Ignore:
Timestamp:
Jan 29, 2018, 1:10:45 PM (3 years ago)
Author:
kbut
Message:

Do secure upload file

File:
1 edited

Legend:

Unmodified
Added
Removed
  • lmd/trunk/fuentes/admin-center-ltsp.install/adminroot/uploadiso.php

    r6714 r6716  
    11<?php
    22include('./n4d_lib.php');
     3include("./libphp/cryptojs-aes.php");
     4
    35class UploadManager{
    46        const ISOSPATH = "/opt/ltsp/isos/";
     
    1416                $this->ext = $this->file_info['extension'];
    1517                $this->FILES = $FILESTOUPLOAD;
    16                 $this->user = $POST['user'];
    17                 $this->password = $POST['password'];
     18                $this->user = $this->RSADecrypt($POST['user']);
     19                $this->password = $this->RSADecrypt($POST['password']);
    1820        }
    1921
     
    3436                try{
    3537                                $result = $cliente->execute('validate_user',[$this->user,$this->password]);
    36                                 $groups = array('adm','admin','teachers');
     38                                $groups = array('adm','admin');
    3739                                if(!($result[0] && count(array_intersect($result[1],$groups)) >= 1)){
    3840                                        return array("result"=>"False","msg"=>"");
     
    5052                return $result;
    5153        }
     54
     55        private function RSADecrypt($crypttext){
     56                $priv_key = openssl_pkey_get_private("file:///etc/admin-center/private_key.pem");
     57                openssl_private_decrypt(base64_decode($crypttext), $newsource, $priv_key );
     58                return $newsource;
     59          }
    5260}
    5361$uploadManager = new UploadManager($_FILES,$_POST);
Note: See TracChangeset for help on using the changeset viewer.