6 年之前 · a49f9a1171
--- a/html/core.php
+++ b/html/core.php
@@ -176,7 +176,8 @@ function CHECK_USER(&$err){
 
				 		

			
 
				 			//	Save request username and API key.

			
 
				 			$r_user = $_REQUEST['u'];

			
 
				-			$r_key = $_REQUEST['k'];

			
 
				+			$r_key = urldecode($_REQUEST['k']);

			
 
				+			// $r_key = $_REQUEST['k'];

			
 
				 			

			
 
				 			//	Fetch user database and check the username and API key combination.

			
 
				 			$users = GET_JSON_DATA_FROM_FILE(USERS_JSON);

			
@@ -189,7 +190,12 @@ function CHECK_USER(&$err){
 
				 					

			
 
				 					if ($users[$r_user]['enabled']){

			
 
				 						

			
 
				-						if (ARE_STRINGS_EQUAL($r_key, $users[$r_user]['api_key'], FORCE_CASE_SENSITIVE_API_KEYS)){						

			
 
				+						$api_key = $users[$r_user]['api_key'];

			
 
				+						

			
 
				+						// echo "r=" . $r_key . "|a=" . $api_key;

			
 
				+						// exit(0);

			
 
				+						

			
 
				+						if (ARE_STRINGS_EQUAL(urlencode($r_key), urlencode($api_key), FORCE_CASE_SENSITIVE_API_KEYS)){

			
 
				 							//	ALL USER CHECKS PASS.

			
 
				 							return true;

			
 
				 						}

			
--- a/html/upload.php
+++ b/html/upload.php
@@ -19,7 +19,7 @@ require_once($_SERVER['DOCUMENT_ROOT'] . "/core.php");
 
				  * Parameter		Description

			
 
				  * -----------------------------------------------------------------

			
 
				  * u                Username, corresponding to the user's name in the "users.json" file. Value may not be empty. Case-sensitive.

			
 
				- * k                API Key, corresponding to the user's "key" value in the "users.json" file. Value may not be empty. Not case-sensitive by default but can be changed in "config.php".

			
 
				+ * k                API Key, corresponding to the user's "key" value in the "users.json" file. Value may not be empty. Not case-sensitive by default but can be changed in "config.php". Not recommended to use as clients seem to send them without proper format.

			
 
				  *

			
 
				  */

			
 
				 

			
--- a/html/users.json
+++ b/html/users.json
@@ -1,10 +1,18 @@
 
				 {

			
 
				+	"dbm": {

			
 
				+		"api_key": "axdhblc5aefblo89865ahgalok5",

			
 
				+		"enabled": false

			
 
				+	},

			
 
				+	"12865": {

			
 
				+		"api_key": "ax65ahgTaohl5ebo9k5",

			
 
				+		"enabled": true

			
 
				+	},

			
 
				 	"example": {

			
 
				 		"api_key": "1234567",

			
 
				-		"enabled": true

			
 
				+		"enabled": false

			
 
				 	},

			
 
				 	"dbg": {

			
 
				 		"api_key": "29081532524",

			
 
				-		"enabled": true

			
 
				+		"enabled": false

			
 
				 	}

			
 
				 }
			
--- a/html/web.config
+++ b/html/web.config
@@ -0,0 +1,12 @@
 
				+<?xml version="1.0" encoding="UTF-8"?>

			
 
				+<configuration>

			
 
				+    <system.webServer>

			
 
				+        <security>

			
 
				+            <requestFiltering>

			
 
				+                <denyUrlSequences>

			
 
				+                    <add sequence="/users.json" />

			
 
				+                </denyUrlSequences>

			
 
				+            </requestFiltering>

			
 
				+        </security>

			
 
				+    </system.webServer>

			
 
				+</configuration>