my $auth = $r->headers_in->{'authorization'};
if (!defined($auth)) {
- output_401($r, 0);
+ output_401($r);
return undef;
}
- $r->log->warn("Auth: $auth");
if ($auth =~ /^Basic ([a-zA-Z0-9+\/]+=*)$/) {
return check_basic_auth($r, $1);
}
if ($auth =~ /^Digest (.*)$/) {
return check_digest_auth($r, $1);
}
- output_401($r, 0);
+ output_401($r);
return undef;
}
$r->status(401);
$r->headers_out->{'www-authenticate'} = 'Basic realm="pr0n.sesse.net"';
- if ($options{'DigestAuth'} // 1) {
+ # Digest auth is disabled for now, due to various client problems.
+ if (0 && ($options{'DigestAuth'} // 1)) {
# We make our nonce similar to the scheme of RFC2069 section 2.1.1,
# with some changes: We don't care about client IP (these have a nasty
# tendency to change from request to request when load-balancing
my ($raw_user, $pass) = split /:/, MIME::Base64::decode_base64($auth);
my ($user, $takenby) = extract_takenby($raw_user);
- my $oldpass = $pass;
- $pass = Digest::SHA1::sha1_base64($pass);
- my $ref = $dbh->selectrow_hashref('SELECT count(*) AS auth FROM users WHERE username=? AND sha1password=? AND vhost=?',
- undef, $user, $pass, $r->get_server_name);
- if ($ref->{'auth'} != 1) {
+ my $ref = $dbh->selectrow_hashref('SELECT sha1password,digest_ha1_hex FROM users WHERE username=? AND vhost=?',
+ undef, $user, $r->get_server_name);
+ if (!defined($ref) || $ref->{'sha1password'} ne Digest::SHA1::sha1_base64($pass)) {
$r->content_type('text/plain; charset=utf-8');
$r->log->warn("Authentication failed for $user/$takenby");
output_401($r);
return undef;
}
-
$r->log->info("Authentication succeeded for $user/$takenby");
+ # Make sure we can use Digest authentication in the future with this password.
+ my $ha1 = Digest::MD5::md5_hex($user . ':pr0n.sesse.net:' . $pass);
+ if (!defined($ref->{'digest_ha1_hex'}) || $ref->{'digest_ha1_hex'} ne $ha1) {
+ $dbh->do('UPDATE users SET digest_ha1_hex=? WHERE username=? AND vhost=?',
+ undef, $ha1, $user, $r->get_server_name)
+ or die "Couldn't update: " . $dbh->errstr;
+ $r->log->info("Updated Digest auth hash for for $user");
+ }
+
return ($user, $takenby);
}
# If we use ->[0] unconditionally, text rendering (!) seems to crash
my $img;
- if (ref($magick)) {
+ if (ref($magick) !~ /Image::Magick/) {
$img = $magick;
} else {
$img = (scalar @$magick > 1) ? $magick->[0] : $magick;
my $height = $img->Get('rows');
my ($nwidth, $nheight) = scale_aspect($width, $height, $xres, $yres);
- # Use lanczos (sharper) for heavy scaling, mitchell (faster) otherwise
- my $filter = 'Mitchell';
- my $quality = 90;
- my $sf = undef;
-
- if ($width / $nwidth > 8.0 || $height / $nheight > 8.0) {
- $filter = 'Lanczos';
- $quality = 85;
- $sf = "1x1";
- }
+ my $filter = 'Lanczos';
+ my $quality = 87;
+ my $sf = "1x1";
if ($xres != -1) {
$cimg->Resize(width=>$nwidth, height=>$nheight, filter=>$filter, 'sampling-factor'=>$sf);
push @ret, "/$event/$1x$2/$filename";
} elsif ($fname =~ /^$id-(\d+)-(\d+)-nobox\.jpg$/) {
push @ret, "/$event/$1x$2/nobox/$filename";
+ } elsif ($fname =~ /^$id--1--1-box\.png$/) {
+ push @ret, "/$event/box/$filename";
} elsif ($fname =~ /^$id-(\d+)-(\d+)-box\.png$/) {
push @ret, "/$event/$1x$2/box/$filename";
} else {
- $r->log->warning("Couldn't find a purging URL for $fname");
+ $r->log->warn("Couldn't find a purging URL for $fname");
}
}