external-repos/pictshare
1
0
Fork 0
mirror of https://github.com/HaschekSolutions/pictshare.git synced 2025-11-17 21:48:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

added MASTER_DELETE_IP to allow individual IPs or netmasks to delete images closes #22

Browse Source
This commit is contained in:
Christian Haschek
2017-03-01 18:15:48 +01:00
parent fa3518ca61
commit 9f045ed1ca
3 changed files with 55 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
inc/core.php
View File

@@ -394,4 +394,19 @@ function serveFile($filename, $filename_output = false, $mime = 'application/oct
echo $buffer; echo $buffer;
flush(); flush();
} }
}
function cidr_match($ip, $range)
{
list ($subnet, $bits) = explode('/', $range);
$ip = ip2long($ip);
$subnet = ip2long($subnet);
$mask = -1 << (32 - $bits);
$subnet &= $mask; # nb: in case the supplied subnet wasn't correctly aligned
return ($ip & $mask) == $subnet;
}
function isIP($ip)
{
return filter_var($ip, FILTER_VALIDATE_IP);
} }

11
inc/example.config.inc.php
View File

@@ -20,6 +20,17 @@ define('JPEG_COMPRESSION', 90);
// Will render one last time, if refreshed won't be on the server anymore // Will render one last time, if refreshed won't be on the server anymore
define('MASTER_DELETE_CODE', false); define('MASTER_DELETE_CODE', false);
//if set, the IP, hostname or every device in the IP range (CIDR naming) will be allowed to delete images
//by supplying the parameter "delete"
//use multiple ips/hostnames/ranges: semicolon seperated
//examples:
//======
//ip: define('MASTER_DELETE_IP', '8.8.8.8');
//hostname: define('MASTER_DELETE_IP', 'home.example.com');
//ip range: define('MASTER_DELETE_IP', '192.168.0.0/24'); //all IPs from 192.168.0.0 to 192.168.0.255 can delete
//multiple: define('MASTER_DELETE_IP', '192.168.0.0/24;my.home.net;4.4.2.2');
define('MASTER_DELETE_IP', false);
//If set, upload form will only be shown on that location //If set, upload form will only be shown on that location
//eg: define('UPLOAD_FORM_LOCATION', 'secret/upload'); then the upload form will only be visible //eg: define('UPLOAD_FORM_LOCATION', 'secret/upload'); then the upload form will only be visible
//from http://your.domain/secret/upload //from http://your.domain/secret/upload

30
models/pictsharemodel.php
View File

@@ -102,9 +102,11 @@ class PictshareModel extends Model
$data['forcesize'] = true; $data['forcesize'] = true;
else if(strlen(MASTER_DELETE_CODE)>10 && $el=='delete_'.MASTER_DELETE_CODE) else if(strlen(MASTER_DELETE_CODE)>10 && $el=='delete_'.MASTER_DELETE_CODE)
$data['delete'] = true; $data['delete'] = true;
else if($el=='delete' && $this->mayDeleteImages()===true)
$data['delete'] = true;
} }
if($data['delete'] && $data['hash']) if($data['delete'] && $data['hash'])
{ {
$this->deleteImage($data['hash']); $this->deleteImage($data['hash']);
@@ -120,6 +122,32 @@ class PictshareModel extends Model
return $data; return $data;
} }
function mayDeleteImages()
{
if(!defined('MASTER_DELETE_IP') || !MASTER_DELETE_IP) return false;
$ip = getUserIP();
$parts = explode(';',MASTER_DELETE_IP);
foreach($parts as $part)
{
if(strpos($part,'/')!==false) //it's a CIDR address
{
if(cidr_match($ip, $part))
return true;
}
else if(isIP($part)) //it's an IP address
{
if($part==$ip) return true;
}
else if(gethostbyname($part)==$ip) //must be a hostname
{
return true;
}
}
return false;
}
function deleteImage($hash) function deleteImage($hash)
{ {