disable web browser post inputs if no storage write permission

1 files changed, 6 insertions, 78 deletions

diff --git a/mod/cloud.php b/mod/cloud.php
index 1b2b65d05..a72d0f108 100644
--- a/mod/cloud.php
+++ b/mod/cloud.php
@@ -1,23 +1,5 @@
 <?php
 
-	// This module is currently !!!HIGHLY EXPERIMENTAL!!!
-	// You should think twice before running this on a production server
-	// as security mechanisms are not yet implemented and those that
-	// are implemented probably don't work.
-
-	// DAV mounts will probably fail if you don't use SSL, because some platforms refuse to send
-	// basic auth over non-encrypted connections.
-	// One could use digest auth - but then one has to calculate the A1 digest and store it for
-	// all acounts. We aren't doing that. We have a stored password already. We don't need another
-	// one. The login unfortunately is the channel nickname (webbie) as we have no way of passing 
-	// the destination channel to DAV. You should be able to login with your account credentials 
-	// and be directed to your default channel. 
-
-	// This interface does not yet support Red stored files. Consider any content in your "store" 
-	// directory to be throw-away until advised otherwise.
-
-
-
 	use Sabre\DAV;
 
     require_once('vendor/autoload.php');
@@ -44,69 +26,10 @@
 
 
 
-class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic {
-
-	public $channel_name = '';
-	public $channel_id = 0;
-	public $channel_hash = '';
-	public $observer = '';
-
-	public $owner_id;
-
-    protected function validateUserPass($username, $password) {
-		require_once('include/auth.php');
-		$record = account_verify_password($email,$pass);
-		if($record && $record['account_default_channel']) {
-			$r = q("select * from channel where channel_account_id = %d and channel_id = %d limit 1",
-				intval($record['account_id']),
-				intval($record['account_default_channel'])
-			);
-			if($r) {
-				$this->currentUser = $r[0]['channel_address'];
-				$this->channel_name = $r[0]['channel_address'];
-				$this->channel_id = $r[0]['channel_id'];
-				$this->channel_hash = $this->observer = $r[0]['channel_hash'];
-				return true;
-			}
-		}
-		$r = q("select * from channel where channel_address = '%s' limit 1",
-			dbesc($username)
-		);
-		if($r) {
-			$x = q("select * from account where account_id = %d limit 1",
-				intval($r[0]['channel_account_id'])
-			);
-			if($x) {
-			    foreach($x as $record) {
-			        if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)
-            		&& (hash('whirlpool',$record['account_salt'] . $password) === $record['account_password'])) {
-			            logger('(DAV) RedBasicAuth: password verified for ' . $username);
-						$this->currentUser = $r[0]['channel_address'];
-						$this->channel_name = $r[0]['channel_address'];
-						$this->channel_id = $r[0]['channel_id'];
-						$this->channel_hash = $this->observer = $r[0]['channel_hash'];
-            			return true;
-        			}
-    			}
-			}
-		}
-	    logger('(DAV) RedBasicAuth: password failed for ' . $username);
-    	return false;
-	}
-
-	function setCurrentUser($name) {
-		$this->currentUser = $name;
-	}
-
-
-}
 
 
 function cloud_init(&$a) {
 
-	if(! get_config('system','enable_cloud'))
-		killme();
-
 	require_once('include/reddav.php');
 
 	$auth = new RedBasicAuth();
@@ -136,7 +59,12 @@ function cloud_init(&$a) {
 	if(! $auth->observer)
 		$auth->Authenticate($server,'Red Matrix');
 
-	$browser = new DAV\Browser\Plugin();
+//	$browser = new DAV\Browser\Plugin();
+
+	$browser = new RedBrowser($auth);
+
+	$auth->setBrowserPlugin($browser);
+
 	$server->addPlugin($browser);