yanglc
/
OneManager-php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

use Basic Auth or not

pull/194/head
qkqpttgf 2021-01-17 11:33:05 +08:00 committed by GitHub
parent c36621b400
commit fe876dd87c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
common.php
View File

@ -35,6 +35,7 @@ $EnvConfigs = [
'customCss' => 0b011, 'customCss' => 0b011,
'customTheme' => 0b011, 'customTheme' => 0b011,
'theme' => 0b010, 'theme' => 0b010,
'dontBasicAuth' => 0b010,
'Driver' => 0b100, 'Driver' => 0b100,
'client_id' => 0b100, 'client_id' => 0b100,
@ -270,7 +271,7 @@ function main($path)
} }
if ($_GET['action']=='upbigfile') { if ($_GET['action']=='upbigfile') {
if (!$_SERVER['admin']) { if (!$_SERVER['admin']) {
if (!is_guestup_path($path)) return output('Not_Guest_Upload_Folder', 400); if (!$_SERVER['is_guestup_path']) return output('Not_Guest_Upload_Folder', 400);
if (strpos($_GET['upbigfilename'], '../')!==false) return output('Not_Allow_Cross_Path', 400); if (strpos($_GET['upbigfilename'], '../')!==false) return output('Not_Allow_Cross_Path', 400);
} }
$path1 = path_format($_SERVER['list_path'] . path_format($path)); $path1 = path_format($_SERVER['list_path'] . path_format($path));
@ -688,12 +689,15 @@ function comppass($pass)
return 2; return 2;
} }
if ($_COOKIE['password'] !== '') if ($_COOKIE['password'] === $pass ) return 3; if ($_COOKIE['password'] !== '') if ($_COOKIE['password'] === $pass ) return 3;
//$_SERVER['PHP_AUTH_USER'] if (!getConfig('dontBasicAuth')) {
if ($_SERVER['PHP_AUTH_PW'] !== '') if (md5($_SERVER['PHP_AUTH_PW']) === $pass ) { // use Basic Auth
date_default_timezone_set('UTC'); //$_SERVER['PHP_AUTH_USER']
$_SERVER['Set-Cookie'] = 'password='.$pass.'; expires='.date(DATE_COOKIE,strtotime('+1hour')); if ($_SERVER['PHP_AUTH_PW'] !== '') if (md5($_SERVER['PHP_AUTH_PW']) === $pass ) {
date_default_timezone_set(get_timezone($_SERVER['timezone'])); date_default_timezone_set('UTC');
return 2; $_SERVER['Set-Cookie'] = 'password='.$pass.'; expires='.date(DATE_COOKIE,strtotime('+1hour'));
date_default_timezone_set(get_timezone($_SERVER['timezone']));
return 2;
}
} }
return 4; return 4;
} }
@ -1616,8 +1620,10 @@ function render_list($path = '', $files = [])
if ($_SERVER['ishidden']==4) { if ($_SERVER['ishidden']==4) {
// 加密状态 // 加密状态
// Basic Auth if (!getConfig('dontBasicAuth')) {
return output('Need password.', 401, ['WWW-Authenticate'=>'Basic realm="Secure Area"']); // use Basic Auth
return output('Need password.', 401, ['WWW-Authenticate'=>'Basic realm="Secure Area"']);
}
/*$tmp[1] = 'a'; /*$tmp[1] = 'a';
while ($tmp[1]!='') { while ($tmp[1]!='') {
$tmp = splitfirst($html, '<!--ListStart-->'); $tmp = splitfirst($html, '<!--ListStart-->');