From eae714322877cbc6f933d3e5141075c7ce47775a Mon Sep 17 00:00:00 2001
From: Retro_Guy <retro.guy@rocksolidbbs.com>
Date: Sun, 9 Jul 2023 13:10:59 -0700
Subject: [PATCH] Combine user login for mail, files and user.

---
 Rocksolid_Light/spoolnews/mail.php   |  3 ++-
 Rocksolid_Light/spoolnews/upload.php | 36 ++++++++++++++++------------
 Rocksolid_Light/spoolnews/user.php   |  8 +++++++
 3 files changed, 31 insertions(+), 16 deletions(-)

diff --git a/Rocksolid_Light/spoolnews/mail.php b/Rocksolid_Light/spoolnews/mail.php
index f88de89..eb92bd7 100644
--- a/Rocksolid_Light/spoolnews/mail.php
+++ b/Rocksolid_Light/spoolnews/mail.php
@@ -99,7 +99,8 @@ if(isset($_POST['username'])) {
 }
         if($logged_in !== true) {
 echo '<table border="0" align="center" cellpadding="0" cellspacing="1">';
-echo '<form name="form1" method="post" action="mail.php" enctype="multipart/form-data">';
+echo '<form name="form1" method="post" action="user.php" enctype="multipart/form-data">';
+//echo '<form name="form1" method="post" action="mail.php" enctype="multipart/form-data">';
 echo '<tr><td><strong>Please Login<br /></strong></td></tr>';
 echo '<tr><td>Username:</td><td><input name="username" type="text" id="username" value="'.$name.'"></td></tr>';
 echo '<tr><td>Password:</td><td><input name="password" type="password" id="password"></td></tr>';
diff --git a/Rocksolid_Light/spoolnews/upload.php b/Rocksolid_Light/spoolnews/upload.php
index eac5559..a0b6e3a 100644
--- a/Rocksolid_Light/spoolnews/upload.php
+++ b/Rocksolid_Light/spoolnews/upload.php
@@ -4,18 +4,24 @@ include "newsportal.php";
 
 $logfile=$logdir.'/files.log';
 
-unset($name);
-if(isset($_POST['username']) && $_POST['username'] !== '') {
-  $name = $_POST['username'];
-} else {
-  if ($setcookies) {
-    if (isset($_COOKIE['files_name'])) {
-      $name=$_COOKIE['files_name'];
-    }
-  }
+$keyfile = $spooldir.'/keys.dat';
+$keys = unserialize(file_get_contents($keyfile));
+
+$name = '';
+
+$logged_in = false;
+if(!isset($_POST['username'])) {
+    $_POST['username'] = $_COOKIE['mail_name'];
 }
-if(!isset($name)) {
-  $name = '';
+$name = $_POST['username'];
+if(!isset($_POST['password'])) {
+    $_POST['password'] = null;
+}
+if(!isset($_COOKIE['mail_auth'])) {
+    $_COOKIE['mail_auth'] = null;
+}
+if((password_verify($_POST['username'].$keys[0].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'].$keys[1].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['mail_auth']))) {
+    $logged_in = true;
 }
 
   $title.=' - Upload file';
@@ -37,7 +43,6 @@ include "head.inc";
     echo '</td>';
     echo '<td width=100%></td></tr></table>';
     echo '<hr>';
-
 if(isset($_FILES['photo'])) {
    $_FILES['photo']['name'] = preg_replace('/[^a-zA-Z0-9\.]/', '_', $_FILES['photo']['name']);
 // Check auth here
@@ -63,7 +68,7 @@ if(isset($_FILES['photo'])) {
       <script type="text/javascript">
        if (navigator.cookieEnabled)
          var savename = "<?php echo stripslashes($name); ?>";
-         document.cookie = "files_name="+savename+"; path=/";
+         document.cookie = "mail_name="+savename+"; path=/";
       </script>
 <?php
       } else {
@@ -74,7 +79,8 @@ if(isset($_FILES['photo'])) {
 }
 
   echo '<table border="0" align="center" cellpadding="0" cellspacing="1">';
-  echo '<form name="form1" method="post" action="upload.php" enctype="multipart/form-data">';
+  echo '<form name="form1" method="post" action="user.php" enctype="multipart/form-data">';
+//echo '<form name="form1" method="post" action="upload.php" enctype="multipart/form-data">';
 
   if(!isset($_POST['username'])) {
       $_POST['username'] = '';
@@ -82,7 +88,7 @@ if(isset($_FILES['photo'])) {
   if(!isset($_POST['password'])) {
       $_POST['password'] = '';
   }
-if(!check_bbs_auth($_POST['username'], $_POST['password'])) {  
+if(!$logged_in && !check_bbs_auth($_POST['username'], $_POST['password'])) {  
   echo '<tr><td><strong>Please Login to Upload<br /></strong></td></tr>';
   echo '<tr><td>Username:</td><td><input name="username" type="text" id="username" value="'.$name.'"></td></tr>';
   echo '<tr><td>Password:</td><td><input name="password" type="password" id="password"></td></tr>';
diff --git a/Rocksolid_Light/spoolnews/user.php b/Rocksolid_Light/spoolnews/user.php
index 9d4c5df..3c78116 100644
--- a/Rocksolid_Light/spoolnews/user.php
+++ b/Rocksolid_Light/spoolnews/user.php
@@ -89,6 +89,14 @@ echo '<table cellpadding="0" cellspacing="0" class="np_buttonbar"><tr>';
       echo '<button class="np_button_link" type="submit">Mail</button>';
       echo '</form>';
       echo '</td>';
+// Files button
+          echo '<td>';
+          echo '<form target="'.$frame['content'].'" method="post" action="files.php">';
+          echo '<input name="command" type="hidden" id="command" value="Files" readonly="readonly">';
+          echo "<input type='hidden' name='username' value='".$_POST['username']."' />";
+          echo '<button class="np_button_link" type="submit">Files</button>';
+          echo '</form>';
+          echo '</td>';
 // Logout button
       echo '<td>';
       echo '<form target="'.$frame['content'].'" method="post" action="user.php">';