From a0287e2c1352a0a0fd1eb77c1cde595b3a482300 Mon Sep 17 00:00:00 2001 From: Luke Manson Date: Wed, 6 Apr 2022 21:34:30 +0100 Subject: [PATCH 1/4] Drop out of authenticated() function when cannot find htpasswd file. --- backend-php/include/inc.php | 24 ++++++++++++------------ backend-php/include/lang/en/texts.php | 1 + 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/backend-php/include/inc.php b/backend-php/include/inc.php index 64b6d16..6b2126f 100644 --- a/backend-php/include/inc.php +++ b/backend-php/include/inc.php @@ -807,18 +807,18 @@ function authenticated() { global $LANG; if (!isset($_POST["usr"])) die($LANG["username_required"]); requirePOST("pwd", "usr"); - if (file_exists(getConfig("htpasswd_path"))) { - $file = fopen(getConfig("htpasswd_path"), "r"); - $authed = false; - while (($line = fgets($file)) !== false && !$authed) { - $creds = explode(":", trim($line)); - if ($creds[0] == $_POST["usr"]) { - $authed = password_verify($_POST["pwd"], $creds[1]); - } - } - fclose($file); - return $authed; - } + // Jump out if we cannot find the htpasswd file. + if (!file_exists(getConfig("htpasswd_path"))) die($LANG["cannot_find_htpasswd_file"]); + $file = fopen(getConfig("htpasswd_path"), "r"); + $authed = false; + while (($line = fgets($file)) !== false && !$authed) { + $creds = explode(":", trim($line)); + if ($creds[0] == $_POST["usr"]) { + $authed = password_verify($_POST["pwd"], $creds[1]); + } + } + fclose($file); + return $authed; case LDAP: // LDAP-based authentication. diff --git a/backend-php/include/lang/en/texts.php b/backend-php/include/lang/en/texts.php index 817116a..7bb4b53 100644 --- a/backend-php/include/lang/en/texts.php +++ b/backend-php/include/lang/en/texts.php @@ -24,3 +24,4 @@ $LANG['ldap_search_failed'] = 'Failed to look up user on the LDAP server!'; $LANG['ldap_user_unauthorized'] = 'User not found, not authorized, or incorrect password!'; $LANG['ldap_search_ambiguous'] = 'Matched multiple users - the LDAP filter is too broad!'; +$LANG['cannot_find_password_file'] = 'Cannot find password file!'; From ec223ba4e6e1ac59e9a4a6662dba3fd9e463776b Mon Sep 17 00:00:00 2001 From: Luke Manson Date: Wed, 6 Apr 2022 21:44:19 +0100 Subject: [PATCH 2/4] Adds translations for password file missing error --- backend-php/include/lang/ca/texts.php | 1 + backend-php/include/lang/de/texts.php | 1 + backend-php/include/lang/eu/texts.php | 1 + backend-php/include/lang/fr/texts.php | 1 + backend-php/include/lang/it/texts.php | 1 + backend-php/include/lang/nl/texts.php | 1 + backend-php/include/lang/nn/texts.php | 1 + backend-php/include/lang/pl/texts.php | 1 + backend-php/include/lang/ro/texts.php | 1 + backend-php/include/lang/ru/texts.php | 1 + backend-php/include/lang/tr/texts.php | 1 + backend-php/include/lang/uk/texts.php | 1 + 12 files changed, 12 insertions(+) diff --git a/backend-php/include/lang/ca/texts.php b/backend-php/include/lang/ca/texts.php index af669bb..df8ecfb 100644 --- a/backend-php/include/lang/ca/texts.php +++ b/backend-php/include/lang/ca/texts.php @@ -18,3 +18,4 @@ $LANG['no_redis_ext'] = 'No hi ha habilitada cap extensió redis compatible (redis) a la vostra configuració PHP!'; $LANG['no_memcached_ext'] = 'No hi ha habilitada cap extensió confidencial (memcache o memcached) a la configuració de PHP!'; $LANG['config_missing'] = 'No es pot trobar config.php!'; +$LANG['cannot_find_password_file'] = 'No es troba el fitxer de contrasenya!'; diff --git a/backend-php/include/lang/de/texts.php b/backend-php/include/lang/de/texts.php index fe1b3be..1b950cc 100644 --- a/backend-php/include/lang/de/texts.php +++ b/backend-php/include/lang/de/texts.php @@ -24,3 +24,4 @@ $LANG['ldap_connection_failed'] = 'Fehler beim Verbinden zum LDAP Server!'; $LANG['ldap_config_error'] = 'LDAP-Verbindungsparameter konnten nicht eingestellt werden!'; $LANG['ldap_extension_missing'] = 'Die LDAP Erweiterung ist in der PHP config nicht aktiviert!'; +$LANG['cannot_find_password_file'] = 'Kennwortdatei kann nicht gefunden werden!'; diff --git a/backend-php/include/lang/eu/texts.php b/backend-php/include/lang/eu/texts.php index 1891f6f..e450f7d 100644 --- a/backend-php/include/lang/eu/texts.php +++ b/backend-php/include/lang/eu/texts.php @@ -15,3 +15,4 @@ $LANG['group_pin_invalid'] = 'Baliogabeko talde PIN-a!'; $LANG['session_invalid'] = 'Saio baliogabea!'; $LANG['location_invalid'] = 'Kokaleku baliogabea!'; +$LANG['cannot_find_password_file'] = 'Ezin da pasahitz fitxategia aurkitu!'; diff --git a/backend-php/include/lang/fr/texts.php b/backend-php/include/lang/fr/texts.php index c4bf08d..30df662 100644 --- a/backend-php/include/lang/fr/texts.php +++ b/backend-php/include/lang/fr/texts.php @@ -24,3 +24,4 @@ $LANG['e2e_adoption_not_allowed'] = 'Ce partage est protégé par un mot de passe et ne peut pas être adopté !'; $LANG['group_e2e_unsupported'] = 'Les partages de groupe ne peuvent pas être protégés par un mot de passe !'; $LANG['username_required'] = 'Nom d\'utilisateur requis !'; +$LANG['cannot_find_password_file'] = 'Impossible de trouver le fichier de mot de passe !'; diff --git a/backend-php/include/lang/it/texts.php b/backend-php/include/lang/it/texts.php index 52c4cfb..25e8fc5 100644 --- a/backend-php/include/lang/it/texts.php +++ b/backend-php/include/lang/it/texts.php @@ -24,3 +24,4 @@ $LANG['no_redis_ext'] = 'Nessuna estensione compatibile con redi (redi) è attiva nella tua configurazione PHP!'; $LANG['no_memcached_ext'] = 'Nessuna estensione compatibile con memcached (memecache o memecached) è attiva nella tua configurazione PHP!'; $LANG['config_missing'] = 'Impossibile trovare config.php!'; +$LANG['cannot_find_password_file'] = 'Impossibile trovare il file della password!'; diff --git a/backend-php/include/lang/nl/texts.php b/backend-php/include/lang/nl/texts.php index c9add8d..03c417e 100644 --- a/backend-php/include/lang/nl/texts.php +++ b/backend-php/include/lang/nl/texts.php @@ -24,3 +24,4 @@ $LANG['ldap_connection_failed'] = 'Kan geen verbinding maken met de LDAP server!'; $LANG['ldap_config_error'] = 'Niet gelukt om LDAP connectieparameters in te stellen!'; $LANG['ldap_extension_missing'] = 'De LDAP extensie is niet actief in uw PHP configuratie!'; +$LANG['cannot_find_password_file'] = 'Kan geen wachtwoordbestand vinden!'; diff --git a/backend-php/include/lang/nn/texts.php b/backend-php/include/lang/nn/texts.php index ee1c56a..9108cb9 100644 --- a/backend-php/include/lang/nn/texts.php +++ b/backend-php/include/lang/nn/texts.php @@ -24,3 +24,4 @@ $LANG['ldap_connection_failed'] = 'Kunne ikkje kopla til LDAP-serveren!'; $LANG['ldap_config_error'] = 'Kunne ikkje setja LDAP-tilkoplingsparametrar!'; $LANG['ldap_extension_missing'] = 'ldap-utvidinga er ikkje aktivert i PHP-konfigurasjonen din!'; +$LANG['cannot_find_password_file'] = 'Kan ikke finne passordfil!'; \ No newline at end of file diff --git a/backend-php/include/lang/pl/texts.php b/backend-php/include/lang/pl/texts.php index eb658b9..c4ecb45 100644 --- a/backend-php/include/lang/pl/texts.php +++ b/backend-php/include/lang/pl/texts.php @@ -24,3 +24,4 @@ $LANG['session_expired'] = 'Sesja wygasła!'; $LANG['invalid_storage'] = 'Ustawiłeś niepoprawny storage_backend w Hauk!'; $LANG['config_missing'] = 'Nie można odnaleźć pliku config.php!'; +$LANG['cannot_find_password_file'] = 'Nie można znaleźć pliku hasła!'; diff --git a/backend-php/include/lang/ro/texts.php b/backend-php/include/lang/ro/texts.php index 954017b..6af105a 100644 --- a/backend-php/include/lang/ro/texts.php +++ b/backend-php/include/lang/ro/texts.php @@ -24,3 +24,4 @@ $LANG['ldap_connection_failed'] = 'Nu s-a putut face conexiunea cu serverul LDAP!'; $LANG['ldap_config_error'] = 'Nu s-au putut seta parametrii conexiunii LDAP!'; $LANG['ldap_extension_missing'] = 'Extensia ldap nu este activată în configurația PHP!'; +$LANG['cannot_find_password_file'] = 'Nu pot găsi fișierul de parolă!'; diff --git a/backend-php/include/lang/ru/texts.php b/backend-php/include/lang/ru/texts.php index 8846c7b..e7d9e22 100644 --- a/backend-php/include/lang/ru/texts.php +++ b/backend-php/include/lang/ru/texts.php @@ -15,3 +15,4 @@ $LANG['no_redis_ext'] = 'Нет включенных совместимых расширений redis в вашей конфигурации PHP!'; $LANG['no_memcached_ext'] = 'Нет включенных совместимых расширений в вашей конфигурации PHP (memcache or memcached)!'; $LANG['config_missing'] = 'Не могу найти config.php!'; +$LANG['cannot_find_password_file'] = 'Не удается найти файл пароля'; diff --git a/backend-php/include/lang/tr/texts.php b/backend-php/include/lang/tr/texts.php index 87d8852..fa486b5 100644 --- a/backend-php/include/lang/tr/texts.php +++ b/backend-php/include/lang/tr/texts.php @@ -24,3 +24,4 @@ $LANG['incorrect_password'] = 'Hatalı parola!'; $LANG['session_expired'] = 'Oturum süresi doldu!'; $LANG['config_missing'] = 'config.php bulunamıyor!'; +$LANG['cannot_find_password_file'] = 'Şifre dosyasını bulamıyor'; diff --git a/backend-php/include/lang/uk/texts.php b/backend-php/include/lang/uk/texts.php index fe70916..e645afb 100644 --- a/backend-php/include/lang/uk/texts.php +++ b/backend-php/include/lang/uk/texts.php @@ -15,3 +15,4 @@ $LANG['session_invalid'] = 'Недійсний сеанс!'; $LANG['location_invalid'] = 'Недійсне місцезнаходження!'; $LANG['config_missing'] = 'Не можу знайти config.php!'; +$LANG['cannot_find_password_file'] = 'Не вдається знайти файл пароля'; From 56e216375cb194a4db9e319825ffc4f639bf0423 Mon Sep 17 00:00:00 2001 From: Luke Manson Date: Wed, 6 Apr 2022 21:56:09 +0100 Subject: [PATCH 3/4] Fixed translation key --- backend-php/include/inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend-php/include/inc.php b/backend-php/include/inc.php index 6b2126f..80f906d 100644 --- a/backend-php/include/inc.php +++ b/backend-php/include/inc.php @@ -808,7 +808,7 @@ function authenticated() { if (!isset($_POST["usr"])) die($LANG["username_required"]); requirePOST("pwd", "usr"); // Jump out if we cannot find the htpasswd file. - if (!file_exists(getConfig("htpasswd_path"))) die($LANG["cannot_find_htpasswd_file"]); + if (!file_exists(getConfig("htpasswd_path"))) die($LANG["cannot_find_password_file"]); $file = fopen(getConfig("htpasswd_path"), "r"); $authed = false; while (($line = fgets($file)) !== false && !$authed) { From 7dea87aef9c2593da46f7d4fd3276e794d5f58d9 Mon Sep 17 00:00:00 2001 From: Marius Lindvall Date: Fri, 24 May 2024 22:28:22 +0200 Subject: [PATCH 4/4] Fix indentation --- backend-php/include/inc.php | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/backend-php/include/inc.php b/backend-php/include/inc.php index 80f906d..de4edf2 100644 --- a/backend-php/include/inc.php +++ b/backend-php/include/inc.php @@ -807,18 +807,18 @@ function authenticated() { global $LANG; if (!isset($_POST["usr"])) die($LANG["username_required"]); requirePOST("pwd", "usr"); - // Jump out if we cannot find the htpasswd file. - if (!file_exists(getConfig("htpasswd_path"))) die($LANG["cannot_find_password_file"]); - $file = fopen(getConfig("htpasswd_path"), "r"); - $authed = false; - while (($line = fgets($file)) !== false && !$authed) { - $creds = explode(":", trim($line)); - if ($creds[0] == $_POST["usr"]) { - $authed = password_verify($_POST["pwd"], $creds[1]); - } - } - fclose($file); - return $authed; + // Jump out if we cannot find the htpasswd file. + if (!file_exists(getConfig("htpasswd_path"))) die($LANG["cannot_find_password_file"]); + $file = fopen(getConfig("htpasswd_path"), "r"); + $authed = false; + while (($line = fgets($file)) !== false && !$authed) { + $creds = explode(":", trim($line)); + if ($creds[0] == $_POST["usr"]) { + $authed = password_verify($_POST["pwd"], $creds[1]); + } + } + fclose($file); + return $authed; case LDAP: // LDAP-based authentication.