correct authentication and put the login/password in the config template.
--- a/web/common.php Mon Nov 25 22:28:08 2013 +0100
+++ b/web/common.php Tue Nov 26 01:18:39 2013 +0100
@@ -407,16 +407,28 @@
$realm = 'Polemictweet restricted area';
+/*function authenticate($users, $translate) {
+ if (!isset($_SESSION['user_id']))
+ {
+ // Fetch current URL
+ $this_url = $_SERVER['REQUEST_URI'];
+
+ // Redirect to login page passing current URL
+ header('Location: login.php?return_url=' . urlencode($this_url));
+ exit;
+ }
+}*/
+
function authenticate($users, $translate) {
global $realm;
- if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
+
+ if (empty($_SERVER['PHP_AUTH_DIGEST']) || !isset($_SESSION['http_digest_nonce'])) {
$_SESSION['http_digest_nonce'] = uniqid();
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="'.$realm.
'",qop="auth",nonce="'.$_SESSION['http_digest_nonce'].'",opaque="'.md5($realm).'"');
-
return array('error' => $translate->_('This area is restricted, please authenticate'));
}
@@ -425,6 +437,8 @@
if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) ||
!isset($users[$data['username']])) {
$_SERVER['PHP_AUTH_DIGEST'] = '';
+ unset($_SESSION['auth']);
+ unset($_SESSION['http_digest_nonce']);
return array('error' => $translate->_('Wrong Credentials!'));
}
@@ -436,20 +450,21 @@
if ($data['response'] != $valid_response) {
$_SERVER['PHP_AUTH_DIGEST'] = '';
+ unset($_SESSION['http_digest_nonce']);
+ unset($_SESSION['auth']);
return array('error' => $translate->_('Wrong Credentials!'));
}
// ok, valid username & password
- $_SESSION['auth'] = $data;
+ $_SESSION['auth'] = $data['username'];
return $data;
}
function logout() {
global $realm;
- $_SESSION['auth'] = null;
- header('HTTP/1.1 401 Unauthorized');
- header('WWW-Authenticate: Digest realm="'.$realm.'",qop="auth",nonce="'.$_SESSION['http_digest_nonce'].'",opaque="'.md5($realm).'"');
+ unset($_SESSION['auth']);
+ unset($_SESSION['http_digest_nonce']);
}
--- a/web/config.php.tmpl Mon Nov 25 22:28:08 2013 +0100
+++ b/web/config.php.tmpl Tue Nov 26 01:18:39 2013 +0100
@@ -10,5 +10,6 @@
define('SECRET', '^e)3u&jwy@#156no9lmc1s&$g-x0n@lb=(+xgovk#5^kb)qvkb');
$C_default_registry = 'cdn';
+$C_event_users = array('polemictweet' => 'polemictweet'.date('Y/m/d'));
$ldt_platform = 'http://ldt.iri.centrepompidou.fr/';
--- a/web/event_form.php Mon Nov 25 22:28:08 2013 +0100
+++ b/web/event_form.php Tue Nov 26 01:18:39 2013 +0100
@@ -167,7 +167,7 @@
<div class="event-field-example"><a href="<?php echo(URL_ROOT); ?>index.php?highlight=.AVBtext" target="_blank"><?php print $translate->_("Event_example"); ?></a></div>
</div>
</fieldset>
- <input type="submit"/>
+ <input type="submit" />
</form>
<?php
}
--- a/web/event_list.php Mon Nov 25 22:28:08 2013 +0100
+++ b/web/event_list.php Tue Nov 26 01:18:39 2013 +0100
@@ -9,7 +9,14 @@
$iv = substr($delete_enc, 0, $C_openssl_cipher_iv_length);
$delete_dec = substr(openssl_decrypt(substr($delete_enc, $C_openssl_cipher_iv_length), 'aes256', hash('sha256', SECRET, true), 0), $C_openssl_cipher_iv_length);
if(is_file($dir."/".$delete_dec)) {
- unlink($dir."/".$delete_dec);
+
+ foreach (glob("$dir/*") as $filename) {
+ $filename = basename($filename);
+ if($filename !== "." && $filename != ".." && $filename === $delete_dec) {
+ // chek that file name is really in dir
+ unlink($dir."/".$delete_dec);
+ }
+ }
}
}
--- a/web/logout.php Mon Nov 25 22:28:08 2013 +0100
+++ b/web/logout.php Tue Nov 26 01:18:39 2013 +0100
@@ -1,76 +1,5 @@
<?php
include_once 'common.php';
logout();
-
-$data = authenticate($C_event_users, $translate);
-
-$dest_url = URL_ROOT;
-
-if(isset($data) && !isset($data['error']) && isset($data['name']) && !empty($data['name'])) {
- $dest_url = URL_ROOT."/event_form.php";
-}
-
-?>
-<!DOCTYPE html>
-<html lang="<?php echo($actual); ?>">
-<head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
- <title>Polemic Tweet — logout</title>
- <meta http-equiv="X-UA-Compatible" content="IE=9" />
- <meta http-equiv="refresh" content="1;url=<?php echo($dest_url);?>">
-
- <!-- FONT -->
- <link href='<?php echo(registry_url('PT-Sans_Narrow','font'))?>' rel='stylesheet' type='text/css'>
- <link href='<?php echo(registry_url('PT-Sans','font'))?>' rel='stylesheet' type='text/css'>
-
- <!-- CSS -->
- <link rel="stylesheet" href="<?php echo(registry_url('blueprint-screen','css'));?>" type="text/css" media="screen, projection"/>
- <link rel="stylesheet" href="<?php echo(registry_url('blueprint-print','css'));?>" type="text/css" media="print"/>
- <!--[if lt IE 8]><link rel="stylesheet" href="<?php echo(registry_url('blueprint-ie','css'));?>" type="text/css" media="screen, projection"><![endif]-->
- <link rel="stylesheet" href="<?php echo(registry_url('blueprint-plugins-fancy-type','css'));?>" type="text/css" media="screen, projection"/>
- <link rel="stylesheet" href="<?php echo(registry_url('custom','css'));?>" type="text/css" media="screen, projection"/>
-
- <script type="text/javascript">
- window.location.href = "<?php echo($dest_url);?>";
- </script>
- <!-- JAVASCRIPT -->
- <script type="text/javascript" src="<?php echo(registry_url('jquery','js'))?>"></script>
- <script type="text/javascript" src="<?php echo(registry_url('underscore','js'))?>"></script>
-
-</head>
-<body>
- <div id="sendUsFeedBack"><a href="<?php echo($C_feedback_form_url); ?>" target="_blank"><img src="<?php echo(URL_ROOT); ?>images/sendusfeedback.png"></a></div>
- <div class="container">
- <img src="images/ENMI_2010_logo.gif" class="logo">
- <ul class="menu">
- <li class="menuUnderline"><a href="<?php echo(URL_ROOT); ?>" class="menuLink">
- <?php print $translate->_("Accueil"); ?></a></li>
- <li class="menuUnderline"><a href="<?php echo(URL_ROOT); ?>about.php" class="menuLink">
- <?php print $translate->_("A propos"); ?></a></li>
- <li ><a href="mailto:contact@iri.centrepompidou.fr" class="menuLink" >
- <?php print $translate->_("Contact"); ?></a></li>
- </ul>
- <ul class="menu">
- <li class="menuUnderline"><a href="<?php echo(URL_ROOT); ?>archives.php" class="menuLink">
- <?php print $translate->_("Archives"); ?></a></li>
- </ul>
-
-
- <ul class="menu lang" >
- <li class="menuUnderline"><a href="<?php echo(URL_ROOT); ?>index.php?lang=ja_JP" class="menuLink" >
- <img src='images/flag_jp.gif'<?php if($actual!="ja_JP"){echo("style='opacity: .5;'"); } ?> />
- <?php print $translate->_("Japonais"); ?></a></li>
- <li class="menuUnderline"><a href="<?php echo(URL_ROOT); ?>index.php?lang=fr" class="menuLink">
- <img src='images/flag_fr.gif' <?php if($actual!="fr"){echo("style='opacity: .5;'"); } ?> />
- <?php print $translate->_("Français"); ?></a></li>
- <li ><a href="<?php echo(URL_ROOT); ?>index.php?lang=en" class="menuLink">
- <img src='images/flag_en.gif' <?php if($actual!="en"){echo("style='opacity: .5;'"); } ?> />
- <?php print $translate->_("Anglais"); ?></a></li>
- </ul>
- </div>
- <div class="container">
- If you are not redirected automatically, follow the <a href='<?php echo($dest_url);?>'>link</a>
- </body>
- </div>
- </body>
-</html>
\ No newline at end of file
+header("location:".URL_ROOT);
+exit();
--- a/web/res/css/custom.css Mon Nov 25 22:28:08 2013 +0100
+++ b/web/res/css/custom.css Tue Nov 26 01:18:39 2013 +0100
@@ -211,3 +211,7 @@
width: 16px;
display: inline-block;
}
+
+#event-form {
+ margin-bottom: 20px;
+}
--- a/web/traductions/en.php Mon Nov 25 22:28:08 2013 +0100
+++ b/web/traductions/en.php Tue Nov 26 01:18:39 2013 +0100
@@ -201,6 +201,10 @@
"archive_title_help" => "Title of the archive.",
"archive_description_help" => "Description of the archive.",
+ "Wrong Credentials!" => "Wrong Credentials!",
+ "This area is restricted, please authenticate" => "This area is restricted, please authenticate",
+
+
"Event_error_empty_title" => "Error, the event title is empty.",
"Event_recorded_message" => "Your event as been correctly recorded. Contact <a href=\"mailto:contact@iri.centrepompidou.fr\">us</a> to publish it on Polemictweet.",
"Event_confirm_delete_archive" => "Are your sure to delete the event configuration ?",
--- a/web/traductions/fr.php Mon Nov 25 22:28:08 2013 +0100
+++ b/web/traductions/fr.php Tue Nov 26 01:18:39 2013 +0100
@@ -194,6 +194,10 @@
"archive_title_help" => "Titre de l'archive dans la liste des événements passés.",
"archive_description_help" => "Description de l'archive dans la liste des événements passés.",
+ "Wrong Credentials!" => "Mauvais login/mot de passe !",
+ "This area is restricted, please authenticate" => "L'accès à cette zone est restreint, veuillez vous authentifier.",
+
+
"Event_error_empty_title" => "Erreur, le titre de l'évènement est vide.",
"Event_recorded_message" => "Votre évènement a été correctement enregistré. <a href=\"mailto:contact@iri.centrepompidou.fr\">Contactez nous</a> pour le publier sur Polemictweet.",
"Event_confirm_delete_archive" => "Êtes-vous sur de vouloir effacer cette configuration d'évènement ?",
--- a/web/traductions/ja.php Mon Nov 25 22:28:08 2013 +0100
+++ b/web/traductions/ja.php Tue Nov 26 01:18:39 2013 +0100
@@ -192,6 +192,9 @@
"archive_title_help" => "Title of the archive.",
"archive_description_help" => "Description of the archive.",
+ "Wrong Credentials!" => "Wrong Credentials!",
+ "This area is restricted, please authenticate" => "This area is restricted, please authenticate",
+
"Event_error_empty_title" => "Error, the event title is empty.",
"Event_recorded_message" => "Your event as been correctly recorded. Contact <a href=\"mailto:contact@iri.centrepompidou.fr\">us</a> to publish it on Polemictweet.",
"Event_confirm_delete_archive" => "Are your sure to delete the event configuration ?",