winzer/elwig-www
2
0
Fork 0
Code Issues Pull Requests Activity

files: Fix authentication on upload

Browse Source
This commit is contained in:
Lorenz Stechauner
2024-05-14 23:54:32 +02:00
parent 3730e4ef3c
commit 10025555a4
2 changed files with 23 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
www/.php/auth.inc
View File

@ -1,27 +1,33 @@
<?php
require "credentials.inc";
function http_401_unauthorized(): void {
header('Status: 401');
header('WWW-Authenticate: Basic realm="Elwig"');
header('Content-Type: text/plain; charset=UTF-8');
header('Content-Length: 20');
exit("401 Unauthorized :(\n");
}
function authenticate(): void {
global $CREDENTIALS;
if (!isset($_SEVER['PHP_AUTH_USER']) || !isset($_SEVER['PHP_AUTH_PW']) ||
if (!array_key_exists('PHP_AUTH_USER', $_SERVER) ||
!array_key_exists('PHP_AUTH_PW', $_SERVER) ||
!array_key_exists($_SERVER['PHP_AUTH_USER'], $CREDENTIALS) ||
$_SERVER['PHP_AUTH_PW'] !== $CREDENTIALS[$_SERVER['PHP_AUTH_USER']])
{
header('Status: 401');
header('WWW-Authenticate: Basic realm="Elwig"');
exit("401 Unauthorized :(\n");
http_401_unauthorized();
}
}
function authenticate_client(string $client): void {
global $CLIENT_CREDENTIALS;
$credentials = $CLIENT_CREDENTIALS[$client];
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) ||
if (!array_key_exists('PHP_AUTH_USER', $_SERVER) ||
!array_key_exists('PHP_AUTH_PW', $_SERVER) ||
!array_key_exists($_SERVER['PHP_AUTH_USER'], $credentials) ||
$_SERVER['PHP_AUTH_PW'] !== $credentials[$_SERVER['PHP_AUTH_USER']])
{
header('Status: 401');
header('WWW-Authenticate: Basic realm="Elwig"');
exit("401 Unauthorized :(\n");
http_401_unauthorized();
}
}

11
www/files/index.php
View File

@ -8,6 +8,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'PUT') {
$name = substr($_SERVER['PATH_INFO'], 1);
if (str_contains($name, "..") || str_contains($name, "/")) {
header('Status: 403');
header('Content-Type: text/plain');
header('Content-Length: 17');
exit("403 Forbidden :(\n");
}
@ -17,11 +19,16 @@ if ($_SERVER['REQUEST_METHOD'] === 'PUT') {
fclose($fp);
fclose($upload);
header('Status: 200');
header('Content-Type: text/plain');
header('Content-Length: 10');
exit("200 OK :)\n");
} else if ($_SERVER['REQUEST_METHOD'] !== 'GET' && $_SERVER['REQUEST_METHOD'] !== 'HEAD') {
header('Status: 405');
header('Content-Length: 0');
exit();
header('Allow: GET, HEAD, PUT');
header('Content-Type: text/plain');
header('Content-Length: 26');
exit("405 Method Not Allowed :(\n");
}
global $getProd;