use Basic Auth or not

pull/194/head
qkqpttgf 2021-01-17 11:33:05 +08:00 committed by GitHub
parent c36621b400
commit fe876dd87c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 9 deletions

View File

@ -35,6 +35,7 @@ $EnvConfigs = [
'customCss' => 0b011,
'customTheme' => 0b011,
'theme' => 0b010,
'dontBasicAuth' => 0b010,
'Driver' => 0b100,
'client_id' => 0b100,
@ -270,7 +271,7 @@ function main($path)
}
if ($_GET['action']=='upbigfile') {
if (!$_SERVER['admin']) {
if (!is_guestup_path($path)) return output('Not_Guest_Upload_Folder', 400);
if (!$_SERVER['is_guestup_path']) return output('Not_Guest_Upload_Folder', 400);
if (strpos($_GET['upbigfilename'], '../')!==false) return output('Not_Allow_Cross_Path', 400);
}
$path1 = path_format($_SERVER['list_path'] . path_format($path));
@ -688,6 +689,8 @@ function comppass($pass)
return 2;
}
if ($_COOKIE['password'] !== '') if ($_COOKIE['password'] === $pass ) return 3;
if (!getConfig('dontBasicAuth')) {
// use Basic Auth
//$_SERVER['PHP_AUTH_USER']
if ($_SERVER['PHP_AUTH_PW'] !== '') if (md5($_SERVER['PHP_AUTH_PW']) === $pass ) {
date_default_timezone_set('UTC');
@ -695,6 +698,7 @@ function comppass($pass)
date_default_timezone_set(get_timezone($_SERVER['timezone']));
return 2;
}
}
return 4;
}
@ -1616,8 +1620,10 @@ function render_list($path = '', $files = [])
if ($_SERVER['ishidden']==4) {
// 加密状态
// Basic Auth
if (!getConfig('dontBasicAuth')) {
// use Basic Auth
return output('Need password.', 401, ['WWW-Authenticate'=>'Basic realm="Secure Area"']);
}
/*$tmp[1] = 'a';
while ($tmp[1]!='') {
$tmp = splitfirst($html, '<!--ListStart-->');