i=$lower; $i<$higher; ++$i)
makelink('?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&view', '?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&thumb', $objects['files'][$i], 'style="width: '.round(100/($higher-$lower), 3).'%"'); makelink('?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&view', '?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&thumb', $objects['files'][$i], 'style="width: '.round(100/($higher-$lower), 3).'%"');
} }
@@ -343,7 +343,7 @@
echo '<a href="?path='.urlencode($subpath).'&select">Auswahl-Modus</a>'; echo '<a href="?path='.urlencode($subpath).'&select">Auswahl-Modus</a>';
} }
echo '<div class="dirs">'; echo '<div class="dirs">';
if (ereg('/', $subpath)) { if (preg_match('/\//', $subpath)) {
echo '<a href="?path='.urlencode(preg_replace('/\/[^\/]+$/', '', $subpath)).'"><img src="?folder=↑" alt="↑"/></a>'; echo '<a href="?path='.urlencode(preg_replace('/\/[^\/]+$/', '', $subpath)).'"><img src="?folder=↑" alt="↑"/></a>';
} elseif ($subpath!="") { } elseif ($subpath!="") {
echo '<a href="?"><img src="?folder=↑" alt="↑"/></a>'; echo '<a href="?"><img src="?folder=↑" alt="↑"/></a>';