diff --git a/Rocksolid_Light/spoolnews/upload.php b/Rocksolid_Light/spoolnews/upload.php
index 553dfe0..eac5559 100644
--- a/Rocksolid_Light/spoolnews/upload.php
+++ b/Rocksolid_Light/spoolnews/upload.php
@@ -1,6 +1,4 @@
';
echo '
';
+if(isset($_FILES['photo'])) {
+ $_FILES['photo']['name'] = preg_replace('/[^a-zA-Z0-9\.]/', '_', $_FILES['photo']['name']);
// Check auth here
-
- # this include checks if the user has already logged in
- $keyfile = $spooldir.'/keys.dat';
- $keys = unserialize(file_get_contents($keyfile));
-
- $auth_expire = 14400;
- $logged_in = false;
- if(!isset($_POST['username'])) {
- $_POST['username'] = $_COOKIE['mail_name'];
- }
- $name = $_POST['username'];
- if(!isset($_POST['password'])) {
- $_POST['password'] = null;
- }
- if(!isset($_COOKIE['mail_auth'])) {
- $_COOKIE['mail_auth'] = null;
- }
- if(isset($_FILES['photo'])) {
- $_FILES['photo']['name'] = preg_replace('/[^a-zA-Z0-9\.]/', '_', $_FILES['photo']['name']);
+ if(isset($_POST['key']) && password_verify($CONFIG['thissitekey'].$_POST['username'], $_POST['key'])) {
+ if(check_bbs_auth($_POST['username'], $_POST['password'])) {
$userdir = $spooldir.'/upload/'.strtolower($_POST['username']);
$upload_to = $userdir.'/'.$_FILES['photo']['name'];
if(is_file($upload_to)) {
@@ -83,14 +66,13 @@ include "head.inc";
document.cookie = "files_name="+savename+"; path=/";
';
+ }
}
- if ((password_verify($_POST['username'].$keys[0].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'].$keys[1].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['mail_auth']))) {
- $logged_in = true;
- } else {
- echo 'Authentication Failed';
- echo '
';
-}
echo '