Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Authentification changed. And flash uploader authentification added

  • Loading branch information...
commit 9a922f38871e1d278a829ff7e3fea469f30ff18d 1 parent 8f30c75
Darius Matulionis authored
3  tiny_mce/plugins/imgmanager/dialog.php
@@ -10,6 +10,7 @@
10 10
11 11 <link href="css/bootstrap.css" rel="stylesheet" />
12 12 <link href="css/styles.css" rel="stylesheet" />
  13 + <script type="text/javascript"> var hash = "<?= ENCRIPTED_SESSION_ID ?>";</script>
13 14 <script type="text/javascript" src="../../tiny_mce_popup.js"></script>
14 15 <script type="text/javascript" src="js/jquery.js"></script>
15 16 <script type="text/javascript" src="js/bootstrap.min.js"></script>
@@ -19,9 +20,9 @@
19 20 <script type="text/javascript" src="js/jquery.uploadify.v2.1.4.min.js"></script>
20 21 <script type="text/javascript" src="js/jquery.Jcrop.min.js"></script>
21 22 <script type="text/javascript" src="js/dialog.js"></script>
22   -
23 23 </head>
24 24 <body>
  25 + <?= $_SESSION['session_id'] ?>
25 26 <br/>
26 27 <div class="container-fluid">
27 28 <div class="row-fluid">
2  tiny_mce/plugins/imgmanager/js/dialog.js
@@ -19,7 +19,7 @@ var ImgManagerDialog = {
19 19 'folder' : '',
20 20 'auto' : false,
21 21 'multi' : true,
22   - 'scriptData': {"uploadify":1}
  22 + 'scriptData': {"uploadify":1,"hash":hash}
23 23 });
24 24 },
25 25 close : function() {
29 tiny_mce/plugins/imgmanager/libs/EncriptDecript.php
... ... @@ -0,0 +1,29 @@
  1 +<?php
  2 +
  3 +/**
  4 + * @name EncriptDecript
  5 + * @copyright Darius Matulionis
  6 + * @author Darius Matulionis <darius@matulionis.lt>
  7 + * @since : 2012-03-02, 15.13.27
  8 + */
  9 +class EncriptDecript{
  10 + protected $salt = "098j*#YDJ_)#)@D)(FFM)JFN@*(_(h8(#@DFJ@_kjd20-f92fy23039djm";
  11 +
  12 + /**
  13 + * Get Encripted string
  14 + * @param String $string
  15 + * @return String
  16 + */
  17 + public function encript($string){
  18 + return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($this->salt), $string, MCRYPT_MODE_CBC, md5(md5($this->salt))));
  19 + }
  20 +
  21 + /**
  22 + * Get Decripted string
  23 + * @param String $encrypted Encripted string
  24 + * @return String
  25 + */
  26 + public function decript($encrypted){
  27 + return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($this->salt), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($this->salt))), "\0");
  28 + }
  29 +}
14 tiny_mce/plugins/imgmanager/libs/ajax.php
@@ -5,6 +5,19 @@
5 5 * @copyright Darius Matulionis
6 6 * @author Darius Matulionis <darius@matulionis.lt>
7 7 */
  8 +
  9 +//UPLOADIFY SESSION AUTH
  10 +//!!!! CHANGE THIS IF NEDED!!!!!!
  11 +if (!empty($_FILES) && isset($_FILES['Filedata']) && $_REQUEST['hash']) {
  12 + require 'EncriptDecript.php';
  13 + $ed = new EncriptDecript();
  14 + $session_id = $ed->decript($_REQUEST['hash']);
  15 + $_COOKIE['PHPSESSID'] = $session_id;
  16 + session_id($session_id);
  17 + session_start();
  18 + $_SESSION['user_auth'] = true;
  19 +}
  20 +
8 21 require_once 'config.php';
9 22 require_once 'FilesHandler.php';
10 23 $filesHandler = new FilesHandler();
@@ -21,7 +34,6 @@
21 34
22 35 $targetPath = UPLOADS_PATH . DIRECTORY_SEPARATOR . $sub_dircetory;
23 36
24   - //$targetPath = $_SERVER['DOCUMENT_ROOT'] . $_REQUEST['folder'] . '/';
25 37 $targetFile = str_replace('//', '/', $targetPath) . $_FILES['Filedata']['name'];
26 38
27 39 move_uploaded_file($tempFile, $targetFile);
21 tiny_mce/plugins/imgmanager/libs/config.php
@@ -12,8 +12,21 @@
12 12 /**
13 13 * AUTH SHOULD BE DONE HERE !!!!
14 14 */
15   -//!!!! CHANGE THIS !!!!!!
16   -$auth = true;
  15 +//!!!! CHANGE THIS !!!!!! AND THEN ajax.php
  16 +
  17 +$session_id = session_id() ? session_id() : $_COOKIE["PHPSESSID"];
  18 +if(session_start()){
  19 + $_SESSION['session_id'] = $session_id;
  20 + $_SESSION['user_auth'] = true;
  21 +}
  22 +
  23 +$auth = false;
  24 +if($_SESSION['session_id'] && $_SESSION['user_auth']){
  25 + $auth = true;
  26 + require 'EncriptDecript.php';
  27 + $ed = new EncriptDecript();
  28 + $encripted_session_id =$ed->encript($session_id);
  29 +}
17 30
18 31 if(!$auth){
19 32 die("You are not allowed to be here !!!");
@@ -29,6 +42,10 @@
29 42 defined('LIBS_PATH')
30 43 || define('LIBS_PATH', realpath(dirname(__FILE__)));
31 44
  45 +//ENCRIPTED SESSION ID
  46 +defined('ENCRIPTED_SESSION_ID')
  47 + || define('ENCRIPTED_SESSION_ID', $encripted_session_id);
  48 +
32 49
33 50 //!!!! CHANGE THIS !!!!!!
34 51 // WEB BASE DIRECTORY

0 comments on commit 9a922f3

Please sign in to comment.
Something went wrong with that request. Please try again.