Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - LeoNeeson

Pages: [1] 2
Programmers corner / Friendly petition to Mars and or to any programmer
« on: November 14, 2018, 09:45:44 PM »
Since a long time I wanted to build HFS by my self, and recently I've found this 'Portable Turbo Delphi Lite v1.0d' here. But that's not enough, since I need all the library components listed on 'developer notes.txt' (but I've read here in various posts on the forum, that the configuration and installation of those components is not very straightforward and it's prone to give errors on compiling time).

I rarely ask for help, but this time I'm asking to someone who already had compiled HFS, the following...

@Mars/Anyone: Could you please provide me the ./lib folder (with all the components included, and with everything ready to compile HFS, including the configuration file 'TDrun.reg' of your 'portable Turbo Delphi' folder?...

@Mars: Over the years, you have many times proposed excellent code changes and enhancements that some of them were later discarded or not used by Rejetto. That's why I would love to have your own custom modified HFS source code, since it could contain many of those interesting changes that were not included on the final version of HFS. So, Mars: would you be kind enough to share with me your the source code of HFS with the custom modifications done by you?. This is a very small file (that you could even attach in this thread), or send me a download link in a private message, if you don't want to keep it public. If you don't like to share it with me, it's OK, I will accept your answer, but please don't give me an ironic 'wait, wait and wait' response.

Cheers, :)

HTML & templates / Old default template for new and legacy browsers
« on: November 05, 2018, 07:00:25 AM »
Since Rejetto has updated the default template of HFS v2.4 to a new responsive mobile-friendly version (and also have updated jQuery from v1.4.2 to v1.12.4), I decided it's time to release a specially modified version of the old default template you found on past HFS versions, up to v2.3m, supporting both new and legacy browsers. The only modification I did is embedding the old jQuery v1.4.2, and the rest of the code is untouched. This file was taken from the source code of v2.3m (default.tpl).

You can use this old default template (that's attached to this post) on HFS v2.4 and newer versions too, but keep in mind that Rejetto only gives support to browsers not older than JAN/2006 with some exceptions (as he stated here), so keep in mind that the use of this template is officially unsupported (and unless Rejetto says otherwise, I'm currently the only one who gives support for it, but rest assured this template is rock-solid stable).

In the case you use an old custom template (that makes use of old jQuery) on a legacy browser (older than 2016), you will need to make the following modification, simply replacing this text (marked in red):

<script type="text/javascript" src="/?mode=jquery"> the following text (marked on green color):

<script type="text/javascript" src="">

Or if you want to make it work offline (because you use HFS on a LAN, without internet access), the modification is more complex (and is exactly the same modification I did on the attached template), and you need to use this:

<script type="text/javascript" src="/?mode=section&id=jquery.js">

And also add the following text, before this section: [file=folder=link|private]

[jquery.js|no log|cache]
/* Copy and paste here the contents of the jQuery v1.4.2 file */

If you have any doubts, use as reference the template attached to this post, or feel free to ask me for help, by leaving a message here, in this post (the support I'm giving is limited only to make work the old jQuery v1.4.2 with your template, and nothing else). If your template doesn't use jQuery at all, you don't need to make any modification. An alternative to this template, is using 'The really fast Throwback (retro) template' made by danny.

Enjoy! :) ...and don't forget to leave a comment if you find this useful!
(and thanks to Rejetto for making it the default template for almost 8 years)

Code: [Select]
File: legacy-template.tpl
MD5: 048E8A2A4A4F6AA8D6B544A24CECE11F


EDIT: As reference, I comment this thread was started here and then moved here. The idea started after reading the code of by dj (thanks him for the inspiration, Mars for the actual code implementation that you will find below, and Rejetto, because he took this idea into consideration). Now it follows the original post...

Offtopic: Reading your template, I always wondered is a file section (in the HFS template), could store a file encoded in Base64, and that be decoded by the server on-the-fly (delivering the decoded output).

I see you have write this:

Code: [Select]
a {text-decoration: none}

...and I expected this to deliver the same output (but it doesn't):

Code: [Select]

I already know that is possible to directly write Base64 code, like this:

Code: [Select]
<link rel="stylesheet" type="text/css" href="data:text/css;base64,YSB7dGV4dC1kZWNvcmF0aW9uOiBub25lfQ==" />
But I was wondering if is it possible make HFS decode Base64 'on-the-fly' using a macro like: {.mime|text/css;base64.}

Also, neither of the following works:

Code: [Select]

Code: [Select]

I'm curious to know if this is possible using macros. ???

Programmers corner / Adding Two-Factor Authentication (2FA) to HFS
« on: September 23, 2018, 01:16:24 AM »
Since HFS currently depends only on a primitive and weak HTTP/1.1 login system (where unless you use SSL, the password travels in clear text, encoded in Base64), I was thinking it would be nice if HFS implements a simple Two-Factor Authentication system (also known as TOTP or 2FA). This system is a time-based password algorithm (which change every 30 seconds), added on top of the current login. This way, if someone steals the user/pass, they could not get through the TOTP/2FA system (since the 2FA would prevent the access to your private account and files, even if they know the password).

- How this works on the server?
The server needs to generate a secret key (only once, when setting up the 2FA), and it would store that secret key (encoded in Base32) along with the user/pass (I'm always talking about the server part). At user/client level, when TOTP is enabled on HFS, it should check if the credentials (user/pass) are correct first, and then if they are valid it should ask for the 2-Factor Authentication Code. To make this work (like I've said), HFS should store (along with the username and password) the 2FA 'secret key' needed to generate the 2FA time-based codes. The rest of the work flow (at server level) can be read here. To end-users, I guess most of you know how the Two-Factor Authentication works, since Gmail already use it since several years (check out this, if have any doubts).

- Implementing TOTP on HFS using a free Delphi library
After a deep search, I've found a small Delphi/FreePascal/Lazarus library, that could make easy the implementation on HFS:

And now that version 2.4 is on beta test (and since HFS is doing a step from v2.3 to v2.4), I think is a great time to make the server a little more secure by default. I hope Rejetto like and welcome the idea, and if anyone here could collaborate at code level to make this works on HFS, it would be great :) (this is only a suggestion, not a petition to add it).


HTML & templates / Alternative login form for modern browsers
« on: August 25, 2018, 03:05:25 AM »
Thanks to danny and his idea (in this post), and after spending several hours finding a solution and doing lot of tests, I think we finally have a working workaround solution for login from mobile browsers (that it even work on desktop browsers too).

1. In the "Virtual File System" box, right click on the first element (Home)
2. Properties
3. Diff template
4. Enter this text:
Code: [Select]
<h1>{.!Unauthorized.} {.!&#47; Please login&hellip;.}</h1>
{.!Either your user name and password do not match, or you are not permitted to access this resource..}<br>
{.!Please login to access to your account, and check if you have the correct permissions to continue..}<br>

<fieldset id='login'>
  <legend><img src="/~img27"> {.!Login.}</legend>
    <input type='text' id='usr' size='15' placeholder=" Username" value=""><br>
    <input type='password' id='psw' size='15' placeholder=" Password" value=""><br>
    <input type='button' id='lognow' style="width:110px;" value="{.!Login.}" onclick="NewLogin();">

function NewLogin() {
  var xhr = new XMLHttpRequest();
  var ThisFolder = window.location;
  var ThisUser = document.getElementById("usr").value;
  var ThisPass = document.getElementById("psw").value;
  var LoginToken = ThisUser+':'+ThisPass;"GET", "/~login", true);
  xhr.withCredentials = true;
  xhr.setRequestHeader("Authorization", 'Basic ' + btoa(LoginToken));
  xhr.onreadystatechange = function() {
    if (xhr.readyState == 4 && xhr.status == 200) {
      if (window.location.href.indexOf("~login") != -1) {
        } else {
    if (xhr.readyState == 4 && xhr.status == 401) {
      alert("Invalid credentials! \(Wrong username or password\)");

Please test it and report the results (remember to create an account first on HFS). I've literally wasted all my free afternoon, but I'm happy with the results!. It may not be perfect, so, feel free to adapt/correct/enhance the code... ;)


HTML & templates / Simple contact template
« on: July 22, 2018, 09:26:42 AM »
Today I was trying to get working a simple contact template, that automatically save its contents as a local .txt file. To apply this template, follow these steps:

1. Create a folder named, for example as: contact (add it as real folder)

2. Extract from the zip the "hfs.diff.tpl" of the version you've choosen.

3. Copy that file (hfs.diff.tpl) to the "contact" (or whatever name you choose) folder you made on the first step.

» Versions:

Macro-Method = Using Form + Macros (without needing upload permissions)
XML-Method = Using XMLHttpRequest (needs upload permissions to anyone)
EML-Email = Same as XML-Method, but it saves in .eml format instead of .txt

» Description:

Both version are currently functional, but still need to add some kind of field validation (to check if the fields are empty or not), and perhaps we can also show that the message was successfully sent using another methods than showing a simple 'alert' (getting some answer back from the server, at least in the v1.0b-XML-Method). The v1.0a-Macro-Method could have redirect to page like (after the form was submitted):

Code: [Select]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">
<html xmlns="">
<head><title>Message successfully sent</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head><body><h3 style="color:black;">The message was successfully sent!</h3>

Thanks to dj for his help! :) (without him, this couldn't be done)
Any other enhancements/suggestions are welcome!


WARNING: there is a serious security hole in the use of this script (which was solved here), that allows access to any file on the entire hard disk hosting HFS. Be sure to restrict the access of this script only to yourself.

Hi there! I was reading these wiki pages (Template macros & scripting commands), trying to being able to download and save an external file to the current folder (Remote upload), but I can't get it working.

Please check my code (in my example, there is an URL already loaded, of a Tiny Core Linux ISO file). The following code works fine, but it's NOT recommended as it could overload the RAM if you are downloading a big file (I only leave this as reference):

Code: [Select]
<form method='post'>
URL: <input name='url' value="">
<br>Filename: <input name='dest' value="%folder%Core-9.0-GOOD.iso">
<br><input type='submit'>
{.set|dest| {.or|{.filename|{.postvar|dest.}.}|{.filename|{.^url.}.}|downloaded.} .}

| {.length|{.save| ./{.^dest.} |var=data.}.}
| Downloaded {.^dest.} for {.length|var=data.} bytes

The following is the recommended code by rejetto here (chinking the file every 1MB), but it doesn't work as expected (the download has a never ending loop). This code not only doesn't work, but besides that, it also have missing the text "Downloaded Core-9.0.iso for 13256704 bytes" and the event doesn't get logged on HFS's log.

<form method='post'>
URL: <input name='url' value="">
<br>Filename: <input name='dest' value="%folder%Core-9.0-BAD.iso">
<br><input type='submit'>
{.set|dest| {.or|{.filename|{.postvar|dest.}.}|{.filename|{.^url.}.}|downloaded.} .}

      | {:{.append|{.^dest.}|var=data.}
      | {:{.set|chunk|0.}:}.}

Could someone point me where is the fault?... :-\

Español / HFS en Español - Versiones beta
« on: December 05, 2017, 12:22:43 PM »
HFS en Español v2.3k #299 Beta [05-DIC-2017]

» Descarga:

Code: [Select]
Nombre: HFS v2.3k Build #299 Spanish Beta [05-DIC-2017].rar
CRC-32: 0CA7F67A
   MD4: 6B7E71011E61419D304435B3F60EB01C
   MD5: D19336717A380BD874E592B1BA8EF411
 SHA-1: B775B108B31BB7FDFCB832D75B7F4022D555862F

Versión portable: Descomprima el archivo RAR en una carpeta nueva y listo.
Solo actualización: Para aquellos que hayan bajado exactamente ESTA versión preview y deseen actualizar a esta versión en español, pueden descargar y descomprimir ESTE archivo adjunto en la carpeta donde tienen instalado HFS, conservando asi toda su configuración actual (haz siempre una copia de seguridad antes de sobrescribir cualquier archivo).

» Basado en la 'compilación previa' de la próxima versión 2.3l (Build #300).

Que lo disfruten! :)

FHFS / FHFS: Is there going to be any update on this?
« on: August 29, 2016, 04:24:09 AM »
@Raybob: Is there going to be any update on this? Since in the HFS.ini of FHFS v2.1.3, the updates of the internal HFS (server.dll) are not automatic (update-automatically=no), it would be great to have an updated version with the last HFS v2.3i Build #297 running out-of-the-box. There are many users out there who are still using FHFS with a built-in outdated HFS v2.3d Build #292. And since there was a VERY important security update in this last version, many users may be exposed to hackers, like recently happened here. I understand that having the automatic updates disabled is to ensure everything keeps working/compatible with the rest of the FHFS code. I also understand that you may not want (or have the time) to be updating FHFS every time a new version of HFS is out, but this time is critical to have an update (since it fixed a "Remote Command Execution" exploit).

HFS ~ HTTP File Server / Changing HTTP response header
« on: May 22, 2016, 09:36:06 AM »
OK, I've started a new thread to keep this organized. This post started here, and the question was: How to change the HTTP response header "Server" (or any other string in the header) using Macros? ("Server" is a string that displays the name of the server, and it shows the HFS version). If you don't know what I'm talking about, use a Download Manager that show this info (for example, I'm using FlashGet).

Suggestions and examples are welcome. :)

Bug reports / [SOLVED] Uploading a MD5 file is forbidden?...
« on: March 13, 2016, 09:42:24 AM »
I think I've found a bug, since HFS says 'uploading a MD5 file is forbidden'. After doing an extensive search on this forum about "MD5" implementation on HFS, just to be sure this wasn't' posted before, I think there is a bug on HFS that prevents MD5 files to be uploaded...

> How this happened?...
The other day I was uploading a bunch of files to my server, and it was unable to upload a MD5 file. This doesn't have anything to do with the 'fingerprints' feature of HFS, since I have that option disabled (or at least it should not interfere with it). I've tried renaming the .md5 file to .txt, and HFS uploaded the file successfully. But having the .md5 extension, give the following error: "File name or extension forbidden.". This doesn't happen with any other checksum files (like .sha1, for example).

> How to reproduce the problem?...
1) Enable the 'Upload' feature to some real folder.
2) Using any browser (using the web interface), try to upload a ".md5" file to the server.
3) Bang! The file cannot be uploaded...

Here is a log...
Code: [Select]
00:28:13 Requested GET /MyFolder/
00:28:13 Requested GET /?mode=jquery
00:28:15 Requested GET /MyFolder/New/
00:28:16 Requested GET /?mode=jquery
00:28:29 Upload failed for Test.md5: File name or extension forbidden.
00:28:29 Upload failed Test.md5
00:28:29 Requested POST /MyFolder/New/
00:32:45 Requested GET /MyFolder/New/
00:32:45 Requested GET /?mode=jquery
00:32:51 Uploading Test.txt
00:32:51 Fully uploaded Test.txt - 44 @ 0B/s
00:32:51 Requested POST /MyFolder/New/

Here is an screenshot (cropped)...

I'm almost sure this bug/error has to be related to the 'fingerprints' feature. I can provide more details if you need them. To me, uploading .md5 files is important.

> EDIT: The "solution" for this, it's here. Thank you Rejetto.

Everything else / How to tell if an OpenVPN Client runs on a router?
« on: October 05, 2015, 04:24:36 PM »
Hi there! Sorry for this offtopic and technical question:

> How to tell if an OpenVPN Client runs on a router?

I mean, every internet browser has an "User Agent", but I can't find any information related to OpenVPN having an "User Agent". So, is there any way an OpenVPN Server may know if some OpenVPN Client is running on Linux, Windows, Android, etc?...

Why I'm asking this weird question? Because my VPN provider doesn't like that their VPN service be used from a Router (mainly, to avoid misuse, and to avoid abuse by sharing the service with others). Not my case. I DO NOT want to do this to "circumvent" their terms in ANY way, because I would like to use the router ONLY to make the configuration easier on my devices (I mean, only have to configure the router, and not every single device). Of course, to make happy my VPN provider, I'll connect ONLY ONE device at a time to that router (after all, my speed connection doesn't allow me to use more than that, since it's a wireless connection).

Sorry if it's a confusing question, but this is not something I can ask my VPN provider directly (to avoid any misunderstanding, or worse yet, having my account cancelled). So, my question is: if I run an OpenVPN Client on a router (with OpenWRT firmware), can I be 100% sure my VPN provider doesn't detect it? Does an OpenVPN client have an "User Agent"? (or any hardware/system identification string when makes its connection?). Anyone have an idea about this?...

Thank you people... :)

HFS ~ HTTP File Server / Adding Remote Upload to HFS...
« on: July 20, 2014, 11:54:17 PM »
I'm always thinking new features that can be great for HFS. Like this one...

Remote URL upload: Upload files from remote servers directly to your HFS server.

Imagine you are on a mobile connection (or on the road), and someone has a file in his HFS server (or anywhere), and you want to upload it directly to your HSF server. Imagine you have a direct link that you know it will expire in a few hours, and you want to upload it to your server directly. All this can be done using Remote URL upload. Obviously this, like any other feature, can be disabled or password protected (and may come disabled by default). I think you know how this works. It's like "interconnecting" servers, a very cool feature. I think it may be easy to implement it, since it's not exactly about uploading a file. It's more about downloading a file, since your server will be downloading a file from a remote location and saving it in a local "shared" folder. And voila!...

Again, this is only a suggestion, not a request. There is no pressure at all, not obligation or whatever. My only wish is to put my "two cents" in this proyect, at least giving ideas. :)

In case you add this, it will be usefull to have an option to know the free space available in the server (or set a limit). Hope you like it!


FHFS / FHFS v2.1.0 - First impressions...
« on: July 03, 2014, 08:16:17 AM »
OK! I've installed FHFS today (for the first time), and it looks totally great, and it's loaded with features (I really like it). But on my own testings, I did found things that must be changed or fixed. One thing is the fact that FHFS can't be used on LAN environments (without internet access). The installation doesn't even work without an internet connection.

So, I would like to make some suggestions for the next version 2.1.x you may release (listed in order of importance):

1) Making FHFS totally functional without making use of internet at all (for example, installation doesn't work without being connected to internet, so FHFS can't be used on LAN networks without internet access). It needs to load some files from Google (jquery.min.js), and I really don't like that (for privacy issues). I will post the link of those files at the final of this post. It also pings or loads something from (I don't know what, but I would like to have this disabled/removed too).

2) Adding an option to disable the "email" option totally, even from the installer ( allowing to use accounts only with an Username and Password. And that for everyone: users and even the admin. This would make it easier to use on private LAN configurations. And since I know email is needed to password recovery, that can be easily replaced with a security question that needs to be set when an account is created. So, instead of asking for an email, it may ask for a Security Question and Security Answer (like any email provider does).

3) I don't see anywhere an option to change Admin's Username (once it was set). And if this is solved, FHFS may come preconfigured with a standard user and pass, that the user HAS TO CHANGE it later (I know that would make it less secure, but it will make it easier for new users). In that case, it may ask something like this: "Do you want to configure your admin account now (recommended), or use a preconfigured account (for testings)?". But this is not so important.

All the rest, went fine (I had some errors that I may report later if it continues, but none of them seems important). I see that FHFS has too much dependencies to my own taste (libraries that needs to be installed), but I know FHFS needs them all to run, so, that's not a big problem.

The links to Google are...
Code: [Select]

Well, I know you are working in a new version, but I would love to see at least some last version with all these things fixed. There is no hurry, and I would like to make these changes by myself, but I don't have the enough knowledge, or don't know what files need to edit.

Thank you for your amazing work RayBob!. :)

Programmers corner / Possible Unicode workaround to HFS 2.xx...
« on: May 12, 2014, 06:58:48 AM »
I think I may have a "workaround" to somehow solve this Unicode problem. I have the idea in my mind, but it's hard to explain, but I'll try my best. I will need direct interaction of Rejetto. First, I need to know some internal things about HFS. So, this is my first question:

- Is HFS able to internally "read" any file with unicode characters?. When I say "read", I mean read the file at low level, no matter the file name.

Pages: [1] 2