added MASTER_DELETE_IP to allow individual IPs or netmasks to delete images closes #22

2025-11-17 13:38:01 +00:00 · 2017-03-01 18:15:48 +01:00
parent fa3518ca61
commit 9f045ed1ca
3 changed files with 55 additions and 1 deletions
--- a/inc/core.php
+++ b/inc/core.php
@@ -395,3 +395,18 @@ function serveFile($filename, $filename_output = false, $mime = 'application/oct
        flush();
    }
 }
+
+function cidr_match($ip, $range)
+{
+    list ($subnet, $bits) = explode('/', $range);
+    $ip = ip2long($ip);
+    $subnet = ip2long($subnet);
+    $mask = -1 << (32 - $bits);
+    $subnet &= $mask; # nb: in case the supplied subnet wasn't correctly aligned
+    return ($ip & $mask) == $subnet;
+}
+
+function isIP($ip)
+{
+    return filter_var($ip, FILTER_VALIDATE_IP);
+}
--- a/inc/example.config.inc.php
+++ b/inc/example.config.inc.php
@@ -20,6 +20,17 @@ define('JPEG_COMPRESSION', 90);
 // Will render one last time, if refreshed won't be on the server anymore
 define('MASTER_DELETE_CODE', false);

+//if set, the IP, hostname or every device in the IP range (CIDR naming) will be allowed to delete images
+//by supplying the parameter "delete"
+//use multiple ips/hostnames/ranges: semicolon seperated
+//examples:
+//======
+//ip: define('MASTER_DELETE_IP', '8.8.8.8');
+//hostname: define('MASTER_DELETE_IP', 'home.example.com');
+//ip range: define('MASTER_DELETE_IP', '192.168.0.0/24'); //all IPs from 192.168.0.0 to 192.168.0.255 can delete
+//multiple: define('MASTER_DELETE_IP', '192.168.0.0/24;my.home.net;4.4.2.2');
+define('MASTER_DELETE_IP', false);
+
 //If set, upload form will only be shown on that location
 //eg: define('UPLOAD_FORM_LOCATION', 'secret/upload'); then the upload form will only be visible
 //from http://your.domain/secret/upload
--- a/models/pictsharemodel.php
+++ b/models/pictsharemodel.php
@@ -102,6 +102,8 @@ class PictshareModel extends Model
 				$data['forcesize'] = true;
 			else if(strlen(MASTER_DELETE_CODE)>10 && $el=='delete_'.MASTER_DELETE_CODE)
 				$data['delete'] = true;
+			else if($el=='delete' && $this->mayDeleteImages()===true)
+				$data['delete'] = true;
 				
 		}

@@ -121,6 +123,32 @@ class PictshareModel extends Model
 		return $data;
 	}

+	function mayDeleteImages()
+	{
+		if(!defined('MASTER_DELETE_IP') || !MASTER_DELETE_IP) return false;
+		$ip = getUserIP();
+		$parts = explode(';',MASTER_DELETE_IP);
+		foreach($parts as $part)
+		{
+			if(strpos($part,'/')!==false) 		//it's a CIDR address
+			{
+				if(cidr_match($ip, $part))
+					return true;
+			}
+			else if(isIP($part)) 		  		//it's an IP address
+			{
+				if($part==$ip) return true;
+			}
+			else if(gethostbyname($part)==$ip)	//must be a hostname
+			{
+				return true;
+			}
+
+		}
+
+		return false;
+	}
+	
 	function deleteImage($hash)
    {
 		//delete hash from hashes.csv