novabbs
/
rocksolid-light
3
0
Fork 1
Code Issues 25 Pull Requests Releases Wiki Activity

Continue fixing auth in upload.php.

This commit is contained in:
Retro_Guy 2024-09-05 08:36:29 -07:00
parent 6e88b05f98
commit 3262f16238
2 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Rocksolid_Light/spoolnews/mail.php
View File

@ -83,7 +83,7 @@ if ($logged_in !== true) {
echo '<form name="form1" method="post" action="user.php" enctype="multipart/form-data">';
// echo '<form name="form1" method="post" action="mail.php" enctype="multipart/form-data">';
echo '<tr><td><strong>Please Login<br /></strong></td></tr>';
echo '<tr><td>Username:</td><td><input name="username" type="text" id="username" value="' . $name . '"></td></tr>';
echo '<tr><td>Username:</td><td><input name="username" type="text" id="username" value="' . $_POST['username'] . '"></td></tr>';
echo '<tr><td>Password:</td><td><input name="password" type="password" id="password"></td></tr>';
echo '<td><input name="command" type="hidden" id="command" value="Login" readonly="readonly"></td>';
echo '<td><input name="source" type="hidden" id="source" value="Mail:mail.php" readonly="readonly"></td>';

18
Rocksolid_Light/spoolnews/upload.php
View File

@ -88,9 +88,6 @@ if (isset($_FILES['photo'])) {
}
echo '<table border="0" align="center" cellpadding="0" cellspacing="1">';
//echo '<form name="form1" method="post" action="user.php" enctype="multipart/form-data">';
echo '<form name="form1" method="post" action="upload.php" enctype="multipart/form-data">';
if (! isset($_POST['username'])) {
$_POST['username'] = '';
}
@ -98,13 +95,20 @@ if (! isset($_POST['password'])) {
$_POST['password'] = '';
}
if (! $logged_in && ! check_bbs_auth($_POST['username'], $_POST['password'])) {
echo '<tr><td><strong>Please Login to Upload<br /></strong></td></tr>';
echo '<tr><td>Username:</td><td><input name="username" type="text" id="username" value="' . $name . '"></td></tr>';
echo '<form name="form1" method="post" action="user.php" enctype="multipart/form-data">';
echo '<tr><td><strong>Please Login<br /></strong></td></tr>';
echo '<tr><td>Username:</td><td><input name="username" type="text" id="username" value="' . $_POST['username'] . '"></td></tr>';
echo '<tr><td>Password:</td><td><input name="password" type="password" id="password"></td></tr>';
echo '<td><input name="command" type="hidden" id="command" value="Login" readonly="readonly"></td>';
echo '<td><input name="source" type="hidden" id="source" value="Upload:upload.php" readonly="readonly"></td>';
echo '<td><input name="command" type="hidden" id="command" value="Upload" readonly="readonly"></td>';
echo '<input type="hidden" name="key" value="' . password_hash($CONFIG['thissitekey'] . $name, PASSWORD_DEFAULT) . '">';
echo '<td>&nbsp;</td>';
echo '<td><input type="submit" name="Submit" value="Login"></td>';
echo '</tr>';
echo '</form>';
echo '</form>';
} else {
echo '<form name="form1" method="post" action="upload.php" enctype="multipart/form-data">';
echo '<tr><td><strong>Logged in as ' . $_POST['username'] . '<br />(max size=2MB)</strong></td></tr>';
echo '<td><input name="command" type="hidden" id="command" value="Upload" readonly="readonly"></td>';
echo '<input type="hidden" name="key" value="' . password_hash($CONFIG['thissitekey'] . $name, PASSWORD_DEFAULT) . '">';
@ -113,9 +117,9 @@ if (! $logged_in && ! check_bbs_auth($_POST['username'], $_POST['password'])) {
echo '<tr><td><input type="file" name="photo" id="fileSelect" value="fileSelect" accept="image/*,audio/*,text/*,application/*"></td>
';
echo '<td>&nbsp;<input type="submit" name="Submit" value="Upload"></td>';
echo '</form>';
}
echo '</tr>';
echo '</form>';
echo '</table>';
echo '</body></html>';
?>