Ignore:
Timestamp:
Jan 29, 2018, 12:25:07 PM (20 months ago)
Author:
kbut
Message:

Add security to upload file

File:
1 edited

Legend:

Unmodified
Added
Removed
  • lmd/trunk/fuentes/admin-center-ltsp.install/adminroot/uploadiso.php

    r6699 r6714  
    11<?php
     2include('./n4d_lib.php');
    23class UploadManager{
    34        const ISOSPATH = "/opt/ltsp/isos/";
     
    89        private $FILES;
    910       
    10         function __construct($FILESTOUPLOAD){
     11        function __construct($FILESTOUPLOAD,$POST){
    1112                $this->file_info = pathinfo($FILESTOUPLOAD[self::FORMISONAME]['name']);
    1213                $this->original_name = $this->file_info['filename'];
    1314                $this->ext = $this->file_info['extension'];
    1415                $this->FILES = $FILESTOUPLOAD;
     16                $this->user = $POST['user'];
     17                $this->password = $POST['password'];
    1518        }
    1619
     
    2730        }
    2831        public function save_file(){
     32
     33                $cliente = new N4D('localhost');
     34                try{
     35                                $result = $cliente->execute('validate_user',[$this->user,$this->password]);
     36                                $groups = array('adm','admin','teachers');
     37                                if(!($result[0] && count(array_intersect($result[1],$groups)) >= 1)){
     38                                        return array("result"=>"False","msg"=>"");
     39                                }
     40                }
     41                catch (Exception $e){
     42                        return array("result"=>"False","msg"=>$e);
     43                }
     44
    2945                $target = $this->get_valid_name();
    3046                $result = ["target"=>$target,"result"=>False];
     
    3551        }
    3652}
    37 $uploadManager = new UploadManager($_FILES);
     53$uploadManager = new UploadManager($_FILES,$_POST);
    3854$result = $uploadManager->save_file();
    3955
Note: See TracChangeset for help on using the changeset viewer.