diff --git a/Rocksolid_Light/spoolnews/upload.php b/Rocksolid_Light/spoolnews/upload.php index 553dfe0..eac5559 100644 --- a/Rocksolid_Light/spoolnews/upload.php +++ b/Rocksolid_Light/spoolnews/upload.php @@ -1,6 +1,4 @@ '; echo '
'; +if(isset($_FILES['photo'])) { + $_FILES['photo']['name'] = preg_replace('/[^a-zA-Z0-9\.]/', '_', $_FILES['photo']['name']); // Check auth here - - # this include checks if the user has already logged in - $keyfile = $spooldir.'/keys.dat'; - $keys = unserialize(file_get_contents($keyfile)); - - $auth_expire = 14400; - $logged_in = false; - if(!isset($_POST['username'])) { - $_POST['username'] = $_COOKIE['mail_name']; - } - $name = $_POST['username']; - if(!isset($_POST['password'])) { - $_POST['password'] = null; - } - if(!isset($_COOKIE['mail_auth'])) { - $_COOKIE['mail_auth'] = null; - } - if(isset($_FILES['photo'])) { - $_FILES['photo']['name'] = preg_replace('/[^a-zA-Z0-9\.]/', '_', $_FILES['photo']['name']); + if(isset($_POST['key']) && password_verify($CONFIG['thissitekey'].$_POST['username'], $_POST['key'])) { + if(check_bbs_auth($_POST['username'], $_POST['password'])) { $userdir = $spooldir.'/upload/'.strtolower($_POST['username']); $upload_to = $userdir.'/'.$_FILES['photo']['name']; if(is_file($upload_to)) { @@ -83,14 +66,13 @@ include "head.inc"; document.cookie = "files_name="+savename+"; path=/";
'; + } } - if ((password_verify($_POST['username'].$keys[0].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'].$keys[1].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['mail_auth']))) { - $logged_in = true; - } else { - echo 'Authentication Failed'; - echo '

'; -} echo ''; echo ''; @@ -100,9 +82,7 @@ include "head.inc"; if(!isset($_POST['password'])) { $_POST['password'] = ''; } - -#if (!check_bbs_auth($_POST['username'], $_POST['password'])) { -if (!$logged_in) { +if(!check_bbs_auth($_POST['username'], $_POST['password'])) { echo ''; echo ''; echo ''; @@ -114,7 +94,8 @@ if (!$logged_in) { echo ''; echo ''; echo ''; - echo ''; + echo ' +'; echo ''; } echo '';
Please Login to Upload
Username:
Password: