winzer/elwig-www
2
0
Fork 0
Code Issues Pull Requests Activity

files: Fix authentication on upload

Browse Source
This commit is contained in:
Lorenz Stechauner
2024-05-14 23:54:32 +02:00
parent 3730e4ef3c
commit 10025555a4
2 changed files with 23 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
www/.php/auth.inc
View File

@ -1,27 +1,33 @@
<?php <?php
require "credentials.inc"; require "credentials.inc";
function http_401_unauthorized(): void {
header('Status: 401');
header('WWW-Authenticate: Basic realm="Elwig"');
header('Content-Type: text/plain; charset=UTF-8');
header('Content-Length: 20');
exit("401 Unauthorized :(\n");
}
function authenticate(): void { function authenticate(): void {
global $CREDENTIALS; global $CREDENTIALS;
if (!isset($_SEVER['PHP_AUTH_USER']) || !isset($_SEVER['PHP_AUTH_PW']) || if (!array_key_exists('PHP_AUTH_USER', $_SERVER) ||
!array_key_exists('PHP_AUTH_PW', $_SERVER) ||
!array_key_exists($_SERVER['PHP_AUTH_USER'], $CREDENTIALS) || !array_key_exists($_SERVER['PHP_AUTH_USER'], $CREDENTIALS) ||
$_SERVER['PHP_AUTH_PW'] !== $CREDENTIALS[$_SERVER['PHP_AUTH_USER']]) $_SERVER['PHP_AUTH_PW'] !== $CREDENTIALS[$_SERVER['PHP_AUTH_USER']])
{ {
header('Status: 401'); http_401_unauthorized();
header('WWW-Authenticate: Basic realm="Elwig"');
exit("401 Unauthorized :(\n");
} }
} }
function authenticate_client(string $client): void { function authenticate_client(string $client): void {
global $CLIENT_CREDENTIALS; global $CLIENT_CREDENTIALS;
$credentials = $CLIENT_CREDENTIALS[$client]; $credentials = $CLIENT_CREDENTIALS[$client];
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || if (!array_key_exists('PHP_AUTH_USER', $_SERVER) ||
!array_key_exists('PHP_AUTH_PW', $_SERVER) ||
!array_key_exists($_SERVER['PHP_AUTH_USER'], $credentials) || !array_key_exists($_SERVER['PHP_AUTH_USER'], $credentials) ||
$_SERVER['PHP_AUTH_PW'] !== $credentials[$_SERVER['PHP_AUTH_USER']]) $_SERVER['PHP_AUTH_PW'] !== $credentials[$_SERVER['PHP_AUTH_USER']])
{ {
header('Status: 401'); http_401_unauthorized();
header('WWW-Authenticate: Basic realm="Elwig"');
exit("401 Unauthorized :(\n");
} }
} }

11
www/files/index.php
View File

@ -8,6 +8,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'PUT') {
$name = substr($_SERVER['PATH_INFO'], 1); $name = substr($_SERVER['PATH_INFO'], 1);
if (str_contains($name, "..") || str_contains($name, "/")) { if (str_contains($name, "..") || str_contains($name, "/")) {
header('Status: 403'); header('Status: 403');
header('Content-Type: text/plain');
header('Content-Length: 17');
exit("403 Forbidden :(\n"); exit("403 Forbidden :(\n");
} }
@ -17,11 +19,16 @@ if ($_SERVER['REQUEST_METHOD'] === 'PUT') {
fclose($fp); fclose($fp);
fclose($upload); fclose($upload);
header('Status: 200');
header('Content-Type: text/plain');
header('Content-Length: 10');
exit("200 OK :)\n"); exit("200 OK :)\n");
} else if ($_SERVER['REQUEST_METHOD'] !== 'GET' && $_SERVER['REQUEST_METHOD'] !== 'HEAD') { } else if ($_SERVER['REQUEST_METHOD'] !== 'GET' && $_SERVER['REQUEST_METHOD'] !== 'HEAD') {
header('Status: 405'); header('Status: 405');
header('Content-Length: 0'); header('Allow: GET, HEAD, PUT');
exit(); header('Content-Type: text/plain');
header('Content-Length: 26');
exit("405 Method Not Allowed :(\n");
} }
global $getProd; global $getProd;