diff options
author | friendica <info@friendica.com> | 2014-01-05 19:25:56 -0800 |
---|---|---|
committer | friendica <info@friendica.com> | 2014-01-05 19:25:56 -0800 |
commit | daf5daa2d3c53a70102c930647bb1e0e755abe28 (patch) | |
tree | 16f98552676e4d12c6420b21786b2413511d7210 /mod | |
parent | e10c237386c95a180a1b6951304b98ce1d953551 (diff) | |
download | volse-hubzilla-daf5daa2d3c53a70102c930647bb1e0e755abe28.tar.gz volse-hubzilla-daf5daa2d3c53a70102c930647bb1e0e755abe28.tar.bz2 volse-hubzilla-daf5daa2d3c53a70102c930647bb1e0e755abe28.zip |
disable web browser post inputs if no storage write permission
Diffstat (limited to 'mod')
-rw-r--r-- | mod/cloud.php | 84 |
1 files changed, 6 insertions, 78 deletions
diff --git a/mod/cloud.php b/mod/cloud.php index 1b2b65d05..a72d0f108 100644 --- a/mod/cloud.php +++ b/mod/cloud.php @@ -1,23 +1,5 @@ <?php - // This module is currently !!!HIGHLY EXPERIMENTAL!!! - // You should think twice before running this on a production server - // as security mechanisms are not yet implemented and those that - // are implemented probably don't work. - - // DAV mounts will probably fail if you don't use SSL, because some platforms refuse to send - // basic auth over non-encrypted connections. - // One could use digest auth - but then one has to calculate the A1 digest and store it for - // all acounts. We aren't doing that. We have a stored password already. We don't need another - // one. The login unfortunately is the channel nickname (webbie) as we have no way of passing - // the destination channel to DAV. You should be able to login with your account credentials - // and be directed to your default channel. - - // This interface does not yet support Red stored files. Consider any content in your "store" - // directory to be throw-away until advised otherwise. - - - use Sabre\DAV; require_once('vendor/autoload.php'); @@ -44,69 +26,10 @@ -class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic { - - public $channel_name = ''; - public $channel_id = 0; - public $channel_hash = ''; - public $observer = ''; - - public $owner_id; - - protected function validateUserPass($username, $password) { - require_once('include/auth.php'); - $record = account_verify_password($email,$pass); - if($record && $record['account_default_channel']) { - $r = q("select * from channel where channel_account_id = %d and channel_id = %d limit 1", - intval($record['account_id']), - intval($record['account_default_channel']) - ); - if($r) { - $this->currentUser = $r[0]['channel_address']; - $this->channel_name = $r[0]['channel_address']; - $this->channel_id = $r[0]['channel_id']; - $this->channel_hash = $this->observer = $r[0]['channel_hash']; - return true; - } - } - $r = q("select * from channel where channel_address = '%s' limit 1", - dbesc($username) - ); - if($r) { - $x = q("select * from account where account_id = %d limit 1", - intval($r[0]['channel_account_id']) - ); - if($x) { - foreach($x as $record) { - if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED) - && (hash('whirlpool',$record['account_salt'] . $password) === $record['account_password'])) { - logger('(DAV) RedBasicAuth: password verified for ' . $username); - $this->currentUser = $r[0]['channel_address']; - $this->channel_name = $r[0]['channel_address']; - $this->channel_id = $r[0]['channel_id']; - $this->channel_hash = $this->observer = $r[0]['channel_hash']; - return true; - } - } - } - } - logger('(DAV) RedBasicAuth: password failed for ' . $username); - return false; - } - - function setCurrentUser($name) { - $this->currentUser = $name; - } - - -} function cloud_init(&$a) { - if(! get_config('system','enable_cloud')) - killme(); - require_once('include/reddav.php'); $auth = new RedBasicAuth(); @@ -136,7 +59,12 @@ function cloud_init(&$a) { if(! $auth->observer) $auth->Authenticate($server,'Red Matrix'); - $browser = new DAV\Browser\Plugin(); +// $browser = new DAV\Browser\Plugin(); + + $browser = new RedBrowser($auth); + + $auth->setBrowserPlugin($browser); + $server->addPlugin($browser); |