rejetto forum

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - LeoNeeson

Pages: 1 2
1
Everything else / Message to Rejetto: forum's email is broken
« on: July 24, 2024, 12:08:26 AM »
Hi!, this is a message to Rejetto. :) I have his email, but I don't want to bother him with this, so I use this space to report that the forum's email system is completely broken. The forum system DOES NOT send any email. This means the following:

- Users doesn't get notifications of new 'Private Messages', neither of emails sent through the forum.
- Users doesn't get notifications of new posts, in case they were subscribed to get email notifications.

- New users can't signup/register, since they can't get the verification link, sent by the forum via email.

» Summarizing: any email sent through the forum, is lost and never sent...

Since this forum is using "OVH Web Hosting", perhaps the following link helps you:
https://help.ovhcloud.com/csm?id=kb_article_view&sysparm_article=KB0052915

@Rejetto: I hope you can fix it, but there is no pressure on doing it.
Take the time you need, but please don't forget about it. ;)
Thank you, and sorry for opening this thread.

Cheers,
Leo.-

2
HFS ~ HTTP File Server / Warning: HFS v2.x has a severe vulnerability
« on: July 22, 2024, 08:16:08 PM »
Hi everyone! This is a notice to all the users of HFS version 2.x (I will call it 'HFS2' for making it short). Recently, a severe vulnerability (CVE-2024-23692) was found in HFS2 (known to affect HFS v2.4.0 RC7 and HFS v2.3m). This information was kept private until now, to give it time to find a solution, but now I think it's time to make this notice public. This is only an informational message to let everyone know about this. Anyone with Pascal/Delphi knowledge could contribute to finding a fix.

We are discussing how to patch it, here:
https://github.com/drapid/hfs/issues/3

You could contribute by submitting code fixes to the source code, either on GitHub or here in the appropriate forum section: Programmers corner (opening a new thread there or leaving a comment here on this very same thread). If we find a correct fix (and since Rejetto will not update HFS2 anymore), perhaps we can build an unofficial "community" version for those who can't upgrade to HFS3.

Let's keep HFS v2.x alive, and...
...please do not panic. ;)

Stay safe,
Leo.-

3
Everything else / Best DynDNS alternative: FreeDNS.afraid.org
« on: November 22, 2022, 08:46:34 AM »
Many users of HFS have asked in the past (on this forum), what is the best alternative to DynDNS, and from my own experience, nothing beats FreeDNS.afraid.org
(and this is NOT an advertisement, since I'm not getting paid for commenting this).

His owner (Joshua Anderson) is very friendly, and his services are trustworthy (he has more than 20 years of experience, working online since 2001). You can use it for free or by paying only $5 USD/monthly ($60/yr). Although I'm not a Premium member of them (since I currently can't afford it), I highly recommend it to anyone here, and I can't say enough good things about this service.

You can use your own domain (to delegate your DNS to them) and start using it to self-host content (for example, using HFS as server); or by choosing a subdomain from any of their 41,950 domains, which half of them, are only available if you are a paid customer (by getting a Premium Membership). But if your budget is tight, you can use a subdomain, and start using it for free, for as long as you want.

If you need any help to configure and use it with HFS, just leave a message here, and I will try my best to help you. :)

Cheers,
Leo.-

4
Programmers corner / Macros matching only a Content-Type
« on: November 12, 2022, 12:52:55 AM »
After reading this post, I have a hypothetical question about macros. I already know how to make a macro that match a file extension in a URL (for example: {.match|*.jpg;*.gif|%url%.}), but I don't know how to ONLY match a 'Content-Type' found in a header. (I've read the Wiki, but found nothing relevant to my question)

I've tried with the following, without success:

Code: [Select]
[pre-filter-request]
{.if|{.match|*text/html*|{.header|Content-Type.}.}|{:
{.add to log|Web page was served.}
{.add header|Expires: 1.}
:}.}

My idea is ONLY match requests, with any of these headers:

Content-Type:"text/html; charset=utf-8"

and/or

Content-Type:"text/html"

Do you know how to ONLY match a header, with a 'Content-Type' of 'text/html'?. I do NOT want to match files with *.html or *.htm extension (I repeat: I do NOT want to filter or match files by extension). The type of 'Content-Type' was only an example, but it can be any other type.

What am I doing wrong?... :-\

5
Programmers corner / Only one thing that wasn't released about HFS...
« on: October 21, 2022, 06:00:39 AM »
I totally agree!  100%
HFS should be completely independent!
Hi Rejetto! :D After reading this comment, I've realized there is only one thing that wasn't released about HFS: the PHP code that runs behind hfstest.rejetto.com (Self test). I guess it must be a very simple code (something that any PHP coder could easily replicate it). Anyway, if you could please share it, I would like to have it, to analyze and learn from it (I know it makes a 'ping' from your server to the user's IP, and then it gives a reply with a code).

Do you mind sharing it here? :) (or privately via PM)

Cheers,
Leo.-

6
Everything else / Leave here your holiday season's greetings!
« on: December 08, 2021, 06:30:05 PM »
Hi everyone! :D Like one big family, we all here helping each other when someone needs something, and this forum is the most important part of HFS. Perhaps someone may be more active than others, but every member takes an important part contributing according to his his own ability and knowledge.

This year Rejetto (and his new HFS version) was not very active, but his software is alive and kicking, like the first version. I know many of you may have very little free time, after all, December is always a busy month (as holiday activities approaches), and spending time at home with family and friends it's a priority.

Not everything is perfect (my personal life is still, economically talking, quite complicated), but at least I should be -somewhat- happy to be still alive (surviving these pandemic years), trying to be optimistic and adapting myself (in these times of constant changes). Sadly, the Covid is still a worldwide issue, and we should still take care and remain very cautious.

But the purpose of this thread, is simple wishing you all the best, opening a space where anyone could leave here his own message (leaving holiday season's greetings messages or anything you want!). Enjoy the holiday season!...



Cheers,
Leo.-

7
Bug reports / Bug: Logout function at server level [Fixed]
« on: April 25, 2020, 10:46:27 PM »
SOLVED!

» Edit #3 (12-05-2020): Now logout is 100% perfect on v2.4 Alpha 8.

» Edit #2 (09-05-2020): This was almost fixed by Rejetto on v2.4 Alpha 5.

» Edit #1 (07-05-2020): I had to edit the title (Confirmed bug: HFS doesn't discard previous auth sessions), because it seems some people have not understood it. Like the title says: HFS doesn't discard the 'session ID' of a authenticated user, when he logouts using a form-based login (we are talking about the 'logout' function at server level, and to reproduce the bug, the user must not use the native login function of the browser).



@Message to Rejetto, Mars, SilentPliz or any other Delphi/Pascal programmer:

• Steps to reproduce this possible bug:
1) Use default 2.3's template along with this form-based login (diff-template).
2) Create a user and have some shared folders protected with a password.
3) Open your browser and use the form-based login to authenticate (do NOT enter credentials on the browser's internal popup login, hit cancel on that popup window).
4) Open several password-protected folders, in several browser tabs, and navigate thought those sub-folders if you want.
5) Click on the 'Logout' button, change to another tab, and navigate on some password-protected resource (you will be automatically logged in again!).

» Why this is a HFS bug and not a fault in the template?...
Please follow the next steps and you will find how it SHOULD work: :)
A) Follow steps 1 to 5, but after clicking on the logout, temporary close HFS.
B) Open HFS again, and now try to navigate on some password-protected resource (you will NOT be automatically logged in!). Yay! :D This demonstrates that HFS is not discarding (in his memory) the association between some previously logged in USER and the session ID (SID) he used.

- You may say: but this could be solved on the client side by generating a new 'session ID' cookie. You are right, but if the user had several tabs open (or if he goes back in the browser history), he will be automatically logged in back again, and this is unwanted (and insecure).

- What this means?: This means that when this bug is fixed, no matter if you go back in your browser, once you logout you can't access any password protected resource anymore (no matter if you had multiple tabs open).

If you have any questions or difficulties on reproducing this, please ask me. This thread is open to anyone, so, don't be afraid to leave your question... ;)

Cheers,
Leo.-

8
HTML & templates / [Help] Making old template run entirely on Ajax
« on: April 16, 2020, 05:22:36 PM »
Hi people! :) I'm experimenting on making the old legacy template work entirely using Ajax/XHR requests, to avoid reload/refreshing/loading a new page. Here is my current work (download the old template here, or use the default template of HFS v2.3m, and replace the 'body' with the following code):

Quote
<body>
<!--{.comment|--><h1 style='margin-bottom:100em'>WARNING: this template is only to be used with HFS 2.3 (and macros enabled)</h1> <!--.} -->
{.$box panel.}
<div id="list-panel"></div>

<script type="text/javascript">
  var xhr = new XMLHttpRequest();
  xhr.open("GET", "/~list");
  xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
  xhr.onload = function() {document.getElementById("list-panel").innerHTML = xhr.responseText};
  xhr.onreadystatechange = function() {
    if (xhr.readyState == 4 && xhr.status == 200) {
      alert("XHR request OK");
    }
    if (xhr.readyState == 4 && xhr.status == 401) {
      alert("XHR request fail");
    }
  }
  xhr.send();
</script>


</body>

And here is a shorter version:

Quote
<body>
<!--{.comment|--><h1 style='margin-bottom:100em'>WARNING: this template is only to be used with HFS 2.3 (and macros enabled)</h1> <!--.} -->
{.$box panel.}
<div id="list-panel"></div>

<script type="text/javascript">
  var xhr = new XMLHttpRequest();
  xhr.onreadystatechange = function() {
    if (this.readyState == 4 && this.status == 200) {
      document.getElementById("list-panel").innerHTML = this.responseText;
      alert("XHR request OK");
    }
  };
  xhr.open("GET", "/~list", true);
  xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
  xhr.send();
</script>


</body>

The XHR request work (I'm temporally using an 'alert' to be sure), but the files are not show. I'm sure my code is wrong. The %list% variable fails (doesn't get executed, since, if I'm not mistaken, %list% is meant to run on the server side, but the XHR is run on the client side). I don't know what to change to make this work, but I'm open to listen your suggestions...

This was requested and discussed a long time ago (here), and there Rejetto suggested a way more elegant (shorter) Ajax code. So, feel free to suggest a more pure Ajax-jQuery code, as long it work on old browsers (to support the same old browsers that this old template supported). Please avoid using ES6 (like 'promises', or anything not supported by legacy browsers). My objective is to use JavaScript code compatible with jQuery v1.4.2 (or the most "pure" plain vanilla JavaScript as possible).

I don't want to redesign the old template, only to make it entirely run on Ajax, so the changes must be as minimal as possible. Anyone feel free to collaborate, this post is open to everyone. ;)

Cheers,
Leo.-

9
Everything else / Something about me...
« on: October 05, 2019, 09:06:33 PM »
Hi everyone! :) I was afraid to login and find thousands of unread topics and emails (but I had to do it one day or another). I've received personal messages from some of you, and I really thank you for thinking on me, and worrying about my life (I truly appreciate it).

About my physical (medical) life "I'm fine", but with "very high financial problems" (and it's going worst every day). In the last 6 to 9 months my economic life changed almost 180 degrees, and that left me with very little free time (too much work, too much stress and way less money than before). Anyway, don't worry, there is nothing you can do to help me, and I'll try to somehow overcome this situation.

My enthusiasm about HFS (and helping people on the forum) is intact, but sadly, for the time being is impossible for me (given my lack of spare time) to actively participate on the forum. @SilentPliz: I will continue working on what I promised to do, but without a 'delivery' date.

I hope you are all well, and I encourage all of you to keep going.

Cheers,
Leo.-

10
Español / [Tutorial] Cómo compilar el código fuente de HFS
« on: November 21, 2018, 09:00:23 AM »
[Tutorial] Cómo compilar el código fuente de HFS

Por primera vez en la historia de este foro, me gustaría compartir con ustedes el proceso de compilar el código fuente de HFS, de la manera más simple posible para que cualquiera de ustedes pueda realizarlo sin problemas. Se recomienda previamente ver ESTE video tutorial (en formato GIF animado, de 1,56 MB que también puedes descargar de aquí), para poder previsualizar en apenas 5 minutos todo el proceso completo. Luego puedes seguir las instrucciones que dejo a continuación.

Simplemente sigan estos pasos:

1] Descarga el 'Portable Turbo Delphi Lite v1.0d', de aquí.
2] Descarga el 'Paquete de componentes' requeridos HFS, de aquí.
3] Descarga el 'Código fuente' de la última versión de HFS, de aquí.
4] Instala y/o descomprime el ejecutable del paso uno, en: C:\Portable\TDLite
5] Descomprime el archivo del paso dos, en esta carpeta: C:\Portable\TDLite\lib
6] Descomprime el código fuente de HFS, del paso tres, aqui: C:\Portable\TDLite\Projects\HFS
7] Inicia Turbo Delphi abriendo "TDrun.exe" o utilizando el acceso directo del escritorio.
8] Ve al menú 'Tools' y haz click en 'Options...' y se abrirá una nueva ventana.
     Allí, ve a: 'Environment Options' > 'Delphi Options' > 'Library - Win32'.
     Ahora en 'Directories' > 'Library path:' reemplázalo con la siguiente ruta:

Code: [Select]
$(BDS)\lib;$(BDS)\lib\Obj;$(BDS)\Imports;$(BDS)\lib\DelphiZLib.128;$(BDS)\lib\FastMM4991;$(BDS)\lib\GifImaged2010b;$(BDS)\lib\JCL1_22\source;$(BDS)\lib\Kdl32;$(BDS)\lib\OverbyteIcsV7Gold\Delphi\Vc32;$(BDS)\lib\TRegExpr\Source;$(BDS)\Projects\HFS;
9] Ahora ve al menu 'File' y haz click en 'Open Project...' y abre el archivo 'hfs.bdsproj'.
10] Luego ve al menu 'Project' y haz click en 'Options...' y se abrirá una nueva ventana.
       Allí, haz click en 'Compiler Messages' y luego en 'Warnings', desmarca o deselecciona los siguientes items:

Code: [Select]
    - Deprecated Symbol
    - Platform Symbol
    - Return value of function might be undefined

(Este paso número 10 es enteramente opcional, pero se recomienda hacerlo. Si no lo haces, encontrarás 32 o 33 advertencias ó 'Warnings' de Delphi, al momento de compilar, pero ésto no afecta en absoluto el proceso de compilación y obtendrás el mismo y funcional ejecutable. Éstas advertencias no son importantes, sino informativas).

11] Finalmente, ve al menu 'Project' y haz click en 'Build hfs' y todo se compilará.
       Una vez compilado, verás (en un texto en negrita): 'Done: Build All', haz click en 'OK' y habrás concluído.
       Encontrarás tu nuevo ejecutable hfs.exe en ésta carpeta: C:\Portable\TDLite\Projects\HFS

12] Que lo disfrutes! :)

Si necesitas un programa para descomprimir, puedes utilizar 7-Zip.

Si necesitas o deseas instalar todo en otra carpeta (para tener todo en un pendrive USB), es mejor que completes los pasos uno al seis desde las ubicaciones indicadas, y que luego antes de efectuar el paso siete, muevas toda la carpeta al dispositivo USB que quieras. De ésta manera, te aseguras de no equivocarte con las ubicaciones de carpeta. Desde luego, si eliges otra carpeta deberás cambiarla en todos los pasos, EXCEPTO que no debes modificar la ruta del paso ocho (ya que el programa auto-detectará la nueva ubicación).

» RENUNCIA DE RESPONSABILIDAD: No me hago responsable de ningún daño o desconfiguración de su PC. Siempre haga una copia de seguridad primero y tenga en cuenta que este tutorial se realizó en una computadora con un Windows recién instalado. Si ya tiene instalada alguna versión de Delphi, tenga en cuenta que ejecutar esta versión portátil de 'Turbo Delphi' podría ocasionarle problemas (así que evite usarla en una PC con Delphi instalada). Mis archivos subidos no fueron modificados por mí, y están libres de virus, pero debe comprobar las sumas de verificación MD5 para asegurarse que los archivos que ha bajado sean los mismos:

Quote
hfs2.3m.src.zip / MD5: AE2C3025B36FFF2BC72DB5FF7784C4BD
HFS.Libraries.zip / MD5: 7751002A930B7C211BFC1F9C7AA1853C
PortableTurboDelphiLiteInstaller10d.exe / MD5: 9B24FA6BD91FAF9ACA8AEA78B90AEF07
(Puedes utilizar el freeware HashCheck para verificar las sumas de comprobación MD5 de los archivos que has descargado)

» HFS.Libraries.zip / Enlaces de descarga:
https://www.4shared.com/s/fsY2jRS7Tda
http://www.mediafire.com/?z32tkfzezfx36i7

Siéntete libre de dejar cualquier comentario o pregunta si tienes alguna duda, y por favor reporta cualquier error o problema que encuentres al momento de compilar. Se aprecia todo tipo de comentarios, críticas constructivas, o sugerencias de cualquier tipo (tu comentario me da más ánimo para seguir publicando nuevos tutoriales).

Saludos,
Leo.-

11
Programmers corner / [Tutorial] How to compile the HFS's Source code
« on: November 21, 2018, 07:04:05 AM »
[Tutorial] How to compile the HFS's Source code

As the result of this, and for the first time ever, I would like to publish the complete process of compiling the HFS's Source code (as simple as possible, step by step, so everyone could do it). It's recomended to watch first THIS video tutorial (download size: 1.56 MB, in GIF format), to see the enterelly compilation process. Then, just follow these steps:

1] Download 'Portable Turbo Delphi Lite v1.0d', from here.
2] Download the 'Library pack' required by HFS, from here.
3] Download the latest 'Source code' file of HFS, from here.
4] Install and/or unrar the exe of the step one, on: C:\Portable\TDLite
5] Unzip the file from the step two, on this exact folder: C:\Portable\TDLite\lib
6] Unzip the source code file of HFS, from step three, here: C:\Portable\TDLite\Projects\HFS
7] Start Turbo Delphi by opening the file "TDrun.exe" or using the shortcut on your desktop.
8] Go to the menu 'Tools' and click on 'Options...' and the 'Options' window will open.
     There, on go to: 'Environment Options' > 'Delphi Options' > 'Library - Win32'.
     Now on 'Directories' > 'Library path:' replace it with the following path:

Code: [Select]
$(BDS)\lib;$(BDS)\lib\Obj;$(BDS)\Imports;$(BDS)\lib\DelphiZLib.128;$(BDS)\lib\FastMM4991;$(BDS)\lib\GifImaged2010b;$(BDS)\lib\JCL1_22\source;$(BDS)\lib\Kdl32;$(BDS)\lib\OverbyteIcsV7Gold\Delphi\Vc32;$(BDS)\lib\TRegExpr\Source;$(BDS)\Projects\HFS;
9] Go to the menu 'File' and click on 'Open Project...' and locate the file 'hfs.bdsproj'.
10] Go to the menu 'Project' and click on 'Options...' and the 'Project Options' will open.
       There, click on 'Compiler Messages' and on 'Warnings', uncheck the following items:

Code: [Select]
    - Deprecated Symbol
    - Platform Symbol
    - Return value of function might be undefined

(This entirely step 10 is optional, but recommended. If you don't do it, you will encounter 32 or 33 Warnings on compiling time, but this doesn't affect the compilation process and you will get the very same functional executable. Those warnings are not important, but informative).

11] Finally, go to the menu 'Project' and click on 'Build hfs' and wait the process to finish.
       Once finished, you will see (in bold text): 'Done: Build All', click on 'OK' and it's done.
       You will find the new executable hfs.exe on this folder: C:\Portable\TDLite\Projects\HFS

12] Enjoy! :)

If you need a tool to unzip/uncompress, you can use 7-Zip.

If you want to use another folder path location (for example to run it from a USB drive), it's better you complete steps one to six from those locations, and then move that folder to the USB before running step seven. This way, you don't mess up with folder locations. Of course, if you choose another folder, you need to change the path in all the steps, but do NOT change the path of step eight (since it will auto-detect the new location).

» WARNING: the instructions and libraries found on this post are outdated, since latest HFS versions were compiled using the new Delphi 10.3.3 Community Edition. My instructions were only valid to old HFS versions (up to v2.3m). Instructions could have changed since then, and now you have to use the latest libraries listed here. This post will be updated on the future.

» DISCLAIMER: I'm not making me responsible for any damage or miss-configuration on your PC. Always backup first, and keep in mind this tutorial was done on fresh installed Windows computer. If you already have any version of Delphi, running this portable version of 'Turbo Delphi' could lead you to problems, so avoid using it on a PC with Delphi installed. My uploads are untouched and virus free, but you must re-check that the MD5 file checksums are the same, as follows:

Quote
hfs2.3m.src.zip / MD5: AE2C3025B36FFF2BC72DB5FF7784C4BD
HFS.Libraries.zip / MD5: 7751002A930B7C211BFC1F9C7AA1853C
PortableTurboDelphiLiteInstaller10d.exe / MD5: 9B24FA6BD91FAF9ACA8AEA78B90AEF07
(You could use the freeware HashCheck to verify the MD5 file checksums)

» HFS.Libraries.zip Download link:
https://www.4shared.com/s/fsY2jRS7Tda
http://www.mediafire.com/?z32tkfzezfx36i7

Feel free to leave a comment or ask any question if you have doubts, and also report if you find any problem when compiling, or if you need further help.

Cheers,
Leo.-

12
Programmers corner / [Solved] Friendly petition to Mars or any programmer
« on: November 14, 2018, 09:45:44 PM »
Since a long time I wanted to build HFS by my self, and recently I've found this 'Portable Turbo Delphi Lite v1.0d' here. But that's not enough, since I need all the library components listed on 'developer notes.txt' (but I've read here in various posts on the forum, that the configuration and installation of those components is not very straightforward and it's prone to give errors on compiling time).

I rarely ask for help, but this time I'm asking to someone who already had compiled HFS, the following...

@Mars/Anyone: Could you please provide me the ./lib folder (with all the components included, and with everything ready to compile HFS, including the configuration file 'TDrun.reg' of your 'portable Turbo Delphi' folder?...

@Mars: Over the years, you have many times proposed excellent code changes and enhancements that some of them were later discarded or not used by Rejetto. That's why I would love to have your own custom modified HFS source code, since it could contain many of those interesting changes that were not included on the final version of HFS. So, Mars: would you be kind enough to share with me your the source code of HFS with the custom modifications done by you?. This is a very small file (that you could even attach in this thread), or send me a download link in a private message, if you don't want to keep it public. If you don't like to share it with me, it's OK, I will accept your answer, but please don't give me an ironic 'wait, wait and wait' response.

Cheers, :)
Leo.-

13
HTML & templates / Old default template for new and legacy browsers
« on: November 05, 2018, 07:00:25 AM »
Since Rejetto has updated the default template of HFS v2.4 to a new responsive mobile-friendly version (and also have updated jQuery from v1.4.2 to v1.12.4), I decided it's time to release a specially modified version of the old default template you found on past HFS versions, up to v2.3m, supporting both new and legacy browsers. The only modification I did is embedding the old jQuery v1.4.2, and the rest of the code is untouched. This file was taken from the source code of v2.3m (default.tpl).

You can use this old default template (that's attached to this post) on HFS v2.4 and newer versions too, but keep in mind that Rejetto only gives support to browsers not older than JAN/2006 with some exceptions (as he stated here), so keep in mind that the use of this template is officially unsupported (and unless Rejetto says otherwise, I'm currently the only one who gives support for it, but rest assured this template is rock-solid stable).

In the case you use an old custom template (that makes use of old jQuery) on a legacy browser (older than 2016), you will need to make the following modification, simply replacing this text (marked in red):

Quote
<script type="text/javascript" src="/?mode=jquery">

...to the following text (marked on green color):

Quote
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js">



Or if you want to make it work offline (because you use HFS on a LAN, without internet access), the modification is more complex (and is exactly the same modification I did on the attached template), and you need to use this:

Quote
<script type="text/javascript" src="/?mode=section&id=jquery.js">

And also add the following text, before this section: [file=folder=link|private]

Quote
[jquery.js|no log|cache]
/* Copy and paste here the contents of the jQuery v1.4.2 file */



If you have any doubts, use as reference the template attached to this post, or feel free to ask me for help, by leaving a message here, in this post (the support I'm giving is limited only to make work the old jQuery v1.4.2 with your template, and nothing else). If your template doesn't use jQuery at all, you don't need to make any modification. An alternative to this template, is using 'The really fast Throwback (retro) template' made by danny.

Enjoy! :) ...and don't forget to leave a comment if you find this useful!
(and thanks to Rejetto for making it the default template for almost 8 years)

Code: [Select]
File: legacy-template.tpl
MD5: 048E8A2A4A4F6AA8D6B544A24CECE11F

Cheers,
Leo.-

14
EDIT: As reference, I comment this thread was started here and then moved here. The idea started after reading the code of mobil-light_V4.2beta.zip by dj (thanks him for the inspiration, Mars for the actual code implementation that you will find below, and Rejetto, because he took this idea into consideration). Now it follows the original post...



Offtopic: Reading your template, I always wondered is a file section (in the HFS template), could store a file encoded in Base64, and that be decoded by the server on-the-fly (delivering the decoded output).

I see you have write this:

Code: [Select]
[mystyle.css]
{.mime|text/css.}
a {text-decoration: none}

...and I expected this to deliver the same output (but it doesn't):

Code: [Select]
[mystyle.css]
{.mime|text/css;base64.}
YSB7dGV4dC1kZWNvcmF0aW9uOiBub25lfQ==

I already know that is possible to directly write Base64 code, like this:

Code: [Select]
<link rel="stylesheet" type="text/css" href="data:text/css;base64,YSB7dGV4dC1kZWNvcmF0aW9uOiBub25lfQ==" />
But I was wondering if is it possible make HFS decode Base64 'on-the-fly' using a macro like: {.mime|text/css;base64.}

Also, neither of the following works:

Code: [Select]
[mystyle.css]
{.base64|YSB7dGV4dC1kZWNvcmF0aW9uOiBub25lfQ==.}

Code: [Select]
[mystyle.css]
{.base64decode|YSB7dGV4dC1kZWNvcmF0aW9uOiBub25lfQ==.}

I'm curious to know if this is possible using macros. ???

15
Programmers corner / Adding Two-Factor Authentication (2FA) to HFS
« on: September 23, 2018, 01:16:24 AM »
Since HFS currently depends only on a primitive and weak HTTP/1.1 login system (where unless you use SSL, the password travels in clear text, encoded in Base64), I was thinking it would be nice if HFS implements a simple Two-Factor Authentication system (also known as TOTP or 2FA). This system is a time-based password algorithm (which change every 30 seconds), added on top of the current login. This way, if someone steals the user/pass, they could not get through the TOTP/2FA system (since the 2FA would prevent the access to your private account and files, even if they know the password).

- How this works on the server?
The server needs to generate a secret key (only once, when setting up the 2FA), and it would store that secret key (encoded in Base32) along with the user/pass (I'm always talking about the server part). At user/client level, when TOTP is enabled on HFS, it should check if the credentials (user/pass) are correct first, and then if they are valid it should ask for the 2-Factor Authentication Code. To make this work (like I've said), HFS should store (along with the username and password) the 2FA 'secret key' needed to generate the 2FA time-based codes. The rest of the work flow (at server level) can be read here. To end-users, I guess most of you know how the Two-Factor Authentication works, since Gmail already use it since several years (check out this, if have any doubts).

- Implementing TOTP on HFS using a free Delphi library
After a deep search, I've found a small Delphi/FreePascal/Lazarus library, that could make easy the implementation on HFS: https://github.com/nikosdion/timecode

And now that version 2.4 is on beta test (and since HFS is doing a step from v2.3 to v2.4), I think is a great time to make the server a little more secure by default. I hope Rejetto like and welcome the idea, and if anyone here could collaborate at code level to make this works on HFS, it would be great :) (this is only a suggestion, not a petition to add it).

Cheers,
Leo.-

Pages: 1 2