From fe876dd87cd4adee1fb53c99eab17f3d056bc32e Mon Sep 17 00:00:00 2001
From: qkqpttgf <45693631+qkqpttgf@users.noreply.github.com>
Date: Sun, 17 Jan 2021 11:33:05 +0800
Subject: [PATCH] use Basic Auth or not

---
 common.php | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/common.php b/common.php
index 3e344ae..7e3c1dd 100644
--- a/common.php
+++ b/common.php
@@ -35,6 +35,7 @@ $EnvConfigs = [
     'customCss'         => 0b011,
     'customTheme'       => 0b011,
     'theme'             => 0b010,
+    'dontBasicAuth'     => 0b010,
 
     'Driver'            => 0b100,
     'client_id'         => 0b100,
@@ -270,7 +271,7 @@ function main($path)
         }
         if ($_GET['action']=='upbigfile') {
             if (!$_SERVER['admin']) {
-                if (!is_guestup_path($path)) return output('Not_Guest_Upload_Folder', 400);
+                if (!$_SERVER['is_guestup_path']) return output('Not_Guest_Upload_Folder', 400);
                 if (strpos($_GET['upbigfilename'], '../')!==false) return output('Not_Allow_Cross_Path', 400);
             }
             $path1 = path_format($_SERVER['list_path'] . path_format($path));
@@ -688,12 +689,15 @@ function comppass($pass)
         return 2;
     }
     if ($_COOKIE['password'] !== '') if ($_COOKIE['password'] === $pass ) return 3;
-    //$_SERVER['PHP_AUTH_USER']
-    if ($_SERVER['PHP_AUTH_PW'] !== '') if (md5($_SERVER['PHP_AUTH_PW']) === $pass ) {
-        date_default_timezone_set('UTC');
-        $_SERVER['Set-Cookie'] = 'password='.$pass.'; expires='.date(DATE_COOKIE,strtotime('+1hour'));
-        date_default_timezone_set(get_timezone($_SERVER['timezone']));
-        return 2;
+    if (!getConfig('dontBasicAuth')) {
+        // use Basic Auth
+        //$_SERVER['PHP_AUTH_USER']
+        if ($_SERVER['PHP_AUTH_PW'] !== '') if (md5($_SERVER['PHP_AUTH_PW']) === $pass ) {
+            date_default_timezone_set('UTC');
+            $_SERVER['Set-Cookie'] = 'password='.$pass.'; expires='.date(DATE_COOKIE,strtotime('+1hour'));
+            date_default_timezone_set(get_timezone($_SERVER['timezone']));
+            return 2;
+        }
     }
     return 4;
 }
@@ -1616,8 +1620,10 @@ function render_list($path = '', $files = [])
 
         if ($_SERVER['ishidden']==4) {
             // 加密状态
-            // Basic Auth
-            return output('Need password.', 401, ['WWW-Authenticate'=>'Basic realm="Secure Area"']);
+            if (!getConfig('dontBasicAuth')) {
+                // use Basic Auth
+                return output('Need password.', 401, ['WWW-Authenticate'=>'Basic realm="Secure Area"']);
+            }
             /*$tmp[1] = 'a';
             while ($tmp[1]!='') {
                 $tmp = splitfirst($html, '<!--ListStart-->');