1.1b - folder viewing password protection

now using PHP sessions to whether or not a user has correctly entered the password for a protected folder
dudeofawesome · Sep 5, 2013 · d42db5a · d42db5a
1 parent 130f565
commit d42db5a
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 16 deletions.
diff --git a/indexer/indexer1239538.php b/indexer/indexer1239538.php
@@ -1,9 +1,12 @@
 <?php
-	//ini_set('display_errors',1); 
-	//error_reporting(E_ALL);
-?>
+	require($_SERVER['DOCUMENT_ROOT'] . "/indexer/config/settings.php"); 
 
-<?php require($_SERVER['DOCUMENT_ROOT'] . "/indexer/config/settings.php");?>
+	session_start();
+	if(!isset($_SESSION['authenticated'])){
+		$_SESSION['authenticated'] = false;
+		echo "nope nope nope";
+	}
+?>
 
 <!DOCTYPE html>
 <html>
@@ -22,6 +25,7 @@
 		<meta name="viewport" content="width=320,user-scalable=false" />
 	</head>
 	<body>
+		<?php if($_SESSION['authenticated']){echo "true true true";} ?>
 		<?php
 			$protectedFolders = "";
 			foreach(getProtectedFolders() as $folder){
@@ -33,7 +37,7 @@
 			var protectedFolders = "<?php echo $protectedFolders;?>".split(",");
 			var directory = window.location.href.split("#")[0].split("http://")[1].split("/")[1] + "/";
 			for(var i = 0; i < protectedFolders.length; i++){
-				if(protectedFolders[i] + "/" == "/" + directory){
+				if(protectedFolders[i] + "/" == "/" + directory && !<?php if(isset($_SESSION['authenticated']) && $_SESSION['authenticated']){ echo "true"; } else{ echo "false"; } ?>){
 					//request password
 					pass = prompt('Please input your password');
 				}

diff --git a/indexer/indexer65418662.php b/indexer/indexer65418662.php
@@ -1,11 +1,12 @@
-<?php
-	//ini_set('display_errors',1); 
-	//error_reporting(E_ALL);
-?>
-
-<?php require($_SERVER['DOCUMENT_ROOT'] . "/indexer/config/settings.php");?>
+<?php 
+	require($_SERVER['DOCUMENT_ROOT'] . "/indexer/config/settings.php");
 
-<?php
+	session_start();
+	if(!isset($_SESSION['authenticated'])){
+		$_SESSION['authenticated'] = false;
+		echo "nope nope nope";
+	}
+
 	$current_url = explode("#", $_POST['url'])[0];
 
 	if($current_url!="/"){
@@ -18,12 +19,16 @@
 				$needPassword = true;
 			}
 		}
-		$permissionToView = true;
-		if($needPassword){
-			if($_POST['pass'] != getServerPassword()){
-				$permissionToView = false;
+		$permissionToView = false;
+		if($needPassword && isset($_SESSION['authenticated']) && !$_SESSION['authenticated']){
+			if($_POST['pass'] == getServerPassword()){
+				$_SESSION['authenticated'] = true;
+				$permissionToView = true;
 			}
 		}
+		else if($_SESSION['authenticated']){
+			$permissionToView = true;
+		}
 
 		if($permissionToView){
 			if($directory == explode("/",getUploadDirectory())[1] . "/"){