From 9a922f38871e1d278a829ff7e3fea469f30ff18d Mon Sep 17 00:00:00 2001
From: Darius Matulionis <darius@matulionis.lt>
Date: Fri, 2 Mar 2012 15:35:26 +0200
Subject: [PATCH] Authentification changed. And flash uploader authentification
 added

---
 tiny_mce/plugins/imgmanager/dialog.php        |  3 +-
 tiny_mce/plugins/imgmanager/js/dialog.js      |  2 +-
 .../imgmanager/libs/EncriptDecript.php        | 29 +++++++++++++++++++
 tiny_mce/plugins/imgmanager/libs/ajax.php     | 14 ++++++++-
 tiny_mce/plugins/imgmanager/libs/config.php   | 21 ++++++++++++--
 5 files changed, 64 insertions(+), 5 deletions(-)
 create mode 100644 tiny_mce/plugins/imgmanager/libs/EncriptDecript.php

diff --git a/tiny_mce/plugins/imgmanager/dialog.php b/tiny_mce/plugins/imgmanager/dialog.php
index d19500e..69207fd 100644
--- a/tiny_mce/plugins/imgmanager/dialog.php
+++ b/tiny_mce/plugins/imgmanager/dialog.php
@@ -10,6 +10,7 @@
 
         <link href="css/bootstrap.css" rel="stylesheet" />
         <link href="css/styles.css" rel="stylesheet" />
+        <script type="text/javascript"> var hash = "<?= ENCRIPTED_SESSION_ID ?>";</script>
         <script type="text/javascript" src="../../tiny_mce_popup.js"></script>
         <script type="text/javascript" src="js/jquery.js"></script>
         <script type="text/javascript" src="js/bootstrap.min.js"></script>
@@ -19,9 +20,9 @@
         <script type="text/javascript" src="js/jquery.uploadify.v2.1.4.min.js"></script>
         <script type="text/javascript" src="js/jquery.Jcrop.min.js"></script>
         <script type="text/javascript" src="js/dialog.js"></script>
-
     </head>
     <body>
+        <?= $_SESSION['session_id'] ?>
         <br/>
         <div class="container-fluid">
             <div class="row-fluid">
diff --git a/tiny_mce/plugins/imgmanager/js/dialog.js b/tiny_mce/plugins/imgmanager/js/dialog.js
index 23e6f96..9678ca7 100644
--- a/tiny_mce/plugins/imgmanager/js/dialog.js
+++ b/tiny_mce/plugins/imgmanager/js/dialog.js
@@ -19,7 +19,7 @@ var ImgManagerDialog = {
             'folder'    : '',
             'auto'      : false,
             'multi'       : true,
-            'scriptData': {"uploadify":1}
+            'scriptData': {"uploadify":1,"hash":hash}
         });
     },
     close : function() {
diff --git a/tiny_mce/plugins/imgmanager/libs/EncriptDecript.php b/tiny_mce/plugins/imgmanager/libs/EncriptDecript.php
new file mode 100644
index 0000000..89c9b12
--- /dev/null
+++ b/tiny_mce/plugins/imgmanager/libs/EncriptDecript.php
@@ -0,0 +1,29 @@
+<?php
+
+/**
+ * @name EncriptDecript
+ * @copyright Darius Matulionis
+ * @author Darius Matulionis <darius@matulionis.lt>
+ * @since : 2012-03-02, 15.13.27
+ */
+class EncriptDecript{
+    protected $salt = "098j*#YDJ_)#)@D)(FFM)JFN@*(_(h8(#@DFJ@_kjd20-f92fy23039djm";
+ 
+    /**
+     * Get Encripted string
+     * @param String $string
+     * @return String
+     */
+    public function encript($string){
+        return  base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($this->salt), $string, MCRYPT_MODE_CBC, md5(md5($this->salt))));
+    }
+    
+    /**
+     * Get Decripted string
+     * @param String $encrypted Encripted string
+     * @return String 
+     */
+    public function decript($encrypted){
+        return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($this->salt), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($this->salt))), "\0");
+    }
+}
diff --git a/tiny_mce/plugins/imgmanager/libs/ajax.php b/tiny_mce/plugins/imgmanager/libs/ajax.php
index 3bbbfb8..e66236d 100644
--- a/tiny_mce/plugins/imgmanager/libs/ajax.php
+++ b/tiny_mce/plugins/imgmanager/libs/ajax.php
@@ -5,6 +5,19 @@
  * @copyright Darius Matulionis
  * @author Darius Matulionis <darius@matulionis.lt>
  */
+
+//UPLOADIFY SESSION AUTH
+//!!!! CHANGE THIS IF NEDED!!!!!!
+if (!empty($_FILES) && isset($_FILES['Filedata']) && $_REQUEST['hash']) {
+    require 'EncriptDecript.php';
+    $ed = new EncriptDecript();
+    $session_id = $ed->decript($_REQUEST['hash']);
+    $_COOKIE['PHPSESSID'] = $session_id;
+    session_id($session_id);
+    session_start();
+    $_SESSION['user_auth'] = true;
+}
+
 require_once 'config.php';
 require_once 'FilesHandler.php';
 $filesHandler = new FilesHandler();
@@ -21,7 +34,6 @@
 
     $targetPath = UPLOADS_PATH . DIRECTORY_SEPARATOR . $sub_dircetory;
 
-    //$targetPath = $_SERVER['DOCUMENT_ROOT'] . $_REQUEST['folder'] . '/';
     $targetFile = str_replace('//', '/', $targetPath) . $_FILES['Filedata']['name'];
 
     move_uploaded_file($tempFile, $targetFile);
diff --git a/tiny_mce/plugins/imgmanager/libs/config.php b/tiny_mce/plugins/imgmanager/libs/config.php
index e466e8b..4f0f8ad 100644
--- a/tiny_mce/plugins/imgmanager/libs/config.php
+++ b/tiny_mce/plugins/imgmanager/libs/config.php
@@ -12,8 +12,21 @@
 /**
  * AUTH SHOULD BE DONE HERE !!!! 
  */
-//!!!! CHANGE THIS !!!!!!
-$auth = true;
+//!!!! CHANGE THIS !!!!!! AND THEN ajax.php
+
+$session_id = session_id() ? session_id() : $_COOKIE["PHPSESSID"];
+if(session_start()){
+    $_SESSION['session_id'] = $session_id;
+    $_SESSION['user_auth'] = true;
+}
+
+$auth = false;
+if($_SESSION['session_id'] && $_SESSION['user_auth']){
+    $auth = true;
+    require 'EncriptDecript.php';
+    $ed = new EncriptDecript();
+    $encripted_session_id =$ed->encript($session_id);
+}
 
 if(!$auth){
     die("You are not allowed to be here !!!");
@@ -29,6 +42,10 @@
 defined('LIBS_PATH')
         || define('LIBS_PATH', realpath(dirname(__FILE__)));
 
+//ENCRIPTED SESSION ID
+defined('ENCRIPTED_SESSION_ID')
+        || define('ENCRIPTED_SESSION_ID', $encripted_session_id);
+
 
 //!!!! CHANGE THIS !!!!!!
 // WEB BASE DIRECTORY