diff --git a/Rocksolid_Light/rocksolid/files.php b/Rocksolid_Light/rocksolid/files.php index e67645d..3b438f3 100644 --- a/Rocksolid_Light/rocksolid/files.php +++ b/Rocksolid_Light/rocksolid/files.php @@ -2,14 +2,13 @@ include "config.inc.php"; include "newsportal.php"; -include $config_dir.'/admin.inc.php'; if(isset($_COOKIE['tzo'])) { $offset=$_COOKIE['tzo']; } else { $offset=$CONFIG['timezone']; } - if($_REQUEST['command'] == 'Show' && $_REQUEST['key'] == hash('md5', $admin['key'])) { + if($_REQUEST['command'] == 'Show' && password_verify($CONFIG['thissitekey'], $_REQUEST['key'])) { $getfilename = $spooldir.'/upload/'.$_REQUEST['showfile']; $getfh = fopen($getfilename, "rb"); $getfile = fread($getfh, filesize($getfilename)); @@ -41,7 +40,7 @@ include "head.inc"; echo "Select a user directory to browse"; echo '
'; } - if($found == 1 && $_POST['key'] == hash('md5', $admin['key'])) { - display_user_files($_POST['listbox'], $offset, $admin); + if($found == 1 && password_verify($CONFIG['thissitekey'], $_REQUEST['key'])) { + display_user_files($_POST['listbox'], $offset); } -function display_user_files($user, $offset, $admin) { +function display_user_files($user, $offset) { global $CONFIG, $spooldir, $text_header; $directory = $spooldir.'/upload/'.$user.'/'; if(is_dir($directory)) { @@ -95,12 +94,11 @@ function display_user_files($user, $offset, $admin) { echo ''; echo ''; echo ''; - echo ''; + echo ''; echo ''; echo ''; echo ''; echo ''; -// echo '