X-Git-Url: https://dev.renevier.net/gitweb.cgi?p=syp.git;a=blobdiff_plain;f=api.php;h=3c0abc31138bf5c035ea1ba85a585cefbb719a53;hp=af8af1a836a65baef44b819cae3953422d1bb88a;hb=5927a0dc28715b6e5ab297f1f5badd35df15a5b8;hpb=3c74920cb66b4e6c47c7e8a0eaeed40ffb7e8544

diff --git a/api.php b/api.php
index af8af1a..3c0abc3 100644
--- a/api.php
+++ b/api.php
@@ -3,16 +3,24 @@
    license. */
 
 function exit_document ($body) {
-    exit ("<html><head></head><body>$body</body></html>");
+    $charset_meta = '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">';
+    exit ("<html>$charset_meta<head></head><body>$body</body></html>");
 }
 
 function success ($reason) {
     exit_document ("<success request=\"$reason\"></success>");
 }
 
+function success_changepass ($username) {
+    $res = "<success request=\"changepass\"><user>" .
+            htmlspecialchars ($username) .
+            "</user></success>";
+    exit_document ($res);
+}
+
 function success_newuser ($username) {
     $res = "<success request=\"newuser\"><user>" .
-            htmlspecialchars ($user) .
+            htmlspecialchars ($username) .
             "</user></success>";
     exit_document ($res);
 }
@@ -83,6 +91,10 @@ function error_server () {
     error ("server");
 }
 
+function error_wrongpass () {
+    error ("wrongpass");
+}
+
 function error_unauthorized () {
     error ("unauthorized");
 }
@@ -108,11 +120,13 @@ function save_uploaded_file ($file, $con) {
                 (!move_uploaded_file ($file ["tmp_name"], $dest))) {
             error_server ();
         }
+        send_to_ftp ($dest);
         $mini_dest = getthumbsdir () . "/mini_" . basename_safe ($dest);
 
         if (!create_thumbnail_or_copy ($dest, $mini_dest)) {
             error_server ();
         }
+        send_to_ftp ($mini_dest);
     }
     return basename_safe ($dest);
 }
@@ -141,11 +155,13 @@ function delete_image_if_unused ($imgpath, $con) {
     $path = UPLOADDIR . "/" . $imgpath;
     if (file_exists ($path)) {
         unlink ($path);
+        delete_from_ftp ($path);
     }
 
     $thumb_path = getthumbsdir () . "/mini_" . $imgpath;
     if (file_exists ($thumb_path)) {
         unlink ($thumb_path);
+        delete_from_ftp ($thumb_path);
     }
 }
 
@@ -177,16 +193,26 @@ function unique_file ($dirname, $relpath, $con) {
    return null;
 }
 
+function setcookies ($user, $pwd) {
+    // cookie will be valid for 2 weeks. I've chosen that value
+    // arbitrarily, and it may change in the future.
+    $time = time () + 14 * 60 * 24 * 60;
+    if (version_compare (PHP_VERSION, '5.2.0', '>=')) {
+        setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false, true);
+        setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false, true);
+    } else {
+        setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false);
+        setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false);
+    }
+
+}
+
 function check_auth ($con, $user, $pwd, $auth_only) {
     $authentificated = false;
 
     if (isset ($pwd)) {
         if ($con->checkpwdmd5 ($user, md5 ($pwd))) {
-            // cookie will be valid for 2 weeks. I've chosen that value
-            // arbitrarily, and it may change in the future.
-            $time = time () + 14 * 60 * 24 * 60;
-            setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false, true);
-            setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false, true);
+            setcookies ($user, $pwd);
             $authentificated = true;
             if ($auth_only) {
                 success_auth ($user);
@@ -224,7 +250,7 @@ function main ($con) {
             if (!isset ($feature)) {
                 error_unreferenced ($id);
             }
-            if ($feature->user != $user) {
+            if (($feature->user != $user) && ($user != "admin")) {
                 error_unauthorized ();
             }
 
@@ -313,6 +339,20 @@ function main ($con) {
             } catch (Exception $e) {}
 
             success_delete_feature ($feature);
+        case "changepass":
+            $currpass = unquote ($_POST ["pass_current"]);
+            if (!$con->checkpwdmd5 ($user, md5 ($currpass))) {
+                error_wrongpass ();
+            }
+            $newpass = unquote ($_POST ["pass_new"]);
+            try {
+                $con->setpwd ($user, $newpass);
+            } catch (Exception $e) {
+                error_server ();
+            }
+            setcookies ($user, $newpass);
+            success_changepass ($user);
+        break;
         case "newuser":
             if ($user != "admin") {
                 error_unauthorized ();
@@ -321,15 +361,14 @@ function main ($con) {
             if (!$newuser_name) {
                 error_request ();
             }
+            if ($con->user_exists ($newuser_name)) {
+                error_newuser_exists ();
+            }
             $newuser_password = unquote ($_POST ["newuser_password"]);
             try {
-                $con->setpwd ($newuser_name, $newuser_password, false);
+                $con->setpwd ($newuser_name, $newuser_password);
             } catch (Exception $e) {
-                if ($e->getMessage () == anydbConnection::err_query) {
-                    error_newuser_exists ();
-                } else {
-                    error_server ();
-                }
+                error_server ();
             }
             success_newuser ($newuser_name);
         break;