pub / pastesrv

Paste service setup for paste.jayvii.de
git clone https://https://src.jayvii.de/pub/pastesrv.git
Home | Log | Files | Exports | Refs | README | RSS
commit 3ac620ab81bb1aeacbdc200db2d2e7ac4ddafbc0
parent 78e2c60e82be30d42b3c11cb61999a1e24acb4e7
Author: JayVii <jayvii[AT]posteo[DOT]de>
Date:   Tue,  6 Aug 2024 12:50:40 +0200

fix: use php's hashing method

Diffstat:

MREADME.md | 2+-


Mconfig/config.php | 2+-


Aconfig/create_hashed_pw.php | 6++++++


Mindex.php | 24+++++++++++++++++++++---


4 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
@@ -49,7 +49,7 @@ cp index.php /var/www/pastesrv/paste/index.php
 cp -r config /var/www/pastesrv/paste/config
 
 # Replace MY-SECURE-PASSWORD with the password you want to use in the config
-HASH=$(echo "MY-SECURE-PASSWORD" | sha256sum | awk '{print $1}')
+HASH=$(php ./config/create_hashed_pw.php "MY-SECURE-PASSWORD")
 sed -e "s/PW_PLACEHOLDER/$HASH/" -i /var/www/pastesrv/paste/config/config.php
 ```
 
diff --git a/config/config.php b/config/config.php
@@ -3,6 +3,6 @@
 /* Set password as SHA-256 string. In bash:
 echo "MY-SECURE-PASSWORD" | sha256sum | awk '{print $1}'
 */
-$auth="PW_PLACEHOLDER";
+$auth_hash="PW_PLACEHOLDER";
 
 ?>
diff --git a/config/create_hashed_pw.php b/config/create_hashed_pw.php
@@ -0,0 +1,6 @@
+#!/usr/bin/env php
+<?php
+
+echo hash("sha256", $argv[1]);
+
+?>
diff --git a/index.php b/index.php
@@ -63,10 +63,13 @@
     </section>
 
     <?php
+
       /* Load Configuration */
       include("config/config.php");
+
       /* If auth is successfull, show uploader or process file */
       if (hash("sha256", $_GET["auth"]) === $auth_hash) {
+
     ?>
 
     <!-- Uploader -->
@@ -75,11 +78,15 @@
       <p>
         You may also upload a file here directly
       </p>
-      <form action="index.php" target="_self" method="post">
-        <input id="file" name="file" type="file">
+      <form
+        action="<?php echo "/?auth=" . $_GET["auth"] . "#upload"; ?>"
+        target="_self"
+        method="post"
+        enctype="multipart/form-data"
+      >
+        <input id="file" name="file" type="file"><br>
         <input type="submit" value="Paste!">
       </form>
-    </section>
 
     <?php
 
@@ -92,6 +99,17 @@
         /* Move file to designated place */
         move_uploaded_file($_FILES["file"]["tmp_name"], "./" . $hash);
 
+    ?>
+
+    <p>
+      Your file is available at:<br>
+      <a href="<?php echo $hash; ?>" target="_blank">
+        <?php echo $_SERVER["SERVER_NAME"] . "/" . $hash; ?>
+      </a>
+    </p>
+
+    <?php
+
       } /* File exists */
 
       } /* Auth is correct */