Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Authentification changed. And flash uploader authentification added

  • Loading branch information...
commit 9a922f38871e1d278a829ff7e3fea469f30ff18d 1 parent 8f30c75
@DarkaOnLine authored
View
3  tiny_mce/plugins/imgmanager/dialog.php
@@ -10,6 +10,7 @@
<link href="css/bootstrap.css" rel="stylesheet" />
<link href="css/styles.css" rel="stylesheet" />
+ <script type="text/javascript"> var hash = "<?= ENCRIPTED_SESSION_ID ?>";</script>
<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
<script type="text/javascript" src="js/jquery.js"></script>
<script type="text/javascript" src="js/bootstrap.min.js"></script>
@@ -19,9 +20,9 @@
<script type="text/javascript" src="js/jquery.uploadify.v2.1.4.min.js"></script>
<script type="text/javascript" src="js/jquery.Jcrop.min.js"></script>
<script type="text/javascript" src="js/dialog.js"></script>
-
</head>
<body>
+ <?= $_SESSION['session_id'] ?>
<br/>
<div class="container-fluid">
<div class="row-fluid">
View
2  tiny_mce/plugins/imgmanager/js/dialog.js
@@ -19,7 +19,7 @@ var ImgManagerDialog = {
'folder' : '',
'auto' : false,
'multi' : true,
- 'scriptData': {"uploadify":1}
+ 'scriptData': {"uploadify":1,"hash":hash}
});
},
close : function() {
View
29 tiny_mce/plugins/imgmanager/libs/EncriptDecript.php
@@ -0,0 +1,29 @@
+<?php
+
+/**
+ * @name EncriptDecript
+ * @copyright Darius Matulionis
+ * @author Darius Matulionis <darius@matulionis.lt>
+ * @since : 2012-03-02, 15.13.27
+ */
+class EncriptDecript{
+ protected $salt = "098j*#YDJ_)#)@D)(FFM)JFN@*(_(h8(#@DFJ@_kjd20-f92fy23039djm";
+
+ /**
+ * Get Encripted string
+ * @param String $string
+ * @return String
+ */
+ public function encript($string){
+ return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($this->salt), $string, MCRYPT_MODE_CBC, md5(md5($this->salt))));
+ }
+
+ /**
+ * Get Decripted string
+ * @param String $encrypted Encripted string
+ * @return String
+ */
+ public function decript($encrypted){
+ return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($this->salt), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($this->salt))), "\0");
+ }
+}
View
14 tiny_mce/plugins/imgmanager/libs/ajax.php
@@ -5,6 +5,19 @@
* @copyright Darius Matulionis
* @author Darius Matulionis <darius@matulionis.lt>
*/
+
+//UPLOADIFY SESSION AUTH
+//!!!! CHANGE THIS IF NEDED!!!!!!
+if (!empty($_FILES) && isset($_FILES['Filedata']) && $_REQUEST['hash']) {
+ require 'EncriptDecript.php';
+ $ed = new EncriptDecript();
+ $session_id = $ed->decript($_REQUEST['hash']);
+ $_COOKIE['PHPSESSID'] = $session_id;
+ session_id($session_id);
+ session_start();
+ $_SESSION['user_auth'] = true;
+}
+
require_once 'config.php';
require_once 'FilesHandler.php';
$filesHandler = new FilesHandler();
@@ -21,7 +34,6 @@
$targetPath = UPLOADS_PATH . DIRECTORY_SEPARATOR . $sub_dircetory;
- //$targetPath = $_SERVER['DOCUMENT_ROOT'] . $_REQUEST['folder'] . '/';
$targetFile = str_replace('//', '/', $targetPath) . $_FILES['Filedata']['name'];
move_uploaded_file($tempFile, $targetFile);
View
21 tiny_mce/plugins/imgmanager/libs/config.php
@@ -12,8 +12,21 @@
/**
* AUTH SHOULD BE DONE HERE !!!!
*/
-//!!!! CHANGE THIS !!!!!!
-$auth = true;
+//!!!! CHANGE THIS !!!!!! AND THEN ajax.php
+
+$session_id = session_id() ? session_id() : $_COOKIE["PHPSESSID"];
+if(session_start()){
+ $_SESSION['session_id'] = $session_id;
+ $_SESSION['user_auth'] = true;
+}
+
+$auth = false;
+if($_SESSION['session_id'] && $_SESSION['user_auth']){
+ $auth = true;
+ require 'EncriptDecript.php';
+ $ed = new EncriptDecript();
+ $encripted_session_id =$ed->encript($session_id);
+}
if(!$auth){
die("You are not allowed to be here !!!");
@@ -29,6 +42,10 @@
defined('LIBS_PATH')
|| define('LIBS_PATH', realpath(dirname(__FILE__)));
+//ENCRIPTED SESSION ID
+defined('ENCRIPTED_SESSION_ID')
+ || define('ENCRIPTED_SESSION_ID', $encripted_session_id);
+
//!!!! CHANGE THIS !!!!!!
// WEB BASE DIRECTORY
Please sign in to comment.
Something went wrong with that request. Please try again.