You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
90 lines
2.8 KiB
90 lines
2.8 KiB
<?php
|
|
$realm = 'Restricted area';
|
|
|
|
//user => password
|
|
$users = array('admin1' => 'discord', 'admin2' => 'access4icarus');
|
|
|
|
|
|
if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
|
|
header('HTTP/1.1 401 Unauthorized');
|
|
header('WWW-Authenticate: Digest realm="'.$realm.
|
|
'",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
|
|
|
|
die('401 Unauthorized: Operation Cancelled!');
|
|
}
|
|
|
|
|
|
// analyze the PHP_AUTH_DIGEST variable
|
|
if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) ||
|
|
!isset($users[$data['username']]))
|
|
die('401 Unauthorized: Invalid Credentials!');
|
|
|
|
|
|
// generate the valid response
|
|
$A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]);
|
|
$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
|
|
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
|
|
|
|
if ($data['response'] != $valid_response)
|
|
die('401 Unauthorized: Invalid Credentials!');
|
|
|
|
// ok, valid username & password
|
|
echo 'Authenticated as: ' . $data['username'];
|
|
|
|
|
|
// function to parse the http auth header
|
|
function http_digest_parse($txt)
|
|
{
|
|
// protect against missing data
|
|
$needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
|
|
$data = array();
|
|
$keys = implode('|', array_keys($needed_parts));
|
|
|
|
preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);
|
|
|
|
foreach ($matches as $m) {
|
|
$data[$m[1]] = $m[3] ? $m[3] : $m[4];
|
|
unset($needed_parts[$m[1]]);
|
|
}
|
|
|
|
return $needed_parts ? false : $data;
|
|
}
|
|
?>
|
|
|
|
<html><head><title>Uploaded Files Listing</title></head></html>
|
|
|
|
<?php
|
|
|
|
if (!empty($_FILES["file"]))
|
|
{
|
|
if ($_FILES["file"]["error"] > 0)
|
|
{echo "Error: " . $_FILES["file"]["error"] . "<br>";}
|
|
else
|
|
{echo "Stored file:".$_FILES["file"]["name"]."<br/>Size:".($_FILES["file"]["size"]/1024)." kB<br/>";
|
|
move_uploaded_file($_FILES["file"]["tmp_name"],$_FILES["file"]["name"]);
|
|
}
|
|
}
|
|
|
|
// open this directory
|
|
$myDirectory = opendir(".");
|
|
// get each entry
|
|
while($entryName = readdir($myDirectory)) {$dirArray[] = $entryName;} closedir($myDirectory);
|
|
$indexCount = count($dirArray);
|
|
echo "<br/>$indexCount files<br/>";
|
|
sort($dirArray);
|
|
|
|
echo "<TABLE border=1 cellpadding=5 cellspacing=0 class=whitelinks><TR><TH>Filename</TH><th>Filetype</th><th>Filesize</th></TR>\n";
|
|
|
|
for($index=0; $index < $indexCount; $index++)
|
|
{
|
|
if (substr("$dirArray[$index]", 0, 1) != ".")
|
|
{
|
|
echo "<TR>
|
|
<td><a href=\"$dirArray[$index]\">$dirArray[$index]</a></td>
|
|
<td>".filetype($dirArray[$index])."</td>
|
|
<td>".filesize($dirArray[$index])."</td>
|
|
</TR>";
|
|
}
|
|
}
|
|
echo "</TABLE>";
|
|
?>
|