rejetto forum

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - LeoNeeson

Pages: 1 2
16
HTML & templates / Alternative login form for modern browsers
« on: August 25, 2018, 03:05:25 AM »
Thanks to danny and his idea (in this post), and after spending several hours finding a solution and doing lot of tests, I think we finally have a working workaround solution for login from mobile browsers (that it even work on desktop browsers too).

1. In the "Virtual File System" box, right click on the first element (Home)
2. Properties
3. Diff template
4. Enter this text:
Code: [Select]
[unauthorized]
<h1>{.!Unauthorized.} {.!&#47; Please login&hellip;.}</h1>
{.!Either your user name and password do not match, or you are not permitted to access this resource..}<br>
{.!Please login to access to your account, and check if you have the correct permissions to continue..}<br>

<br>
<fieldset id='login'>
  <legend><img src="/~img27"> {.!Login.}</legend>
  <center>
    <input type='text' id='usr' size='15' placeholder=" Username" value=""><br>
    <input type='password' id='psw' size='15' placeholder=" Password" value=""><br>
    <input type='button' id='lognow' style="width:110px;" value="{.!Login.}" onclick="NewLogin();">
  </center>
</fieldset>
<br>

<script>
function NewLogin() {
  var xhr = new XMLHttpRequest();
  var ThisFolder = window.location;
  var ThisUser = document.getElementById("usr").value;
  var ThisPass = document.getElementById("psw").value;
  var LoginToken = ThisUser+':'+ThisPass;
  xhr.open("GET", "/~login", true);
  xhr.withCredentials = true;
  xhr.setRequestHeader("Authorization", 'Basic ' + btoa(LoginToken));
  xhr.onreadystatechange = function() {
    if (xhr.readyState == 4 && xhr.status == 200) {
      if (window.location.href.indexOf("~login") != -1) {
        window.location.replace('/?success');
        } else {
          window.location.replace(ThisFolder);
      };
    }
    if (xhr.readyState == 4 && xhr.status == 401) {
      alert("Invalid credentials! \(Wrong username or password\)");
    }
  }
  xhr.send();
}
</script>

Please test it and report the results (remember to create an account first on HFS). I've literally wasted all my free afternoon, but I'm happy with the results!. It may not be perfect, so, feel free to adapt/correct/enhance the code... ;)

Cheers,
Leo.-

17
HTML & templates / Simple contact template
« on: July 22, 2018, 09:26:42 AM »
Today I was trying to get working a simple contact template, that automatically save its contents as a local .txt file. To apply this template, follow these steps:

1. Create a folder named, for example as: contact (add it as real folder)

2. Extract from the zip the "hfs.diff.tpl" of the version you've choosen.

3. Copy that file (hfs.diff.tpl) to the "contact" (or whatever name you choose) folder you made on the first step.



» Versions:

Macro-Method = Using Form + Macros (without needing upload permissions)
XML-Method = Using XMLHttpRequest (needs upload permissions to anyone)
EML-Email = Same as XML-Method, but it saves in .eml format instead of .txt

» Description:

Both version are currently functional, but still need to add some kind of field validation (to check if the fields are empty or not), and perhaps we can also show that the message was successfully sent using another methods than showing a simple 'alert' (getting some answer back from the server, at least in the v1.0b-XML-Method). The v1.0a-Macro-Method could have redirect to page like (after the form was submitted):

Code: [Select]
[success]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>Message successfully sent</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head><body><h3 style="color:black;">The message was successfully sent!</h3>
</body></html>

Thanks to dj for his help! :) (without him, this couldn't be done)
Any other enhancements/suggestions are welcome!

Cheers,
Leo.-

18
» Update: February 10, 2020
Latest version/revision: HERE.

» Change log:
May 27, 2018 > Fixed a serious security hole found on this script (by Mars)
August 02, 2019 > Using %encoded-folder% as the destination (by danny).

» To-do list:
- Progress bar (when uploading)
- Show a link (to the uploaded file)



» ATTENTION: The text below, is left as-is (only as a reference), so, it's not recommended for public use, because in those previous/initials stages of this script, a serious security hole was found (that allowed access to any file on the entire hard disk hosting HFS), which was solved HERE (thanks to Mars). There is no need to panic, but if you use an old version, just be sure to restrict the access of this script only to yourself. It is recommended to always use the latest version.



Hi there! I was reading these wiki pages (Template macros & scripting commands), trying to being able to download and save an external file to the current folder (Remote upload), but I can't get it working.

Please check my code (in my example, there is an URL already loaded, of a Tiny Core Linux ISO file). The following code works fine, but it's NOT recommended as it could overload the RAM if you are downloading a big file (I only leave this as reference):

THIS CODE WORKS:
Code: [Select]
<form method='post'>
URL: <input name='url' value="http://distro.ibiblio.org/tinycorelinux/9.x/x86/release/Core-9.0.iso">
<br>Filename: <input name='dest' value="%folder%Core-9.0-GOOD.iso">
<br><input type='submit'>
</form>
{.set|url|{.postvar|url.}.}
{.break|if={.not|{.^url.}.}.}
{.set|dest| {.or|{.filename|{.postvar|dest.}.}|{.filename|{.^url.}.}|downloaded.} .}

{.load|{.^url.}|var=data.}
{.and
| {.length|{.save| ./{.^dest.} |var=data.}.}
| Downloaded {.^dest.} for {.length|var=data.} bytes
.}

The following is the recommended code by rejetto here (chinking the file every 1MB), but it doesn't work as expected (the download has a never ending loop). This code not only doesn't work, but besides that, it also have missing the text "Downloaded Core-9.0.iso for 13256704 bytes" and the event doesn't get logged on HFS's log.

THIS CODE DOESN'T WORK: (why?)
Quote
<form method='post'>
URL: <input name='url' value="http://distro.ibiblio.org/tinycorelinux/9.x/x86/release/Core-9.0.iso">
<br>Filename: <input name='dest' value="%folder%Core-9.0-BAD.iso">
<br><input type='submit'>
</form>
{.set|url|{.postvar|url.}.}
{.break|if={.not|{.^url.}.}.}
{.set|dest| {.or|{.filename|{.postvar|dest.}.}|{.filename|{.^url.}.}|downloaded.} .}

{.set|from|0.}
{.set|chunk|1000000.}
{.save|{.^dest.}|.}
{.while|chunk|{:
   {.load|{.^url.}|var=data|size={.^chunk.}|from={.^from.}.}
   {.if|{.length|var=data.}
      | {:{.append|{.^dest.}|var=data.}
         {.inc|from|{.length|var=data.}.}
        :}
      | {:{.set|chunk|0.}:}.}
:}|timeout=0.}

Could someone point me where is the fault?... :-\

19
Español / HFS en Español - Versiones beta
« on: December 05, 2017, 12:22:43 PM »
HFS en Español v2.3k #299 Beta [05-DIC-2017]

» Descarga:
https://www.4shared.com/s/f1CqBvhssei
http://www.mediafire.com/?2vv2yc76tv1dkpa

Code: [Select]
Nombre: HFS v2.3k Build #299 Spanish Beta [05-DIC-2017].rar
CRC-32: 0CA7F67A
   MD4: 6B7E71011E61419D304435B3F60EB01C
   MD5: D19336717A380BD874E592B1BA8EF411
 SHA-1: B775B108B31BB7FDFCB832D75B7F4022D555862F

Versión portable: Descomprima el archivo RAR en una carpeta nueva y listo.
Solo actualización: Para aquellos que hayan bajado exactamente ESTA versión preview y deseen actualizar a esta versión en español, pueden descargar y descomprimir ESTE archivo adjunto en la carpeta donde tienen instalado HFS, conservando asi toda su configuración actual (haz siempre una copia de seguridad antes de sobrescribir cualquier archivo).

» Basado en la 'compilación previa' de la próxima versión 2.3l (Build #300).

Que lo disfruten! :)
Leo.-
 

20
FHFS / FHFS: Is there going to be any update on this?
« on: August 29, 2016, 04:24:09 AM »
@Raybob: Is there going to be any update on this? Since in the HFS.ini of FHFS v2.1.3, the updates of the internal HFS (server.dll) are not automatic (update-automatically=no), it would be great to have an updated version with the last HFS v2.3i Build #297 running out-of-the-box. There are many users out there who are still using FHFS with a built-in outdated HFS v2.3d Build #292. And since there was a VERY important security update in this last version, many users may be exposed to hackers, like recently happened here. I understand that having the automatic updates disabled is to ensure everything keeps working/compatible with the rest of the FHFS code. I also understand that you may not want (or have the time) to be updating FHFS every time a new version of HFS is out, but this time is critical to have an update (since it fixed a "Remote Command Execution" exploit).

21
HFS ~ HTTP File Server / Changing HTTP response header
« on: May 22, 2016, 09:36:06 AM »
OK, I've started a new thread to keep this organized. This post started here, and the question was: How to change the HTTP response header "Server" (or any other string in the header) using Macros? ("Server" is a string that displays the name of the server, and it shows the HFS version). If you don't know what I'm talking about, use a Download Manager that show this info (for example, I'm using FlashGet).

Suggestions and examples are welcome. :)

22
Bug reports / [SOLVED] Uploading a MD5 file is forbidden?...
« on: March 13, 2016, 09:42:24 AM »
I think I've found a bug, since HFS says 'uploading a MD5 file is forbidden'. After doing an extensive search on this forum about "MD5" implementation on HFS, just to be sure this wasn't' posted before, I think there is a bug on HFS that prevents MD5 files to be uploaded...

> How this happened?...
The other day I was uploading a bunch of files to my server, and it was unable to upload a MD5 file. This doesn't have anything to do with the 'fingerprints' feature of HFS, since I have that option disabled (or at least it should not interfere with it). I've tried renaming the .md5 file to .txt, and HFS uploaded the file successfully. But having the .md5 extension, give the following error: "File name or extension forbidden.". This doesn't happen with any other checksum files (like .sha1, for example).

> How to reproduce the problem?...
1) Enable the 'Upload' feature to some real folder.
2) Using any browser (using the web interface), try to upload a ".md5" file to the server.
3) Bang! The file cannot be uploaded...

Here is a log...
Code: [Select]
00:28:13 192.168.0.101:1760 Requested GET /MyFolder/
00:28:13 192.168.0.101:1761 Requested GET /?mode=jquery
00:28:15 192.168.0.101:1761 Requested GET /MyFolder/New/
00:28:16 192.168.0.101:1761 Requested GET /?mode=jquery
00:28:29 192.168.0.101:1761 Upload failed for Test.md5: File name or extension forbidden.
00:28:29 192.168.0.101:1761 Upload failed Test.md5
00:28:29 192.168.0.101:1760 Requested POST /MyFolder/New/
00:32:45 192.168.0.101:1760 Requested GET /MyFolder/New/
00:32:45 192.168.0.101:1760 Requested GET /?mode=jquery
00:32:51 192.168.0.101:1770 Uploading Test.txt
00:32:51 192.168.0.101:1770 Fully uploaded Test.txt - 44 @ 0B/s
00:32:51 192.168.0.101:1770 Requested POST /MyFolder/New/

Here is an screenshot (cropped)...


I'm almost sure this bug/error has to be related to the 'fingerprints' feature. I can provide more details if you need them. To me, uploading .md5 files is important.

> EDIT: The "solution" for this, it's here. Thank you Rejetto.

23
Everything else / How to tell if an OpenVPN Client runs on a router?
« on: October 05, 2015, 04:24:36 PM »
Hi there! Sorry for this offtopic and technical question:

> How to tell if an OpenVPN Client runs on a router?

I mean, every internet browser has an "User Agent", but I can't find any information related to OpenVPN having an "User Agent". So, is there any way an OpenVPN Server may know if some OpenVPN Client is running on Linux, Windows, Android, etc?...

Why I'm asking this weird question? Because my VPN provider doesn't like that their VPN service be used from a Router (mainly, to avoid misuse, and to avoid abuse by sharing the service with others). Not my case. I DO NOT want to do this to "circumvent" their terms in ANY way, because I would like to use the router ONLY to make the configuration easier on my devices (I mean, only have to configure the router, and not every single device). Of course, to make happy my VPN provider, I'll connect ONLY ONE device at a time to that router (after all, my speed connection doesn't allow me to use more than that, since it's a wireless connection).

Sorry if it's a confusing question, but this is not something I can ask my VPN provider directly (to avoid any misunderstanding, or worse yet, having my account cancelled). So, my question is: if I run an OpenVPN Client on a router (with OpenWRT firmware), can I be 100% sure my VPN provider doesn't detect it? Does an OpenVPN client have an "User Agent"? (or any hardware/system identification string when makes its connection?). Anyone have an idea about this?...

Thank you people... :)
Leo.

24
HFS ~ HTTP File Server / Adding Remote Upload to HFS...
« on: July 20, 2014, 11:54:17 PM »
I'm always thinking new features that can be great for HFS. Like this one...

Remote URL upload: Upload files from remote servers directly to your HFS server.

Imagine you are on a mobile connection (or on the road), and someone has a file in his HFS server (or anywhere), and you want to upload it directly to your HSF server. Imagine you have a direct link that you know it will expire in a few hours, and you want to upload it to your server directly. All this can be done using Remote URL upload. Obviously this, like any other feature, can be disabled or password protected (and may come disabled by default). I think you know how this works. It's like "interconnecting" servers, a very cool feature. I think it may be easy to implement it, since it's not exactly about uploading a file. It's more about downloading a file, since your server will be downloading a file from a remote location and saving it in a local "shared" folder. And voila!...

Again, this is only a suggestion, not a request. There is no pressure at all, not obligation or whatever. My only wish is to put my "two cents" in this proyect, at least giving ideas. :)

In case you add this, it will be usefull to have an option to know the free space available in the server (or set a limit). Hope you like it!

Greetings!
Leo.

25
FHFS / FHFS v2.1.0 - First impressions...
« on: July 03, 2014, 08:16:17 AM »
OK! I've installed FHFS today (for the first time), and it looks totally great, and it's loaded with features (I really like it). But on my own testings, I did found things that must be changed or fixed. One thing is the fact that FHFS can't be used on LAN environments (without internet access). The installation doesn't even work without an internet connection.

So, I would like to make some suggestions for the next version 2.1.x you may release (listed in order of importance):

1) Making FHFS totally functional without making use of internet at all (for example, installation doesn't work without being connected to internet, so FHFS can't be used on LAN networks without internet access). It needs to load some files from Google (jquery.min.js), and I really don't like that (for privacy issues). I will post the link of those files at the final of this post. It also pings or loads something from filezilla-project.org (I don't know what, but I would like to have this disabled/removed too).

2) Adding an option to disable the "email" option totally, even from the installer (127.0.0.1/~installer) allowing to use accounts only with an Username and Password. And that for everyone: users and even the admin. This would make it easier to use on private LAN configurations. And since I know email is needed to password recovery, that can be easily replaced with a security question that needs to be set when an account is created. So, instead of asking for an email, it may ask for a Security Question and Security Answer (like any email provider does).

3) I don't see anywhere an option to change Admin's Username (once it was set). And if this is solved, FHFS may come preconfigured with a standard user and pass, that the user HAS TO CHANGE it later (I know that would make it less secure, but it will make it easier for new users). In that case, it may ask something like this: "Do you want to configure your admin account now (recommended), or use a preconfigured account (for testings)?". But this is not so important.

All the rest, went fine (I had some errors that I may report later if it continues, but none of them seems important). I see that FHFS has too much dependencies to my own taste (libraries that needs to be installed), but I know FHFS needs them all to run, so, that's not a big problem.

The links to Google are...
Code: [Select]
https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.24/jquery-ui.min.js
https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.24/themes/base/jquery-ui.css

Well, I know you are working in a new version, but I would love to see at least some last version with all these things fixed. There is no hurry, and I would like to make these changes by myself, but I don't have the enough knowledge, or don't know what files need to edit.

Thank you for your amazing work RayBob!. :)
Leo.

26
Programmers corner / Possible Unicode workaround to HFS 2.xx...
« on: May 12, 2014, 06:58:48 AM »
I think I may have a "workaround" to somehow solve this Unicode problem. I have the idea in my mind, but it's hard to explain, but I'll try my best. I will need direct interaction of Rejetto. First, I need to know some internal things about HFS. So, this is my first question:

- Is HFS able to internally "read" any file with unicode characters?. When I say "read", I mean read the file at low level, no matter the file name.

27
Programmers corner / Source Code: HFS v2.3a Build#289 Stable
« on: April 06, 2014, 06:20:28 AM »
Hi!, I was trying to download the sources of the last stable version from:

Code: [Select]
http://downloads.sourceforge.net/hfs/hfs2.3a_289.src.zip
...but there isn't such a file hosted on SourceForge.net and neither on any Rejetto's hosts. What is the correct link to download the latest stable source code?... ???

Quote
Ciao, stavo cercando di scaricare i sorgenti dell'ultima versione stabile da:

http://downloads.sourceforge.net/hfs/hfs2.3a_289.src.zip

...ma non c'è un file ospitato su SourceForge.net e né su web da rejetto. Qual è il link corretto per scaricare l'ultima versione del codice sorgente stabile?... Grazie! :)

Pages: 1 2