diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/cloud.php | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/mod/cloud.php b/mod/cloud.php index de42249fe..f6ea059ce 100644 --- a/mod/cloud.php +++ b/mod/cloud.php @@ -74,7 +74,6 @@ function cloud_init(&$a) { $_SERVER['REQUEST_URI'] = str_replace(array('?f=','&f='),array('',''),$_SERVER['REQUEST_URI']); $_SERVER['REQUEST_URI'] = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$_SERVER['REQUEST_URI']); - $rootDirectory = new RedDirectory('/',$auth); $server = new DAV\Server($rootDirectory); $lockBackend = new DAV\Locks\Backend\File('store/[data]/locks'); @@ -82,8 +81,29 @@ function cloud_init(&$a) { $server->addPlugin($lockPlugin); + // The next section of code allows us to bypass prompting for http-auth if a FILE is being accessed anonymously and permissions + // allow this. This way one can create hotlinks to public media files in their cloud and anonymous viewers won't get asked to login. + // If a DIRECTORY is accessed or there are permission issues accessing the file and we aren't previously authenticated via zot, + // prompt for HTTP-auth. This will be the default case for mounting a DAV directory. + + // FIXME - we may require one more hack here; to allow an unauthenticated guest to view your file collection (e.g. a DIRECTORY) from + // the web browser interface without prompting for password, but still requiring one for unauthenticated folks using DAV. We may be + // able to do this with a special $_GET request var and a cookie. + + $isapublic_file = false; + + if((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) { + try { + $x = RedFileData('/' . $a->cmd,$auth); + if($x instanceof RedFile) + $isapublic_file = true; + } + catch ( Exception $e ) { + $isapublic_file = false; + } + } - if(! $auth->observer) { + if((! $auth->observer) && (! $isapublic_file)) { try { $auth->Authenticate($server, t('Red Matrix - Guests: Username: {your email address}, Password: +++')); } |