X-Git-Url: https://dev.renevier.net/gitweb.cgi?p=syp.git;a=blobdiff_plain;f=api.php;h=3c0abc31138bf5c035ea1ba85a585cefbb719a53;hp=af8af1a836a65baef44b819cae3953422d1bb88a;hb=5927a0dc28715b6e5ab297f1f5badd35df15a5b8;hpb=3c74920cb66b4e6c47c7e8a0eaeed40ffb7e8544
diff --git a/api.php b/api.php
index af8af1a..3c0abc3 100644
--- a/api.php
+++ b/api.php
@@ -3,16 +3,24 @@
license. */
function exit_document ($body) {
- exit ("
$body");
+ $charset_meta = '';
+ exit ("$charset_meta$body");
}
function success ($reason) {
exit_document ("");
}
+function success_changepass ($username) {
+ $res = "" .
+ htmlspecialchars ($username) .
+ "";
+ exit_document ($res);
+}
+
function success_newuser ($username) {
$res = "" .
- htmlspecialchars ($user) .
+ htmlspecialchars ($username) .
"";
exit_document ($res);
}
@@ -83,6 +91,10 @@ function error_server () {
error ("server");
}
+function error_wrongpass () {
+ error ("wrongpass");
+}
+
function error_unauthorized () {
error ("unauthorized");
}
@@ -108,11 +120,13 @@ function save_uploaded_file ($file, $con) {
(!move_uploaded_file ($file ["tmp_name"], $dest))) {
error_server ();
}
+ send_to_ftp ($dest);
$mini_dest = getthumbsdir () . "/mini_" . basename_safe ($dest);
if (!create_thumbnail_or_copy ($dest, $mini_dest)) {
error_server ();
}
+ send_to_ftp ($mini_dest);
}
return basename_safe ($dest);
}
@@ -141,11 +155,13 @@ function delete_image_if_unused ($imgpath, $con) {
$path = UPLOADDIR . "/" . $imgpath;
if (file_exists ($path)) {
unlink ($path);
+ delete_from_ftp ($path);
}
$thumb_path = getthumbsdir () . "/mini_" . $imgpath;
if (file_exists ($thumb_path)) {
unlink ($thumb_path);
+ delete_from_ftp ($thumb_path);
}
}
@@ -177,16 +193,26 @@ function unique_file ($dirname, $relpath, $con) {
return null;
}
+function setcookies ($user, $pwd) {
+ // cookie will be valid for 2 weeks. I've chosen that value
+ // arbitrarily, and it may change in the future.
+ $time = time () + 14 * 60 * 24 * 60;
+ if (version_compare (PHP_VERSION, '5.2.0', '>=')) {
+ setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false, true);
+ setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false, true);
+ } else {
+ setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false);
+ setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false);
+ }
+
+}
+
function check_auth ($con, $user, $pwd, $auth_only) {
$authentificated = false;
if (isset ($pwd)) {
if ($con->checkpwdmd5 ($user, md5 ($pwd))) {
- // cookie will be valid for 2 weeks. I've chosen that value
- // arbitrarily, and it may change in the future.
- $time = time () + 14 * 60 * 24 * 60;
- setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false, true);
- setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false, true);
+ setcookies ($user, $pwd);
$authentificated = true;
if ($auth_only) {
success_auth ($user);
@@ -224,7 +250,7 @@ function main ($con) {
if (!isset ($feature)) {
error_unreferenced ($id);
}
- if ($feature->user != $user) {
+ if (($feature->user != $user) && ($user != "admin")) {
error_unauthorized ();
}
@@ -313,6 +339,20 @@ function main ($con) {
} catch (Exception $e) {}
success_delete_feature ($feature);
+ case "changepass":
+ $currpass = unquote ($_POST ["pass_current"]);
+ if (!$con->checkpwdmd5 ($user, md5 ($currpass))) {
+ error_wrongpass ();
+ }
+ $newpass = unquote ($_POST ["pass_new"]);
+ try {
+ $con->setpwd ($user, $newpass);
+ } catch (Exception $e) {
+ error_server ();
+ }
+ setcookies ($user, $newpass);
+ success_changepass ($user);
+ break;
case "newuser":
if ($user != "admin") {
error_unauthorized ();
@@ -321,15 +361,14 @@ function main ($con) {
if (!$newuser_name) {
error_request ();
}
+ if ($con->user_exists ($newuser_name)) {
+ error_newuser_exists ();
+ }
$newuser_password = unquote ($_POST ["newuser_password"]);
try {
- $con->setpwd ($newuser_name, $newuser_password, false);
+ $con->setpwd ($newuser_name, $newuser_password);
} catch (Exception $e) {
- if ($e->getMessage () == anydbConnection::err_query) {
- error_newuser_exists ();
- } else {
- error_server ();
- }
+ error_server ();
}
success_newuser ($newuser_name);
break;