// form data (claimID and claimPasscode) will provide the // authorization. // // Also, once the pickup instance has been created, check for an AuthData // record that matches the posted form data and IP it's being posted from. // Unless they are an authenticated user, in which case don't check AuthData. // if ($theDropbox = new NSSDropbox($NSSDROPBOX_PREFS)) { $theDropbox->SetupPage(); $thePickup = new NSSDropoff($theDropbox); // If not an authenticated user, go and get their AuthData record from // the posted hash. Even if they are presetnt, check the name matches // their IP address. // If anything fails, use NSSError to post an error message saying they // have failed checks and should click again on the link they were sent. if ($theDropbox->humanDownloads() && !$theDropbox->authorizedUser() && $theDropbox->captcha() !== 'disabled') { // AYAH $theDropbox->recaptchaPrivateKey() !== 'disabled') { $authIP = ''; $authEmail = ''; $authOrganization = ''; $authExpiry = 0; $auth = $_POST['auth'] ? $_POST['auth'] : $_GET['auth']; $result = $theDropbox->ReadAuthData($auth, $authIP, $authEmail, $authOrganization, $authExpiry); if (!$result) { $theDropbox->SetupPage(); NSSError($smarty->getConfigVariable('ErrorDownloadAuth'), "Authentication Failure"); $smarty->display('no_download.tpl'); exit; } if ($authExpiry < time()) { $theDropbox->SetupPage();
Header('Location: ' . $NSSDROPBOX_URL . 'req.php?req=' . $reqKey); exit(0); } else { if (!$theDropbox->authorizedUser()) { NSSError($smarty->getConfigVariable('ErrorRequestUsed'), "Verify error"); } else { NSSError($smarty->getConfigVariable('ErrorRequestUsedLogin'), "Request Code error"); } } } // // If posted form data is around, creating a new dropoff instance // creates a new dropoff using said form data. // if (!$theDropbox->authorizedUser()) { $captcha = $theDropbox->captcha(); $resp = FALSE; if ($captcha === 'areyouahuman') { $resp = $ayah->scoreResult(); } elseif ($captcha === 'google' || $captcha === '') { // Google or not set at all, so using old version $reCaptchaPrivateKey = $theDropbox->recaptchaPrivateKey(); if ($reCaptchaPrivateKey === 'disabled') { $resp = TRUE; } else { $resp = recaptcha_check_answer($reCaptchaPrivateKey, $_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]); } } else { // Must be disabled $resp = TRUE; }
require "../config/preferences.php"; require_once "ayah.php"; require "recaptchalib.php"; require_once NSSDROPBOX_LIB_DIR . "Smartyconf.php"; require_once NSSDROPBOX_LIB_DIR . "NSSDropoff.php"; // // This is pretty straightforward; depending upon the form data coming // into this PHP session, creating a new dropoff object will either // display the claimID-and-claimPasscode "dialog" (no form data or // missing/invalid passcode); display the selected dropoff if the // claimID and claimPasscode are valid OR the recipient matches the // authenticate user -- it's all built-into the NSSDropoff class. // if ($theDropbox = new NSSDropbox($NSSDROPBOX_PREFS)) { // If they are an authorised user, just display the normal pickup page. if ($theDropbox->authorizedUser() || !$theDropbox->humanDownloads() || ($theDropbox->captcha() == 'google' || $theDropbox->captcha() == '') && $theDropbox->recaptchaPrivateKey() == 'disabled' || $theDropbox->captcha() == 'disabled') { $theDropbox->SetupPage(); // 2-line addition by Francois Conil to fix problems with no CAPTCHA // and anonymous users who don't have a link to click on. $auth = $theDropbox->WriteAuthData($_SERVER['REMOTE_ADDR'], '', ''); $smarty->assign('auth', $auth); if ($thePickup = new NSSDropoff($theDropbox)) { // // Start the page and add some Javascript for automatically // filling-in the download form and submitting it when the // user clicks on a file in the displayed dropoff. // $theDropbox->SetupPage($thePickup->HTMLOnLoadJavascript()); $output = $thePickup->HTMLWrite(); } $smarty->display($output ? $output : 'error.tpl');