summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xapplication/config/example/config.php6
-rwxr-xr-xapplication/config/example/routes.php1
-rw-r--r--application/config/migration.php2
-rw-r--r--application/controllers/file.php57
-rw-r--r--application/controllers/user.php74
-rw-r--r--application/migrations/002_add_users.php46
-rw-r--r--application/models/file_mod.php38
-rw-r--r--application/models/muser.php70
-rw-r--r--application/views/file/delete_form.php8
-rw-r--r--application/views/file/header.php10
-rw-r--r--application/views/file/upload_form.php7
-rw-r--r--application/views/file/upload_history.php7
l---------application/views/user/footer.php1
l---------application/views/user/header.php1
-rw-r--r--application/views/user/index.php1
-rw-r--r--application/views/user/login.php18
-rw-r--r--application/views/user/login_successful.php1
17 files changed, 280 insertions, 68 deletions
diff --git a/application/config/example/config.php b/application/config/example/config.php
index bcd71a5ce..bd9ec40aa 100755
--- a/application/config/example/config.php
+++ b/application/config/example/config.php
@@ -224,7 +224,7 @@ $config['cache_path'] = '';
| MUST set an encryption key. See the user guide for info.
|
*/
-$config['encryption_key'] = '';
+$config['encryption_key'] = ''; # set this to a 32char random string
/*
|--------------------------------------------------------------------------
@@ -248,7 +248,7 @@ $config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = FALSE;
-$config['sess_use_database'] = FALSE;
+$config['sess_use_database'] = true;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
@@ -379,8 +379,6 @@ $config['upload_max_age'] = 60*60*24*5; // 5 days
// won't be deleted
$config['small_upload_size'] = 1024*10; // 10KB
-$config['passwordsalt'] = ''; // just enter any string you want here
-
$config['contact_me_url'] = ''; // ommiting this will remove the "contact me" line.
/* End of file config.php */
diff --git a/application/config/example/routes.php b/application/config/example/routes.php
index 2697c6b11..3ae891bfd 100755
--- a/application/config/example/routes.php
+++ b/application/config/example/routes.php
@@ -39,6 +39,7 @@
*/
$route['default_controller'] = "file";
+$route['user/(:any)'] = "user/$1";
$route['file/(:any)'] = "file/$1";
$route['(:any)'] = "file/index/$1";
$route['404_override'] = '';
diff --git a/application/config/migration.php b/application/config/migration.php
index 9a3034565..274e792a6 100644
--- a/application/config/migration.php
+++ b/application/config/migration.php
@@ -21,7 +21,7 @@ $config['migration_enabled'] = true;
| be upgraded / downgraded to.
|
*/
-$config['migration_version'] = 1;
+$config['migration_version'] = 2;
/*
diff --git a/application/controllers/file.php b/application/controllers/file.php
index 5fe8a124e..a363edc00 100644
--- a/application/controllers/file.php
+++ b/application/controllers/file.php
@@ -24,6 +24,8 @@ class File extends CI_Controller {
mb_internal_encoding('UTF-8');
$this->load->helper(array('form', 'filebin'));
$this->load->model('file_mod');
+ $this->load->model('muser');
+
$this->var->cli_client = false;
$this->file_mod->var->cli_client =& $this->var->cli_client;
$this->var->latest_client = false;
@@ -45,6 +47,17 @@ class File extends CI_Controller {
} else {
$this->var->view_dir = "file";
}
+
+ if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
+ if (!$this->muser->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
+ // TODO: better message
+ echo "login failed.\n";
+ exit;
+ }
+ }
+
+ $this->data['username'] = $this->muser->get_username();
+
}
function index()
@@ -87,6 +100,8 @@ class File extends CI_Controller {
function upload_form()
{
+ $this->muser->require_access();
+
$data = array();
$data['title'] = 'Upload';
$data['small_upload_size'] = $this->config->item('small_upload_size');
@@ -94,6 +109,8 @@ class File extends CI_Controller {
$data['upload_max_age'] = $this->config->item('upload_max_age')/60/60/24;
$data['contact_me_url'] = $this->config->item('contact_me_url');
+ $data['username'] = $this->muser->get_username();
+
$this->load->view($this->var->view_dir.'/header', $data);
$this->load->view($this->var->view_dir.'/upload_form', $data);
if ($this->var->cli_client) {
@@ -111,10 +128,12 @@ class File extends CI_Controller {
function upload_history()
{
- $password = $this->file_mod->get_password();
+ $this->muser->require_access();
+
+ $user = $this->muser->get_userid();
$this->load->library("MemcacheLibrary");
- if (! $cached = $this->memcachelibrary->get("history_".$this->var->view_dir."_".$password)) {
+ if (! $cached = $this->memcachelibrary->get("history_".$this->var->view_dir."_".$user)) {
$data = array();
$query = array();
$lengths = array();
@@ -124,14 +143,12 @@ class File extends CI_Controller {
$lengths[$length_key] = 0;
}
- if ($password != "NULL") {
- $query = $this->db->query("
- SELECT ".implode(",", $fields)."
- FROM files
- WHERE password = ?
- ORDER BY date
- ", array($password))->result_array();
- }
+ $query = $this->db->query("
+ SELECT ".implode(",", $fields)."
+ FROM files
+ WHERE user = ?
+ ORDER BY date
+ ", array($user))->result_array();
foreach($query as $key => $item) {
$query[$key]["date"] = date("r", $item["date"]);
@@ -153,7 +170,7 @@ class File extends CI_Controller {
$cached .= $this->load->view($this->var->view_dir.'/header', $data, true);
$cached .= $this->load->view($this->var->view_dir.'/upload_history', $data, true);
$cached .= $this->load->view($this->var->view_dir.'/footer', $data, true);
- $this->memcachelibrary->set('history_'.$this->var->view_dir."_".$password, $cached, 42);
+ $this->memcachelibrary->set('history_'.$this->var->view_dir."_".$user, $cached, 42);
}
echo $cached;
@@ -162,12 +179,18 @@ class File extends CI_Controller {
// Allow users to delete IDs if their password matches the one used when uploading
function delete()
{
+ $this->muser->require_access();
+
$data = array();
$id = $this->uri->segment(3);
- $password = $this->file_mod->get_password();
$data["title"] = "Delete";
$data["id"] = $id;
+ $process = $this->input->post("process");
+ if ($this->var->cli_client) {
+ $process = true;
+ }
+
$data["filedata"] = $this->file_mod->get_filedata($id);
if ($data["filedata"]) {
$data["filedata"]["size"] = filesize($this->file_mod->file($data["filedata"]["hash"]));
@@ -176,18 +199,14 @@ class File extends CI_Controller {
if ($id && !$this->file_mod->id_exists($id)) {
$this->output->set_status_header(404);
$data["msg"] = "Unknown ID.";
- } elseif ($password != "NULL") {
+ } elseif ($process) {
if ($this->file_mod->delete_id($id)) {
$this->load->view($this->var->view_dir.'/header', $data);
$this->load->view($this->var->view_dir.'/deleted', $data);
$this->load->view($this->var->view_dir.'/footer', $data);
return;
} else {
- $data["msg"] = "Deletion failed. Is the password correct?";
- }
- } else {
- if ($this->var->cli_client) {
- $data["msg"] = "No password supplied.";
+ $data["msg"] = "Deletion failed. Do you really own that file?";
}
}
$this->load->view($this->var->view_dir.'/header', $data);
@@ -198,6 +217,8 @@ class File extends CI_Controller {
// Handles uploaded files
function do_upload()
{
+ $this->muser->require_access();
+
$data = array();
if ($this->uri->segment(3)) {
diff --git a/application/controllers/user.php b/application/controllers/user.php
new file mode 100644
index 000000000..4dc92bea2
--- /dev/null
+++ b/application/controllers/user.php
@@ -0,0 +1,74 @@
+<?php
+
+class User extends CI_Controller {
+
+ function __construct()
+ {
+ parent::__construct();
+ $this->load->library('migration');
+ if ( ! $this->migration->current()) {
+ show_error($this->migration->error_string());
+ }
+
+ $this->load->model("muser");
+ $this->data["title"] = "FileBin";
+
+ $this->load->helper('form');
+
+ $this->var->view_dir = "user/";
+ }
+
+ function index()
+ {
+ $this->data["username"] = $this->muser->get_username();
+
+ $this->load->view($this->var->view_dir.'header', $this->data);
+ $this->load->view($this->var->view_dir.'index', $this->data);
+ $this->load->view($this->var->view_dir.'footer', $this->data);
+ }
+
+ function login()
+ {
+ $this->session->keep_flashdata("uri");
+
+ if ($this->input->post('process')) {
+ $username = $this->input->post('username');
+ $password = $this->input->post('password');
+
+ $result = $this->muser->login($username, $password);
+
+ if ($result !== true) {
+ $data['login_error'] = true;
+ $this->load->view($this->var->view_dir.'header', $this->data);
+ $this->load->view($this->var->view_dir.'login', $this->data);
+ $this->load->view($this->var->view_dir.'footer', $this->data);
+ } else {
+ $uri = $this->session->flashdata("uri");
+ if ($uri) {
+ redirect($uri);
+ } else {
+ $this->load->view($this->var->view_dir.'header', $this->data);
+ $this->load->view($this->var->view_dir.'login_successful', $this->data);
+ $this->load->view($this->var->view_dir.'footer', $this->data);
+ }
+ }
+ } else {
+ $this->load->view($this->var->view_dir.'header', $this->data);
+ $this->load->view($this->var->view_dir.'login', $this->data);
+ $this->load->view($this->var->view_dir.'footer', $this->data);
+ }
+ }
+
+ function logout()
+ {
+ $this->muser->logout();
+ redirect('/');
+ }
+
+ function hash_password()
+ {
+ $password = $this->input->post("password");
+ echo "hashing $password: ";
+ echo $this->muser->hash_password($password);
+ }
+}
diff --git a/application/migrations/002_add_users.php b/application/migrations/002_add_users.php
new file mode 100644
index 000000000..297f89c09
--- /dev/null
+++ b/application/migrations/002_add_users.php
@@ -0,0 +1,46 @@
+<?php
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+class Migration_Add_users extends CI_Migration {
+
+ public function up()
+ {
+ $this->db->query("
+ CREATE TABLE IF NOT EXISTS `users` (
+ `id` int(8) UNSIGNED NOT NULL AUTO INCREMENT,
+ `username` varchar(32) COLLATE ascii_general_ci NOT NULL,
+ `password` varchar(60) COLLATE ascii_general_ci NOT NULL,
+ `email` varchar(255) COLLATE ascii_general_ci NOT NULL,
+ PRIMARY KEY (`id`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+ ");
+
+ $this->db->query("
+ CREATE TABLE IF NOT EXISTS `ci_sessions` (
+ `session_id` varchar(40) NOT NULL DEFAULT '0',
+ `ip_address` varchar(16) NOT NULL DEFAULT '0',
+ `user_agent` varchar(120) NOT NULL,
+ `last_activity` int(10) unsigned NOT NULL DEFAULT '0',
+ `user_data` text NOT NULL,
+ PRIMARY KEY (`session_id`),
+ KEY `last_activity_idx` (`last_activity`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+ ");
+
+ $this->db->query("
+ ALTER TABLE `files`
+ ADD `user` INT(8) UNSIGNED NOT NULL DEFAULT '0',
+ ADD INDEX (`user`)
+ ");
+ }
+
+ public function down()
+ {
+ $this->dbforge->drop_table('users');
+ $this->dbforge->drop_table('ci_sessions');
+ $this->db->query("
+ ALTER TABLE `files`
+ DROP `user`
+ ");
+ }
+}
diff --git a/application/models/file_mod.php b/application/models/file_mod.php
index 51557396a..08f43853c 100644
--- a/application/models/file_mod.php
+++ b/application/models/file_mod.php
@@ -20,7 +20,7 @@ class File_mod extends CI_Model {
{
$id = $this->random_id(3,6);
- if ($this->id_exists($id) || $id == 'file') {
+ if ($this->id_exists($id) || $id == 'file' || $id == 'user') {
return $this->new_id();
} else {
return $id;
@@ -74,32 +74,19 @@ class File_mod extends CI_Model {
return $this->folder($hash).'/'.$hash;
}
- function hash_password($password)
- {
- return sha1($this->config->item('passwordsalt').$password);
- }
-
- // Returns the password submitted by the user
- function get_password()
- {
- $password = $this->input->post('password');
- if ($password !== false && $password !== "") {
- return $this->hash_password($password);
- } elseif (isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] !== '') {
- return $this->hash_password($_SERVER['PHP_AUTH_PW']);
- }
- return 'NULL';
- }
-
// Add a hash to the DB
// TODO: Should only update not insert; see new_id()
function add_file($hash, $id, $filename)
{
+ $this->muser->require_access();
+
+ $userid = $this->muser->get_userid();
+
$mimetype = exec("perl ".FCPATH.'scripts/mimetype '.escapeshellarg($filename).' '.escapeshellarg($this->file($hash)));
$query = $this->db->query('
- INSERT INTO `files` (`hash`, `id`, `filename`, `password`, `date`, `mimetype`)
+ INSERT INTO `files` (`hash`, `id`, `filename`, `user`, `date`, `mimetype`)
VALUES (?, ?, ?, ?, ?, ?)',
- array($hash, $id, $filename, $this->get_password(), time(), $mimetype));
+ array($hash, $id, $filename, $userid, time(), $mimetype));
}
function show_url($id, $mode)
@@ -338,12 +325,9 @@ class File_mod extends CI_Model {
function delete_id($id)
{
+ $this->muser->require_access();
$filedata = $this->get_filedata($id);
- $password = $this->get_password();
-
- if ($password == "NULL") {
- return false;
- }
+ $userid = $this->muser->get_userid();
if(!$this->id_exists($id)) {
return false;
@@ -353,9 +337,9 @@ class File_mod extends CI_Model {
DELETE
FROM `files`
WHERE `id` = ?
- AND password = ?
+ AND user = ?
LIMIT 1';
- $this->db->query($sql, array($id, $password));
+ $this->db->query($sql, array($id, $userid));
if($this->id_exists($id)) {
return false;
diff --git a/application/models/muser.php b/application/models/muser.php
new file mode 100644
index 000000000..0b3d26be7
--- /dev/null
+++ b/application/models/muser.php
@@ -0,0 +1,70 @@
+<?php
+
+class Muser extends CI_Model {
+ function __construct()
+ {
+ parent::__construct();
+ $this->load->library("session");
+ }
+
+ function logged_in()
+ {
+ return $this->session->userdata('logged_in') == true;
+ }
+
+ function login($username, $password)
+ {
+ $query = $this->db->query('
+ SELECT *
+ FROM `users`
+ WHERE `username` = ?
+ ', array($username))->row_array();
+
+ if (crypt($password, $query["password"] == $password)) {
+ $this->session->set_userdata('logged_in', true);
+ $this->session->set_userdata('username', $username);
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ function logout()
+ {
+ $this->session->unset_userdata('logged_in');
+ $this->session->unset_userdata('username');
+ }
+
+ function get_username()
+ {
+ return $this->session->userdata('username');
+ }
+
+ function get_userid()
+ {
+ $query = $this->db->query("
+ SELECT id
+ FROM users
+ WHERE username = ?
+ ", array($this->get_username()))->row_array();
+ return $query["id"];
+ }
+
+ function require_access()
+ {
+ if ($this->logged_in()) {
+ return true;
+ } else {
+ $this->session->set_flashdata("uri", $this->uri->uri_string());
+ redirect('user/login');
+ }
+ }
+
+ function hash_password($password)
+ {
+ $salt = random_alphanum(22);
+ return crypt($password, "$2a$10$$salt$");
+ }
+
+}
+
diff --git a/application/views/file/delete_form.php b/application/views/file/delete_form.php
index f617d25c7..64e0f9cd7 100644
--- a/application/views/file/delete_form.php
+++ b/application/views/file/delete_form.php
@@ -25,13 +25,7 @@
<td class="text"><?php echo $filedata["mimetype"]; ?></td>
</tr>
<?php endif; ?>
- <tr>
- <td class="title">Password</td>
- <td class="text">
- <input type="password" name="password" size="10" />
- <input type="submit" value="Delete" name="process" />
- </td>
- </tr>
</table>
+ <input type="submit" value="Delete" name="process" />
</form>
</div>
diff --git a/application/views/file/header.php b/application/views/file/header.php
index e09f29f61..578ebe428 100644
--- a/application/views/file/header.php
+++ b/application/views/file/header.php
@@ -11,6 +11,16 @@
<body>
<div class="top">
<?php echo anchor('file/index', 'New'); ?>
+
+ <?php if (!isset($username)) { ?>
+ <div style="float: right">
+ <?=form_open("user/login"); ?>
+ <input type="text" name="username" />
+ <input type="password" name="password" />
+ <input type="submit" value="Login" name="process" />
+ </form>
+ </div>
+ <?php } ?>
</div>
<div class="content">
diff --git a/application/views/file/upload_form.php b/application/views/file/upload_form.php
index 34dd5a77b..e1e4313a5 100644
--- a/application/views/file/upload_form.php
+++ b/application/views/file/upload_form.php
@@ -1,10 +1,9 @@
-<? if (false) { ?>
+<? if ($username) { ?>
<div style="margin-top: 100px; text-align:center">
<?php echo form_open_multipart('file/do_upload'); ?>
<p>
File: <input type="file" id="file" name="file" size="30" />
- <input type="submit" value="Upload" id="upload_button" name="process" /><br />
- Optional password (for deletion and search): <input type="password" name="password" size="10" />
+ <input type="submit" value="Upload" id="upload_button" name="process" />
</p>
</form>
<script type="text/javascript">
@@ -34,7 +33,7 @@
<?php endif; ?>. Maximum upload size is <?php echo format_bytes($max_upload_size); ?></p>
<h2>Features</h2>
<p>For shell uploading and download information for the client go to <a href="<?php echo site_url("file/client"); ?>"><?php echo site_url("file/client"); ?></a></p>
-<p>You can use the <?php echo anchor("file/upload_history", "history"); ?> to find old uploads using the password supplied when creating the upload.</p>
+<p>You can use the <?php echo anchor("file/upload_history", "history"); ?> to find old uploads.</p>
<p>How to link your uploads:</p>
<ul>
<li><span class="example">/&lt;ID&gt;/</span> automatically highlight the uploads</li>
diff --git a/application/views/file/upload_history.php b/application/views/file/upload_history.php
index b90d59be8..1dcaa8053 100644
--- a/application/views/file/upload_history.php
+++ b/application/views/file/upload_history.php
@@ -1,10 +1,3 @@
-<?php echo form_open('file/upload_history'); ?>
- <p>
- Password: <input type="password" name="password" size="10" />
- <input type="submit" value="Display" />
- </p>
-</form>
-
<table class="results">
<tr>
<th></th>
diff --git a/application/views/user/footer.php b/application/views/user/footer.php
new file mode 120000
index 000000000..e3a4d3fca
--- /dev/null
+++ b/application/views/user/footer.php
@@ -0,0 +1 @@
+../file/footer.php \ No newline at end of file
diff --git a/application/views/user/header.php b/application/views/user/header.php
new file mode 120000
index 000000000..7b5e4d759
--- /dev/null
+++ b/application/views/user/header.php
@@ -0,0 +1 @@
+../file/header.php \ No newline at end of file
diff --git a/application/views/user/index.php b/application/views/user/index.php
new file mode 100644
index 000000000..891ecc083
--- /dev/null
+++ b/application/views/user/index.php
@@ -0,0 +1 @@
+Momentan eingeloggt als "<?php echo $username; ?>".<br />
diff --git a/application/views/user/login.php b/application/views/user/login.php
new file mode 100644
index 000000000..ca6f01b88
--- /dev/null
+++ b/application/views/user/login.php
@@ -0,0 +1,18 @@
+<?php
+if (isset($login_error)) {
+ echo '<font style="color: rgb(238, 51, 51);">The entered credentials are invalid.</font>';
+} ?>
+
+<?php echo form_open('user/login'); ?>
+ <table>
+ <tr>
+ <td>Username:</td>
+ <td><input type="text" name="username" /></td>
+ </tr>
+ <tr>
+ <td>Password:</td>
+ <td><input type="password" name="password" /></td>
+ </tr>
+ </table>
+ <input type="submit" value="Login" name="process" />
+</form>
diff --git a/application/views/user/login_successful.php b/application/views/user/login_successful.php
new file mode 100644
index 000000000..d6ee74040
--- /dev/null
+++ b/application/views/user/login_successful.php
@@ -0,0 +1 @@
+Login successful.