Changeset 6716 for lmd/trunk/fuentes/admin-center-ltsp.install/adminroot/uploadiso.php

Timestamp:

Jan 29, 2018, 1:10:45 PM (3 years ago)

Author:

kbut

Message:

Do secure upload file

File:

• lmd/trunk/fuentes/admin-center-ltsp.install/adminroot/uploadiso.php (modified) (4 diffs)

lmd/trunk/fuentes/admin-center-ltsp.install/adminroot/uploadiso.php

@@ -1 +1 @@
 <?php
 include('./n4d_lib.php');
+include("./libphp/cryptojs-aes.php");
+
 class UploadManager{
         const ISOSPATH = "/opt/ltsp/isos/";
@@ -14 +16 @@
                 $this->ext = $this->file_info['extension'];
                 $this->FILES = $FILESTOUPLOAD;
-                $this->user = $POST['user'];
-                $this->password = $POST['password'];
+                $this->user = $this->RSADecrypt($POST['user']);
+                $this->password = $this->RSADecrypt($POST['password']);
         }
 
@@ -34 +36 @@
                 try{
                                 $result = $cliente->execute('validate_user',[$this->user,$this->password]);
-                                $groups = array('adm','admin','teachers');
+                                $groups = array('adm','admin');
                                 if(!($result[0] && count(array_intersect($result[1],$groups)) >= 1)){
                                         return array("result"=>"False","msg"=>"");
@@ -50 +52 @@
                 return $result;
         }
+
+        private function RSADecrypt($crypttext){
+                $priv_key = openssl_pkey_get_private("file:///etc/admin-center/private_key.pem");
+                openssl_private_decrypt(base64_decode($crypttext), $newsource, $priv_key );
+                return $newsource;
+          }
 }
 $uploadManager = new UploadManager($_FILES,$_POST);