Then i decided to try to go for Delphi 10.3.3, that is the latest free version (it's callled "community edition").Happy to have some news from you! :)
this version of delphi can't working on Windows XP :'(Sadly, I can confirm this... :(
[Pascal Error] hslib.pas(302): E2004 Identifier redeclared: 'chop'
[Pascal Error] hslib.pas(307): E2004 Identifier redeclared: 'chop'
[Pascal Error] hslib.pas(317): E2003 Undeclared identifier: 'Tbytes'
[Pascal Error] hslib.pas(361): E2004 Identifier redeclared: 'includeTrailingString'
[Pascal Error] hslib.pas(501): E2008 Incompatible types
[Pascal Error] hslib.pas(514): E2008 Incompatible types
[Pascal Error] hslib.pas(536): E2003 Undeclared identifier: 'utf8ToString'
[Pascal Error] hslib.pas(562): E2003 Undeclared identifier: 'charInSet'
[Pascal Error] hslib.pas(611): E2004 Identifier redeclared: 'chop'
[Pascal Error] hslib.pas(626): E2004 Identifier redeclared: 'chop'
[Pascal Error] hslib.pas(639): E2004 Identifier redeclared: 'chopLine'
[Pascal Fatal Error] hfs.dpr(51): F2063 Could not compile used unit 'hslib.pas'
Let me know if you find things not working please.Warning: using latest HFS 2.4rc5 (302), if you are upgrading, your old VFS file could get corrupted! This is the error I've got once, when HFS starts:
license is limited to 1 yearSummarizing (and take this only as suggestion, not a request), if I were Rejetto, I would give the 'jump' to Lazarus v2.0.6 (https://sourceforge.net/projects/lazarus/files/Lazarus%20Windows%2032%20bits/Lazarus%202.0.6/) which is the latest version being XP compatible, and is much modern than using the old Delphi 2006 (Lazarus has unicode support (https://wiki.lazarus.freepascal.org/Unicode_Support_in_Lazarus) available since Lazarus v1.6.0). Lazarus uses FPC (Free Pascal Compiler), and it's mature enough to be as good as any other commercial compiler. So, besides getting unicode support, I don't see why upgrading to Delphi 10 would be beneficial (well, anyway is Rejetto's choice, he is the boss, and he has the fiinal word on this, and I respect it).
The evolution of hfs will be more convincing with a more 'modern' delphi...I totally agree. I always had in my mind that sooner or later a 'fork' would be needed for legacy systems (like Windows XP). It's OK for me having a fork (or compiling my own version, in case it's required). But currently, for legacy systems we still have your own version (http://rejetto.com/forum/index.php?topic=10242.0), so, for as long you keep compiling it with the old Delphi, there is an alternative for those with old systems (like Mars and myself) :)
We can always continue as much as possible the 'forks' of hfs with delphi 2006.
i had to disable the translation system, the one we added recently, as it was not compatible
this version of delphi can't working on Windows XP :'(
license is limited to 1 year
Some patches https://developpeur-pascal.fr/p/___00c-les-patchs-a-installer-sur-la-version-rio-1033-de-delphi-c-builder-et-rad-studio.html (https://developpeur-pascal.fr/p/___00c-les-patchs-a-installer-sur-la-version-rio-1033-de-delphi-c-builder-et-rad-studio.html)
find attached the changes of rc4Thank you! :) (I'll check it later)
i had to disable the translation system, the one we added recently, as it was not compatibleDon't worry, perhaps you will find another alternative in the future.
i made an attempt with lazarus, but i'm stuck trying to compile ICS with fpc.Yes, it seems latest ICS-V8.58 is not compatible with FPC. In case you or someone else is interested on compiling it with Lazarus, the last compatible version, is ICS-V5 (http://www.overbyte.eu/arch/OverbyteIcsV5.zip), according to THIS (http://lists.elists.org/pipermail/twsocket/2016-February/046568.html) message: "It compiles with version 5 (2005-07 (https://web.archive.org/web/20051230164717if_/www.overbyte.be/arch/ics.zip)) and only if you include the units and create objects and events manually."
if anyone is willing to make this other porting i will see what i can do, at the moment my spirit is already worn out but delphi10.
If/when i have more time i would like to try to see if i can use delphi's socket lib instead of ics, and have less dependencies.Perhaps that could help to make sources being easily compilable on Lazarus (since latest ICS is not compatible with Lazarus/FPC). We look forward to new changes that you could bring on the future using Delphi 10 (my best wishes on that). ;) 8)
Don't worry, perhaps you will find another alternative in the future.
but, I did not manage to login (locally) with FF & Chrome...
and the password field in hfs Others Options > users account is inaccessible (invisible).
move(idxS[1], result[p], length(idxS));
I think this should be asMoveChars(idxS[1], result[p], length(idxS));
Hi Rejetto! This is a great news that you start using github.
I'm not sure what you mean by too late to founding my post? 3 years - it's not too much :)
But as I see you are only at the beginning of rewriting hfs to full Unicode support.
As per my understanding, all AnsiString should be divided into String ot RawByteString.
Because AnsiString is not the same as was String in pre-unicode Delphi.
AnsiString is a codepaged string and it can be even MultiByteString. And that makes it very dangerous to use for unknown incoming bytes.
Code: [Select]move(idxS[1], result[p], length(idxS));
I think this should be asCode: [Select]MoveChars(idxS[1], result[p], length(idxS));
It would be great if you could compare your code with mine.
I had to make a big changes because of TreeView unpredictable self-reorganization (all nodes are recreated when monitor is disconnected).
As you made your work as public, it would be great if you added your coding-standards.
...but GUI (built-in) texts got mad. Setting the meta charset of the template/webpage is useless to the problem.
With problems above users may feel more uncomfortable than using old version... :(Could you please post a screenshot of how it looks on v2.3m, v2.4 RC4 and v2.4 RC5? (to easily spot the problem). I'm sure some screenshots could give a better picture of the problem (you can upload them on Imgur or as forum attachments).
I wish this could be solved. I hope Rejetto could entirely review the login and logout (internal) functions, specially the logout, as it's being discussed here (http://rejetto.com/forum/index.php?topic=13286.0). Perhaps if he do some changes, your problem could be also solved.
- Though the usernames in HFS now saved as Unicode, when I attempting to login as a Chinese username, with takeback template (comes with the alternative login form ver2 by Leo (http://rejetto.com/forum/index.php?topic=13054.msg1065523#msg1065523)) I got "this user does not exist" again as the same as in 2.3m, and with the default template I got a "400 - bad request" then no page on my site can be accessed with that error code...
but GUI (built-in) texts got madsave your tpl as "UTF8 with BOM" helps (working example (http://rejetto.com/forum/index.php?topic=11754.msg1065605#msg1065605) of my tpl)
save your tpl as "UTF8 with BOM" helps (working example (http://rejetto.com/forum/index.php?topic=11754.msg1065605#msg1065605) of my tpl)
It seems that currently the work of rejetto on hfs 2.5 is access on the rewriting of the basic functions, in order to find the good functioning of hfs not only in unicode, but also it aims to adapt it to the new 'compiler' requirements.
Hey, I did a simple test with 2.4 rc5 (alpha 3) for the Unicode problem with my takeback template (http://index.php), but still found something worked wrongly:
The takeback template with Chinese language set even works well in rc4, but get a mess-code problem in rc5: File names are still well, even Korean file names are shown because of the Unicode update, but GUI (built-in) texts got mad.
I got "this user does not exist" again as the same as in 2.3m, and with the default template I got a "400 - bad request" then no page on my site can be accessed with that error code...
If this is really hard-as-rock, the Unicode username problem can be put off, since a person with a wide-enough knowledge and technical skill will always try to adapt to a thing rather than always require the thing to change.
save your tpl as "UTF8 with BOM" helps (working example (http://rejetto.com/forum/index.php?topic=11754.msg1065605#msg1065605) of my tpl)
997/5000
I have very very good news to announce
cool, thanks. Maybe the best solution is to totally remove the font settings from the DFM files ? can you try that way?
If you find the latest version to not work like this, please tell me.
Should we start a new topic for the Unicode problem? If we are really going to say this here, it may confuse many ones due to how complex the encode problems are...
First is the page encode problem, on alpha4 with Takeback (saved as utf8 without BOM), it will not mess-code, but the last utf8 char in a string seems got sliced from its raw data...
文件名 (0) 修改日期 大小
Please verify that you have a clean situation before making the test, and if the problem persists then give me information and files i need to reproduce the problem on my computer.There's also another thing I want to say: the end of line sequence (Windows as CRLF, Unix as LF) before alpha4 the eol sequence is not so necessary, but in alpha4 when I save my template with LF it also gets a messcode(same as with BOM or ANSI)...
On alpha4, as 會 it still stays there with "receiving", but as 老八 I successfully logged in.
Edit: I see the login(signin) of my template is unstable in certain condition in alpha4, sometimes the logout works, sometimes cannot login... But give me more time to test them again first...
I tried many times to download alpha5 but failed, since the speed is too slow.
I run these alpha versions mostly with Ctrl & Shift pressed, thus no configuration was loaded.
I managed to find the origin of the problem, you have to go into the design of the main.not and modify all the font sizes by increasing them by 2 pixels each, compile the project then return to the normal size of all fonts
i tried as you said, but i noticed that the only change in the DFM file was to add "ExplicitLeft". Strange. Maybe i didn't do it in the right way. I did it only for the main form now, if someone will confirm that it's working i'll do it for the other windows.
naitlee, can you guide me on how to reproduce the problem?
do you think it's possible to do also with default template?
i tried as you said, but i noticed that the only change in the DFM file was to add "ExplicitLeft". Strange. Maybe i didn't do it in the right way. I did it only for the main form now, if someone will confirm that it's working i'll do it for the other windows.On Windows XP it looks the same on v2.4-alpha06 as v2.4-alpha05. It continues to have bad graphics.
I have very very good news to announcePerhaps you could share with Rejetto all the changes needed...
[...]
So the latest sources can be compiled on a delphi XE2 running under Windows XP
On Windows XP it looks the same on v2.4-alpha06 as v2.4-alpha05. It continues to have bad graphics.
Perhaps you could share with Rejetto all the changes needed...
I may be able to make tests using a VM with XP.How to add an XP Mode Virtual Machine to Windows 10 (https://www.download3k.com/articles/How-to-add-an-XP-Mode-Virtual-Machine-to-Windows-10-or-8-using-Hyper-V-00770) (Another guide here (https://www.tenforums.com/tutorials/135551-hyper-v-add-windows-xp-mode-virtual-machine-windows-10-a.html)) ;)
Can someone reproduce this?... :-\
I think the key is that mars used a different delphi version
sigh..... i suspected what i did was not enough. Maybe mars could give me its main.dfm, but that may also be not enough.
I may be able to make tests using a VM with XP.
what is different from the original version is the addition where it seems necessary to have
Font.Charset = DEFAULT_CHARSET
Font.Color = clWindowText
Font.Height = -12
Font.Name = 'Tahoma'
Font.Style = []
ParentFont = False
I did a easy test with alpha6, no messcode anymore ;)
But the login problem seems severe, just like everyone said here.
the login problem is silly, and i fixed it very easily, but then had a lot of more work to do for other stuff.Cool! I had done the same tests as NaitLee, with some "é" and "à" and "e" and "a" :D ... for the same results (but now I know the vowels better). ;)
You'll see it fixed in next release, don't worry.
NaitLee
If rejetto's link is always problematic for you ... you can use the link I gave you yesterday ... I updated it.
Something mentioned by Leo before: After logout, the user's login information expires after the last marked connection (username@IP) ends.Woohoo! (https://www.dictionary.com/browse/woohoo) :D At least someone was able to reproduce the issue!! (for those reading this post, this small issue is described here (https://rejetto.com/forum/index.php?topic=13286.msg1065626#msg1065626) and here (https://rejetto.com/forum/index.php?topic=13286.msg1065676#msg1065676)). I didn't wanted to bother Rejetto anymore with such a small issue (he is overloaded porting version 2.4 to Delphi 10), but the issue it's still present. I consider this is not very important (since after 30 seconds, the logout is effective), but perhaps if Rejetto could do some extra tweaks, then this could be totally and absolutely perfect. But Rejetto, please don't feel pressured, if can be solved, good, but if not, don't worry... :)
If I login as a user who have only access to a folder, then enter that folder, logout, back, there leaves an idle connection, and I still opened that page. This keeps the user not truly logged out.
After this, I copied that page to another tab, and I can access that one too.
So, if I keep refreshing the half-logged out page (eg. with a setInterval()), I can still access other pages with my session before logout, the session never expires until that connection is kicked.
it's 2020 and you just got the logout buttonWoohooo!! :D (x2) Now that's big news!!! ;D This day marks a new hit on HFS life. You should be very proud of what you have done (I'm sure v2.4 would be a total success when goes stable to the general public). I'm also very happy of your change to mode=login and mode=logout (it makes template designers life easier). :)
https://github.com/rejetto/hfs2/releases/tag/v2.4-alpha08
the default template will use this.I've quickly tested hfs24pre08 (https://github.com/rejetto/hfs2/releases/tag/v2.4-alpha08), and the default template still comes without this (so, I guess it will come out on some next build). It would be nice if it get displayed (as dropdown), the same as the current search button display the search box. I haven't tested the mode=login and mode=logout yet (I will have to look in the source code to see how it works), but if a working example is left on the forum, anyone will be able to test this. :)
thanks mars. I'll try "parentfont=true", so that the font is just one.I do not know if it is an oversight but with parentfont = true which is the default value it does not work, for each component accepting a custom FONT it is absolutely necessary to put parentfont = false everywhere, which also has the consequence of add the other lines to the dfm
I've quickly tested hfs24pre08 (https://github.com/rejetto/hfs2/releases/tag/v2.4-alpha08), and the default template still comes without this
function changePwd() {
{.if|{.can change pwd.}
| ask(this.innerHTML, 'password', function(s){
s && ajax('changepwd', {'new':s}, getStdAjaxCB(function(){
showMsg("{.!Password changed, you'll have to login again..}")
location = '~login'
}))
})
| showError("{.!Sorry, you lack permissions for this action.}")
.}
}//changePwd
Because It (https://developer.mozilla.org/en-US/docs/Web/API/Crypto/subtle) is available only in httpsNow time to add https... (https://i.imgur.com/xNUXCkq.gif) (just joking)
always the same aspect, bug still present :-[
I reloaded the exe but I wonder if you put the last one with the right dfm
I quickly tested the new login system.
It works with localhost, but not with http://192.168.137.1/
the password change method is to be reviewed because of the redirection to ~ login
in hslib.pas part of WWW-Authentificate can be removed ??
I couldn't get this version to work: :-\
open in browser > /root = connected, but display only a blank page.
open in browser > http://192.168.0.17/aaa/textfile.txt (http://192.168.0.17/aaa/textfile.txt) display the native browser authentification box, ID+PASSWORD doesn't work.
yes, when the root is protected it doesn't work. Working on it.
while assigned(f) do
begin
break;
.....
Thu May 14 00:35:22 2020 Connecting 192.168.212.1 [IP=192.168.212.1:80]
Thu May 14 00:35:22 2020 Connected.
Thu May 14 00:35:22 2020 GET /favicon.gif HTTP/1.1
Thu May 14 00:35:22 2020 Host: 192.168.212.1
Thu May 14 00:35:22 2020 Accept: */*
Thu May 14 00:35:22 2020 Referer: http://192.168.212.1
Thu May 14 00:35:22 2020 User-Agent: FlashGet
Thu May 14 00:35:22 2020 Pragma: no-cache
Thu May 14 00:35:22 2020 Cache-Control: no-cache
Thu May 14 00:35:22 2020 Authorization: Basic dGVzdCUzQXRlc3Q=
Thu May 14 00:35:22 2020 Connection: close
Thu May 14 00:35:22 2020 HTTP/1.1 401 Unauthorized
Thu May 14 00:35:22 2020 Content-Type: text/html
Thu May 14 00:35:22 2020 WWW-Authenticate: Basic realm="Invalid login"
Thu May 14 00:35:22 2020 Accept-Ranges: bytes
Thu May 14 00:35:22 2020 Set-Cookie: HFS_SID_=UmVqZXR0b0lTYUdlbml1cw; path=/; HttpOnly
Thu May 14 00:35:22 2020 Error occured!
sid:=conn.getCookie(SESSION_COOKIE);
if sid = '' then
sid:=data.urlvars.Values[SESSION_COOKIE];
Anyway, it should be fairly simple to make a "copy url with session" feature, even in the template itself (the web GUI). The server have to 'get' it, but it will soon.I like that approach :) I will wait the implementation of "copy url with session" in some of your future builds. Even if it's easy to modify the template, I vote for adding this as an option in the menu (see my suggestion below), to make easier to enable this independently of which template the server admin is using (and to avoid people come here asking for help about modifying the template).
A strange thing, however; the first time I launched 'Open in browser' to test on protected folder ... the 'Login required' page was displayed, without a box to enter the ID+PASSWORD.
After closing the page and relaunching 'Open in browser', it worked (ID+PASSWORD box displayed) ... I didn't understand why. The test PC had never seen HFS, so the configuration was blank.
I like that approach :) I will wait the implementation of "copy url with session" in some of your future builds. Even if it's easy to modify the template, I vote for adding this as an option in the menu (see my suggestion below), to make easier to enable this independently of which template the server admin is using (and to avoid people come here asking for help about modifying the template).
» Suggestion: This function is now obsolete:
Menu > URL encoding > Include password in pages (for download managers)
(which makes this URL: http://user:pass@127.0.0.1/filename.rar)
It could be replaced with:
Menu > URL encoding > Include authenticated session (for download managers)
(you could use another text description, but I think this is clear enough)
FlashGet generates and negotiates his own cookie (like if it were a browser), so, if you implement this, if the Session-ID is found in the URL, it should override the 'Set-Cookie: HFS_SID_=' sent in the headers of the download manager, or otherwise it will no work (because the FlashGet cookie is independent of the browser).
I can provide more details if this is not clear for you (on how FlashGet works), but it works on the same way in another independent download managers, which -are not- a browser extension.
Also think on some other users, which are using HFS as a simple binary file server (like this user (http://rejetto.com/forum/index.php?topic=13046.0), which was needing to remove Set-Cookie and ETag), but could want to have password-protection.
Anyway, i wish someone else to be checking the security of this new stuff.
i re-made the copy url with password feature, with the encryption
https://github.com/rejetto/hfs2/releases/tag/v2.4-alpha11
But I did'nt find a "copy url with password" menu option.You have to right click on any file you share on root (it doesn't work for real folder files), and you will find it... ;)
Now time to add https... (https://i.imgur.com/xNUXCkq.gif) (just joking)
in your example the session is empty. In such case it is ignored and the URL is used instead. Isn't this enough?I've removed that part in the example (because it's not relevant), but that doesn't mean the SID is empty (it is 'Set-Cookie: HFS_SID_=xxxxxxxxxxxx', where xxxxxxxxxxxx is the radom SID).
Talking about FlashGet, it's now giving a forbidden error: "HTTP/1.1 403 Forbidden". Using your last Alpha11 (https://github.com/rejetto/hfs2/releases/tag/v2.4-alpha11) or the Beta1 (https://github.com/rejetto/hfs2/releases/tag/v2.4-beta01) build doesn't changed functionality with FlashGet, when using the new URL scheme (?mode=auth&u=USERNAME&e=TIMESTAMP&s2=SIGNATURE). If I'm not mistaken, this could happen because this new URL scheme relies on JavaScript to complete the login and redirecting to the resource (correct me if I'm mistaken).
I've removed that part in the example (because it's not relevant), but that doesn't mean the SID is empty (it is 'Set-Cookie: HFS_SID_=xxxxxxxxxxxx', where xxxxxxxxxxxx is the radom SID).
If you want, it's better that you download FlashGet (on you XP virtual machine), and see how it works
You sure? I expect this: the browser gets a cookie, then you pass the job to the DM which will get the cookieExactly! I'm getting 2 different SIDs: one in the browser (where I copy the link with SID), and another different SID is received by the DM (after the DM sends to HFS the link 'with SID in the URL'). :(
1) from the browser, all working, directly
2) through the URL, the DM should have no cookie at this moment because didn't interact with the server yet, it sends a request without a cookie, the server accepts the SID in the URL.
I don't see in which case you should have 2 different SIDs.
i will wait your reply first.
Tue May 19 15:29:48 2020 HTTP/1.1 403 Forbidden
Tue May 19 15:29:48 2020 Content-Type: text/html
Tue May 19 15:29:48 2020 Accept-Ranges: bytes
Tue May 19 15:29:48 2020 Set-Cookie: HFS_SID_=G2SSqVR45UAAAABUNrjvPw; path=/; HttpOnly
ok Leo, i've used flashget and i've found the bug in HFS. It will work in next release.Good! :)
Leo, chill out, have some margarita, you don't need to always specify that your opinion counts so little :D Use the standard IMHO disclaimer.I'll keep that in mind, thanks... ;D (maybe I have my self-esteem low? :o)
Did you see my email about the chrome version?Done! (I've replied the email). Sorry for the late reply and thanks for the heads up. 8)