Changeset 6716


Ignore:
Timestamp:
Jan 29, 2018, 1:10:45 PM (19 months ago)
Author:
kbut
Message:

Do secure upload file

Location:
lmd/trunk/fuentes/admin-center-ltsp.install
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • lmd/trunk/fuentes/admin-center-ltsp.install/adminroot/uploadiso.php

    r6714 r6716  
    11<?php
    22include('./n4d_lib.php');
     3include("./libphp/cryptojs-aes.php");
     4
    35class UploadManager{
    46        const ISOSPATH = "/opt/ltsp/isos/";
     
    1416                $this->ext = $this->file_info['extension'];
    1517                $this->FILES = $FILESTOUPLOAD;
    16                 $this->user = $POST['user'];
    17                 $this->password = $POST['password'];
     18                $this->user = $this->RSADecrypt($POST['user']);
     19                $this->password = $this->RSADecrypt($POST['password']);
    1820        }
    1921
     
    3436                try{
    3537                                $result = $cliente->execute('validate_user',[$this->user,$this->password]);
    36                                 $groups = array('adm','admin','teachers');
     38                                $groups = array('adm','admin');
    3739                                if(!($result[0] && count(array_intersect($result[1],$groups)) >= 1)){
    3840                                        return array("result"=>"False","msg"=>"");
     
    5052                return $result;
    5153        }
     54
     55        private function RSADecrypt($crypttext){
     56                $priv_key = openssl_pkey_get_private("file:///etc/admin-center/private_key.pem");
     57                openssl_private_decrypt(base64_decode($crypttext), $newsource, $priv_key );
     58                return $newsource;
     59          }
    5260}
    5361$uploadManager = new UploadManager($_FILES,$_POST);
  • lmd/trunk/fuentes/admin-center-ltsp.install/modul/lliurex-ltsp/src/js/imageManager.js

    r6714 r6716  
    13961396                        var upload_form = new FormData();
    13971397                        upload_form.append('isofile',iso_file.files[0]);
    1398                         upload_form.append('user',sessionStorage.username);
    1399                         upload_form.append('password',sessionStorage.password);
     1398                        Utils.crypt.setPublicKey(sessionStorage.serverKey);
     1399                        upload_form.append('user',Utils.crypt.encrypt(sessionStorage.username));
     1400                        upload_form.append('password',Utils.crypt.encrypt(sessionStorage.password));
    14001401                        var req = new XMLHttpRequest();
    14011402                        var timer;
Note: See TracChangeset for help on using the changeset viewer.