Minor change to key in upload.php

2021-05-16 00:51:51 -07:00 · 2021-05-16 00:51:51 -07:00 · e96d74f6be
parent 483951d74c
commit e96d74f6be
1 changed files with 2 additions and 2 deletions
--- a/Rocksolid_Light/rocksolid/upload.php
+++ b/Rocksolid_Light/rocksolid/upload.php
@ -22,7 +22,7 @@ include "head.inc";

 if(isset($_FILES)) {
 // Check auth here
-    if(isset($_POST['key']) && password_verify($CONFIG['thissitekey'], $_POST['key'])) {
+    if(isset($_POST['key']) && password_verify($CONFIG['thissitekey'].$_POST['username'], $_POST['key'])) {
      if(check_bbs_auth($_POST['username'], $_POST['password'])) {
 	$userdir = '/var/spool/rslight/upload/'.strtolower($_POST[username]);
 	$upload_to = $userdir.'/'.$_FILES[photo][name];
@ -52,7 +52,7 @@ echo '<tr><td><strong>Please Login to Upload<br />(max size=2MB)</strong></td></
 echo '<tr><td>Username:</td><td><input name="username" type="text" id="username" value="'.$name.'"></td></tr>';
 echo '<tr><td>Password:</td><td><input name="password" type="password" id="password"></td></tr>';
 echo '<td><input name="command" type="hidden" id="command" value="Upload" readonly="readonly"></td>';
-echo '<input type="hidden" name="key" value="'.password_hash($CONFIG['thissitekey'], PASSWORD_DEFAULT).'">';
+echo '<input type="hidden" name="key" value="'.password_hash($CONFIG['thissitekey'].$name, PASSWORD_DEFAULT).'">';
 echo '<tr><td><input type="file" name="photo" id="fileSelect" value="fileSelect" accept="image/*,audio/*,text/*,application/*"></td>
 ';
 echo '<td>&nbsp;</td>';