Different approach to authentication #29

Open
wants to merge 6 commits into
from
View
@@ -4,7 +4,9 @@
# Install by putting this file on your web server and give the web server
# user write permissions to the directory in which you put this script.
#
+$SECRET = ""; # Set to "" if you don't want authentication
$MAXLENGTH = 4096000; # 4 MB
+$HTTP_LINK = true; # Set to true if you want all image links to point to the unsecure version
function rsperr($msg='', $st='400 Bad Request') {
header('HTTP/1.1 '.$st);
exit($msg);
@@ -19,9 +21,14 @@ function pathfromid($id, $suffix='') {
$suffix = strrchr($_GET['name'], '.');
$path = pathfromid($id, $suffix);
$abspath = dirname(realpath(__FILE__)).'/'.$path;
-$url = (isset($_SERVER['HTTPS']) ? 'https://' : 'http://')
+$url = (isset($_SERVER['HTTPS'] && $HTTP_LINK != true) ? 'https://' : 'http://')
. $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . '/' . $path;
+// Check if the secret is correct
+if(!empty($SECRET) && $_SERVER['HTTP_X_SCRUP_AUTH'] != base64_encode($SECRET)) {
+ rsperr("Bad authentication credentials!", "401 Unauthorized");
+}
+
# make dir if needed
$dirpath = dirname($abspath);
if (!file_exists($dirpath) && @mkdir($dirpath, 0775) === false)
Oops, something went wrong.