From f57095e878fa0c3ecb6192bca1d19f9fef89508c Mon Sep 17 00:00:00 2001
From: Patrick Simianer <p@simianer.de>
Date: Wed, 8 Jun 2016 16:20:22 +0200
Subject: somewhat more secure

---
 inc/db.inc.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'inc/db.inc.php')

diff --git a/inc/db.inc.php b/inc/db.inc.php
index ed45f7b..7356076 100644
--- a/inc/db.inc.php
+++ b/inc/db.inc.php
@@ -1,7 +1,10 @@
 <?php
 
 $SESSION_DIR="/srv/postedit/sessions";
-$json = file_get_contents($SESSION_DIR."/".$_GET["key"]."/data.json");
+$key = $_GET["key"];
+if (preg_match('/^[a-z0-9]{4}$/', $key)) {
+  $json = file_get_contents($SESSION_DIR."/".$key."/data.json");
+}
 $db = json_decode($json);
 
 ?>
-- 
cgit v1.2.3


From 1a51b3797d4c3a846e47b105a5edcb8283726651 Mon Sep 17 00:00:00 2001
From: Patrick Simianer <p@simianer.de>
Date: Tue, 14 Jun 2016 13:15:10 +0200
Subject: submit name, some fixes

---
 inc/db.inc.php  |  2 +-
 index.php       | 20 ++++++++++++++------
 interface.php   |  1 +
 js/interface.js |  1 +
 server.rb       |  4 ++++
 util/run_all    |  1 +
 6 files changed, 22 insertions(+), 7 deletions(-)

(limited to 'inc/db.inc.php')

diff --git a/inc/db.inc.php b/inc/db.inc.php
index 7356076..e023c3a 100644
--- a/inc/db.inc.php
+++ b/inc/db.inc.php
@@ -2,7 +2,7 @@
 
 $SESSION_DIR="/srv/postedit/sessions";
 $key = $_GET["key"];
-if (preg_match('/^[a-z0-9]{4}$/', $key)) {
+if (preg_match('/^[a-z0-9]{1,4}$/', $key)) {
   $json = file_get_contents($SESSION_DIR."/".$key."/data.json");
 }
 $db = json_decode($json);
diff --git a/index.php b/index.php
index 320e653..4b7e13c 100644
--- a/index.php
+++ b/index.php
@@ -4,7 +4,13 @@
   <title>Post-Editing Interface</title>
   <script src="js/jquery.min.js" charset="utf-8"></script>
   <script type="text/javascript">
-  
+  var check_submit = function () {
+    if ($("#name").val()=="" || $("#key").val()=="") {
+      alert("Please enter a session key and a name.")
+      return;
+    }
+    document.sess.submit();
+  }
   </script>
   <link rel="stylesheet" type="text/css" href="static/main.css" />
 </head>
@@ -13,16 +19,18 @@
 
 <?php include("inc/header.inc.php"); ?>
 
-<form method="get" action="interface.php">
-  <strong>Please enter your session key:</strong>
+<form method="get" name="sess" action="interface.php">
+  <strong>Session key:</strong>
   <input type="text" id="key" name="key" style="width:8em" />
-  &nbsp;&nbsp;&nbsp;&nbsp;Session type:
+  &nbsp;&nbsp;&nbsp;&nbsp;<strong>Name:</strong>
+  <input type="txt" id="name" name="name" style="width:12em" />
+  &nbsp;&nbsp;&nbsp;&nbsp;<strong>Session type:</strong>
   <select name="ui_type">
-    <!--<option value="g">graphical</option>-->
     <option value="t">text</option>
+    <option value="g">graphical</option>
 </select>
 &nbsp;&nbsp;&nbsp;
-<input type="submit" value="Submit" />
+<input type="button" value="Submit" onclick="check_submit()" />
 </form>
 
 <!--<div class="small" style="background:#eee;margin: 5em 0 5em 0;padding:.5em; max-width:25%">
diff --git a/interface.php b/interface.php
index 04e0af9..00d8779 100644
--- a/interface.php
+++ b/interface.php
@@ -109,5 +109,6 @@ Note that the source word may be distorted.
 <textarea style="display:none" id="data"              ></textarea>
 <textarea style="display:none" id="original_svg"      ></textarea>
 <textarea style="display:none" id="original_mt"       ></textarea>
+<textarea style="display:none" id="name"              ><?php echo $_GET["name"]; ?></textarea>
 <!-- /Data -->
 
diff --git a/js/interface.js b/js/interface.js
index 0f0b9f3..b86bf50 100644
--- a/js/interface.js
+++ b/js/interface.js
@@ -286,6 +286,7 @@ var next =  function ()
   }
 
   send_data["key"] = key;
+  send_data["name"] = $("#name").val();
 
   // send data
   if (oov_correct.value=="false" && post_edit != "") {
diff --git a/server.rb b/server.rb
index b93464b..d25e216 100755
--- a/server.rb
+++ b/server.rb
@@ -179,6 +179,10 @@ def process_next reply
     return
   end
   $lock = true                                                           # lock
+  if !data['name'] || data['name'] == ""
+    $status = "Error: Name not given."
+    return
+  end
   if data['key'] != SESSION_KEY
     $status =  "Error: Key mismatch (#{data['key']}, #{SESSION_KEY})"
     return
diff --git a/util/run_all b/util/run_all
index 801d553..ef3386a 100755
--- a/util/run_all
+++ b/util/run_all
@@ -4,5 +4,6 @@
 for i in `cat ../sessions/sessions | cut -f 1`; do
   echo $i
   ./util/run_server $i &
+  sleep 15
 done
 
-- 
cgit v1.2.3