Hi there,
I have installed your product on our AIX box and it is working fine. Now I am testing it with authentication.
$ more .htaccess
AuthAIX On
AuthAIXAuthoritative On
AuthName "Login with your AIX ID and Password"
AuthType Basic
<Limit GET POST>
require group system staff slcgroup info
</Limit>
.htaccess: END
.htaccess in the ./cgibin/xupload/ directory.
When I attempt the upload for the first time, AIX prompts me to supply my login credentials. After the successful login, the progress bar says "Transfer Complete!" even though the upload still happens.
During my second attempt I can see the "Status bar" and the progress bar.
Could you please help me how I can fix the "Status Bar" issue during my first attempt.
Thanks in advance.
Regards.
XUpload - File upload with authentication
-
PilgrimX182
- Posts: 2186
- Joined: Mar 22, 2006 1:39 pm
Hmmm....I think the problem is when you first try to upload, it requires authorization for upload request, but progress bar already working and it see no temp files created and decide that upload was very fast and complete.
Try this: in upload_form.html find <iframe src="......" and change src to "URL-TO-YOUR-CGI-BIN/upload.cgi?mode=settings"
Try this: in upload_form.html find <iframe src="......" and change src to "URL-TO-YOUR-CGI-BIN/upload.cgi?mode=settings"
-
byrapaneni
- Posts: 3
- Joined: Jun 16, 2007 11:40 pm
Wow!!! You are the best.
This fix solved my problem.
I have tested your RPO vesrion and want to use this instead.
Could you please let me know what changes do I need for the folloaing:
I want to add one more text area for the userID.
Also want to validate the userID and password combo before the uplaod.
Thanks in advance.
Regards
This fix solved my problem.
I have tested your RPO vesrion and want to use this instead.
Could you please let me know what changes do I need for the folloaing:
I want to add one more text area for the userID.
Also want to validate the userID and password combo before the uplaod.
Thanks in advance.
Regards
-
PilgrimX182
- Posts: 2186
- Joined: Mar 22, 2006 1:39 pm
Just add extra text input to the form:
then in xupload.js find
and add below it:
this will require username to be entered. Password required if you have "upload_password" option not empty in your config.
Not sured if you need same password for every user or distinct passwords for each. How to validate them?
Code: Select all
<input type="text" name="username">Code: Select all
if(NF==0){alert('Select at least one file to upload');return false;};Code: Select all
if(f1.username && f1.username.value==''){alert("Username required");return false;}Not sured if you need same password for every user or distinct passwords for each. How to validate them?
-
byrapaneni
- Posts: 3
- Joined: Jun 16, 2007 11:40 pm
-
PilgrimX182
- Posts: 2186
- Joined: Mar 22, 2006 1:39 pm
No way to securely validate them with PHP before upload.
You can validate login/password in upload.cgi and if they are not correct, stop upload immediately. This requires extra development and extra paid hours , contact us(http://sibsoft.net/contact.html) if you need this, we will implement code in 1-2 days for reasonable price.
You can validate login/password in upload.cgi and if they are not correct, stop upload immediately. This requires extra development and extra paid hours , contact us(http://sibsoft.net/contact.html) if you need this, we will implement code in 1-2 days for reasonable price.
-
jonthegimp
- Posts: 5
- Joined: Sep 20, 2007 5:52 pm
I currently have username/password checking in upload.cgi; it connects to a mysql database & validates. It works fine; those logins that are valid are able to download, and the incorrect logins are notified, after a period of time, that their login was incorrect.
As you may know, if the uname/passwd combo is incorrect, the 'Transfer complete!' is still displayed, after what I am guessing is buffering of the file. After all this, the javascript alert box pops up declaring the wrong authorization credentials.
Would you be willing to share how to stop the upload immediately? I currently have the username/pass check in the following location, right above the environment checks:
Please let me know if I can provide any other information. Thanks for any help.
Jon
As you may know, if the uname/passwd combo is incorrect, the 'Transfer complete!' is still displayed, after what I am guessing is buffering of the file. After all this, the javascript alert box pops up declaring the wrong authorization credentials.
Would you be willing to share how to stop the upload immediately? I currently have the username/pass check in the following location, right above the environment checks:
Code: Select all
my $dbc = DBI->connect("dbi:mysql:proftpd_admin:);
my $verify = $dbc->prepare("SELECT passwd FROM usertable WHERE userid='$in{\"dir\"}'");
$verify->execute;
my @user = $verify->fetchrow_array;
if($in{"xpass"} ne md5_base64(@user[0]))
{
&lmsg("ERROR: $c->{msg}->{wrong_password}");
sleep 1;
&DelData($temp_dir);
&xmessage("ERROR: $c->{msg}->{wrong_password}");
}
elsif($ENV{'CONTENT_LENGTH'} > 1024*$c->{max_upload_size})
{
&lmsg("ERROR: $c->{msg}->{upload_size_big}$c->{max_upload_size} Kb");
sleep 1;
&DelData($temp_dir);
&xmessage("ERROR: $c->{msg}->{upload_size_big}$c->{max_upload_size} Kb");
}
Jon
-
PilgrimX182
- Posts: 2186
- Joined: Mar 22, 2006 1:39 pm
Wait a moment....where did u get %in hash? 
Using our regexp?
Do you get dir the same way or how?
Using our regexp?
Code: Select all
my ($upload_password) = ($ENV{QUERY_STRING}=~/\&xpass=(.+?)(&|$)/i);-
jonthegimp
- Posts: 5
- Joined: Sep 20, 2007 5:52 pm
Ah, the following code came from right above where I added the database connection:
That's where I picked up %in; it's been a while since I have had to do anything with this code, so I can't tell you where I came about the idea of using it. I just know that I would have been unable to write code close to this then!
In any case, would declaring it as ($upload_password), as well as creating an error message as I demonstrated previously, be all that is needed?
Code: Select all
my ($buffer,@pairs,$pair,$name,$value,%in,$dbc,$verify,@user,$endmessage);
if (length ($ENV{'QUERY_STRING'}) > 0){
$buffer = $ENV{'QUERY_STRING'};
@pairs = split(/&/, $buffer);
foreach $pair (@pairs){
($name, $value) = split(/=/, $pair);
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$in{$name} = $value;
}
}
In any case, would declaring it as ($upload_password), as well as creating an error message as I demonstrated previously, be all that is needed?
-
jonthegimp
- Posts: 5
- Joined: Sep 20, 2007 5:52 pm
-
PilgrimX182
- Posts: 2186
- Joined: Mar 22, 2006 1:39 pm
-
jonthegimp
- Posts: 5
- Joined: Sep 20, 2007 5:52 pm
I didn't see much there; when the page is loaded, the frame displays 'false' & stays that way until the Error message regarding the password is displayed. I was using the error console of firefox to display any errors in the cgi, but it doesn't state any for this issue, aside from a few 'xdisplay' errors in the style sheet.
-
PilgrimX182
- Posts: 2186
- Joined: Mar 22, 2006 1:39 pm
Ok. Then maybe progress bar script starts too late. In this code:
set sleep time to 5: "sleep 5;" - this will be enough to sync with progress bar and it will stop upload.
If this won't work provide me with your URL, and FTP details in PM, I will check this out quickly.
Code: Select all
&lmsg("ERROR: $c->{msg}->{wrong_password}");
sleep 1;If this won't work provide me with your URL, and FTP details in PM, I will check this out quickly.
-
jonthegimp
- Posts: 5
- Joined: Sep 20, 2007 5:52 pm
Facebook
Twitter