From 53dd69bb06236657e3bc22c086ad42b48ed2599e Mon Sep 17 00:00:00 2001
From: havet <per.tunedal@operamail.com>
Date: Sun, 24 Jan 2016 19:09:12 +0100
Subject: [PATCH 1/5] New option: hashed passwords

Added an option to store the passwords in hashed form.
---
 index.php | 34 ++++++++++++++++++++++++++++------
 1 file changed, 28 insertions(+), 6 deletions(-)

diff --git a/index.php b/index.php
index aba322a..6d8245e 100644
--- a/index.php
+++ b/index.php
@@ -147,19 +147,32 @@
 // They will still be able to access the files with a direct link.
 // Default: $_CONFIG['require_login'] = false;
 //
-$_CONFIG['require_login'] = false;
+$_CONFIG['require_login'] = true;
+
+// Bad practice to store passwords in plain text
+// Store as sha256-hashes.
+// $_CONFIG['hash_psw'] = true;
+
+//$_CONFIG['hash_psw'] = false;
+$_CONFIG['hash_psw'] = true;
 
 //
 // Usernames and passwords for restricting access to the page.
 // The format is: array(username, password, status)
+
+// Bad practice to store passwords in plain text
+// Store as sha256-hashes.
+
 // Status can be either "user" or "admin". User can read the page, admin can upload and delete.
 // For example: $_CONFIG['users'] = array(array("username1", "password1", "user"), array("username2", "password2", "admin"));
 // You can also keep require_login=false and specify an admin.
 // That way everyone can see the page but username and password are needed for uploading.
-// For example: $_CONFIG['users'] = array(array("username", "password", "admin"));
+// For example: $_CONFIG['users'] = array(array("username", "sha256 of password", "admin"));
 // Default: $_CONFIG['users'] = array();
 //
-$_CONFIG['users'] = array();
+//$_CONFIG['users'] = array();
+//$_CONFIG['users'] = array(array("admin", "secret", "admin"), array("test", "password", "user"));
+$_CONFIG['users'] = array(array("admin", "2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b", "admin"), array("test", "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8", "user"));
 
 //
 // Permissions for uploading, creating new directories and deleting.
@@ -1931,8 +1944,7 @@ public static function init()
 				}
 				header( "Location: ".$addr.$param);
 			}
-			else
-				$encodeExplorer->setErrorString("wrong_pass");
+			else $encodeExplorer->setErrorString("wrong_pass");
 		}
 	}
 
@@ -1940,7 +1952,16 @@ public static function isUser($userName, $userPass)
 	{
 		foreach(EncodeExplorer::getConfig("users") as $user)
 		{
-			if($user[1] == $userPass)
+			
+			if (EncodeExplorer::getConfig('hash_psw') == true)
+			{
+			$key = hash(sha256, $userPass, $raw_output = false);
+			}
+			else
+			$key = $userPass;
+			
+			//if($user[1] == $userPass)
+			if($user[1] == $key)
 			{
 				if(strlen($userName) == 0 || $userName == $user[0])
 				{
@@ -1948,6 +1969,7 @@ public static function isUser($userName, $userPass)
 				}
 			}
 		}
+		
 		return false;
 	}
 

From c3399c7baef417dfbbe5729620aee70a164bb3aa Mon Sep 17 00:00:00 2001
From: havet <per.tunedal@operamail.com>
Date: Sun, 24 Jan 2016 19:16:38 +0100
Subject: [PATCH 2/5] Added some more translations to Swedish

Added missing lines in the Swedish translation.
---
 index.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/index.php b/index.php
index 6d8245e..f01b757 100644
--- a/index.php
+++ b/index.php
@@ -887,6 +887,18 @@
 	"unable_to_read_dir" => "Kan inte lasa den filen",
 	"location" => "Plats",
 	"root" => "Hem"
+	"log_file_permission_error" => "Scriptet har inte behörighet att skriva till loggfilen.",
+	"upload_not_allowed" => "Skriptets konfiguration tillåter inte uppladdning till denna katalog.",
+	"upload_dir_not_writable" => "Denna katalog har inte behörigheter för att skriva.",
+	"mobile_version" => "Mobilvisning",
+	"standard_version" => "Standardvisning",
+	"page_load_time" => "Sidan laddades på %.2f ms",
+	"wrong_pass" => "Fel användarnamn eller lösenord",
+	"username" => "Användarnamn",
+	"log_in" => "Logga in",
+	"upload_type_not_allowed" => "Denna filtyp är det inte tillåtet att ladda upp.",
+	"del" => "Ta bort",
+	"log_out" => "Logga ut"
 );
 
 // Turkish

From 6ddab60001f6774e691cd8a27439e2d484cf3cf7 Mon Sep 17 00:00:00 2001
From: havet <per.tunedal@operamail.com>
Date: Sun, 24 Jan 2016 20:17:33 +0100
Subject: [PATCH 3/5] Corrected the Swedish translation

Changed to national characters.
---
 index.php | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/index.php b/index.php
index f01b757..465affe 100644
--- a/index.php
+++ b/index.php
@@ -873,20 +873,20 @@
 $_TRANSLATIONS["sv"] = array(
 	"file_name" => "Filnamn",
 	"size" => "Storlek",
-	"last_changed" => "Senast andrad",
+	"last_changed" => "Senast ändrad",
 	"total_used_space" => "Totalt upptaget utrymme",
 	"free_space" => "Ledigt utrymme",
-	"password" => "Losenord",
+	"password" => "Lösenord",
 	"upload" => "Ladda upp",
 	"failed_upload" => "Fel vid uppladdning av fil!",
 	"failed_move" => "Fel vid flytt av fil till mapp!",
-	"wrong_password" => "Fel losenord",
+	"wrong_password" => "Fel lösenord",
 	"make_directory" => "Ny mapp",
 	"new_dir_failed" => "Fel vid skapande av mapp",
-	"chmod_dir_failed" => "Fel vid andring av mappens egenskaper",
+	"chmod_dir_failed" => "Fel vid ändring av mappens egenskaper",
 	"unable_to_read_dir" => "Kan inte lasa den filen",
 	"location" => "Plats",
-	"root" => "Hem"
+	"root" => "Hem",
 	"log_file_permission_error" => "Scriptet har inte behörighet att skriva till loggfilen.",
 	"upload_not_allowed" => "Skriptets konfiguration tillåter inte uppladdning till denna katalog.",
 	"upload_dir_not_writable" => "Denna katalog har inte behörigheter för att skriva.",
@@ -901,6 +901,7 @@
 	"log_out" => "Logga ut"
 );
 
+
 // Turkish
 $_TRANSLATIONS["tr"] = array(
 	"file_name" => "Dosya Adı",

From 5495076c2f5f8212418a2e217530a34192a9d816 Mon Sep 17 00:00:00 2001
From: havet <per.tunedal@operamail.com>
Date: Sun, 24 Jan 2016 20:40:30 +0100
Subject: [PATCH 4/5] Comments

Changed some comments.
---
 index.php | 32 ++++++++++++++++++++------------
 1 file changed, 20 insertions(+), 12 deletions(-)

diff --git a/index.php b/index.php
index 465affe..452018d 100644
--- a/index.php
+++ b/index.php
@@ -147,32 +147,40 @@
 // They will still be able to access the files with a direct link.
 // Default: $_CONFIG['require_login'] = false;
 //
-$_CONFIG['require_login'] = true;
-
-// Bad practice to store passwords in plain text
-// Store as sha256-hashes.
-// $_CONFIG['hash_psw'] = true;
+$_CONFIG['require_login'] = false;
 
+// Whether store the passwords as sha256-hashes or not.
+// It's bad practice to store passwords in plain text.
+// If set to true, you shuld add the passwords-hashes instead of the passwords,
+// in 'users' below.
 //$_CONFIG['hash_psw'] = false;
-$_CONFIG['hash_psw'] = true;
+//$_CONFIG['hash_psw'] = true;
+
+// Default: $_CONFIG['hash_psw'] = false;
+
+$_CONFIG['hash_psw'] = false;
 
 //
 // Usernames and passwords for restricting access to the page.
 // The format is: array(username, password, status)
 
-// Bad practice to store passwords in plain text
-// Store as sha256-hashes.
-
 // Status can be either "user" or "admin". User can read the page, admin can upload and delete.
 // For example: $_CONFIG['users'] = array(array("username1", "password1", "user"), array("username2", "password2", "admin"));
 // You can also keep require_login=false and specify an admin.
 // That way everyone can see the page but username and password are needed for uploading.
 // For example: $_CONFIG['users'] = array(array("username", "sha256 of password", "admin"));
+
+// It's bad practice to store passwords in plain text.
+// You'd better use sha256-hashes for example:
+//$_CONFIG['users'] = array(array("admin", "secret", "admin"), 
+//		array("test", "password", "user")); // may be replaced by:
+//$_CONFIG['users'] = array(array("admin", "2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b", "admin"), 
+//		array("test", "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8", "user"));
+// N.B. set hash_psw = true above
+
 // Default: $_CONFIG['users'] = array();
 //
-//$_CONFIG['users'] = array();
-//$_CONFIG['users'] = array(array("admin", "secret", "admin"), array("test", "password", "user"));
-$_CONFIG['users'] = array(array("admin", "2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b", "admin"), array("test", "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8", "user"));
+$_CONFIG['users'] = array();
 
 //
 // Permissions for uploading, creating new directories and deleting.

From 6a82d1b35440b5c472ff8de35d1a2deb2bd0e2cd Mon Sep 17 00:00:00 2001
From: havet <per.tunedal@operamail.com>
Date: Sat, 13 Feb 2016 16:53:31 +0100
Subject: [PATCH 5/5] Fixed file name bug

Added character conversion on:
1) Listing files
2) Uploading files
---
 index.php | 77 ++++++++++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 65 insertions(+), 12 deletions(-)

diff --git a/index.php b/index.php
index 452018d..2f3c355 100644
--- a/index.php
+++ b/index.php
@@ -119,10 +119,12 @@
 
 //
 // Charset. Use the one that suits for you.
+// N.B. The form is now written in UTF-8 and
+// the translations are in UTF-8. PT
 // Default: $_CONFIG['charset'] = "UTF-8";
 //
 $_CONFIG['charset'] = "UTF-8";
-
+//$_CONFIG['charset'] = "ISO-8859-1"; // PT
 /*
 * PERMISSIONS
 */
@@ -149,16 +151,11 @@
 //
 $_CONFIG['require_login'] = false;
 
-// Whether store the passwords as sha256-hashes or not.
-// It's bad practice to store passwords in plain text.
-// If set to true, you shuld add the passwords-hashes instead of the passwords,
-// in 'users' below.
-//$_CONFIG['hash_psw'] = false;
-//$_CONFIG['hash_psw'] = true;
-
+// Option: Store the hash of the password instead of the plain text. PT
 // Default: $_CONFIG['hash_psw'] = false;
 
 $_CONFIG['hash_psw'] = false;
+//$_CONFIG['hash_psw'] = true;
 
 //
 // Usernames and passwords for restricting access to the page.
@@ -176,7 +173,9 @@
 //		array("test", "password", "user")); // may be replaced by:
 //$_CONFIG['users'] = array(array("admin", "2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b", "admin"), 
 //		array("test", "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8", "user"));
-// N.B. set hash_psw = true above
+
+// If the password contains national characters, make sure it's utf-8 encoded when you hash it!
+// N.B. If you use hashed passwords, set hash_psw = true above.
 
 // Default: $_CONFIG['users'] = array();
 //
@@ -1887,7 +1886,23 @@ public static function logAccess($path, $isDir)
 		$message .= " ".$path;
 		Logger::log($message);
 	}
-
+	
+	// log uploading PT
+	public static function logUpload($userfile)
+	{
+		$message .= $_SERVER['REMOTE_ADDR']." ".GateKeeper::getUserName()." uploaded: ";
+		$message .= $userfile;
+		Logger::log($message);
+	}
+	
+	// log file listing PT
+	public static function logFileList($filename)
+	{
+		$message .= $_SERVER['REMOTE_ADDR']." ".GateKeeper::getUserName()." listed: ";
+		$message .= $filename;
+		Logger::log($message);
+	}
+	
 	public static function logQuery()
 	{
 		if(isset($_POST['log']) && strlen($_POST['log']) > 0)
@@ -1911,8 +1926,13 @@ public static function emailNotification($path, $isFile)
 	{
 		if(strlen(EncodeExplorer::getConfig('upload_email')) > 0)
 		{
+			// Added date and time PT
+			$date = date("Y-m-d");
+			$time = date("H:i:s");
+		
 			$message = "This is a message to let you know that ".GateKeeper::getUserName()." ";
 			$message .= ($isFile?"uploaded a new file":"created a new directory")." in Encode Explorer.\n\n";
+			$message .= "Date: " . $date . " Time: " . $time . "\n";
 			$message .= "Path : ".$path."\n";
 			$message .= "IP : ".$_SERVER['REMOTE_ADDR']."\n";
 			mail(EncodeExplorer::getConfig('upload_email'), "Upload notification", $message);
@@ -2128,9 +2148,24 @@ function newFolder($location, $dirname)
 	function uploadFile($location, $userfile)
 	{
 		global $encodeExplorer;
-		$name = basename($userfile['name']);
+		
+		$name = $userfile['name'];
+		Logger::logUpload($name); // Before. PT
+		
+		if (EncodeExplorer::getConfig('charset') == "UTF-8")
+		{
+			// Konversion utf-8 > ISO. PT
+			$name = iconv ("UTF-8", "ISO-8859-1", $name); //PT
+			//$name = basename($userfile['name']); // doesn't work for national characters
+		}
+		
+		Logger::logUpload($name); // After. PT
+		
+		/*************************
+		// Always 'false' in modern PHP-versions.
 		if(get_magic_quotes_gpc())
 			$name = stripslashes($name);
+		****************************/
 
 		$upload_dir = $location->getFullPath();
 		$upload_file = $upload_dir . $name;
@@ -2915,6 +2950,7 @@ function outputHtml()
 <head>
 <meta name="viewport" content="width=device-width" />
 <meta http-equiv="Content-Type" content="text/html; charset=<?php print $this->getConfig('charset'); ?>">
+<meta name="robots" content="noindex, nofollow"> 
 <?php css(); ?>
 <!-- <meta charset="<?php print $this->getConfig('charset'); ?>" /> -->
 <?php
@@ -3127,7 +3163,24 @@ function(){
 		if($file->isValidForThumb())
 			print " thumb";
 		print "\">";
-		print $file->getNameHtml();
+		
+		if (EncodeExplorer::getConfig('charset') == "UTF-8")
+		{
+			// Konversion ISO > UTF-8. PT
+			//$fil = $file->getNameHtml();
+			$fil = $file->getName(); // PT testar
+			Logger::logFileList($fil); // PT
+			$fil = iconv ("ISO-8859-1", "UTF-8", $fil); // PT
+		}
+		
+		else
+		$fil = $file->getName();
+		//print $file->getNameHtml(); // *** Här skrivs namnet ***
+		//$fil = iconv ("UTF-8", "ISO-8859-1", $fil); //PT Konvertera före utskrift!
+		
+		print $fil;
+		Logger::logFileList($fil); // PT
+		
 		if($this->mobile == true)
 		{
 			print "<span class =\"size\">".$this->formatSize($file->getSize())."</span>";