I think that the custom MD5 hash stuff is a crazy implementation choice in the UploadPHP sample - http://help.madshi.net/madExceptSettings5a.htm
The code that manually executes some MD5 hash stuff seems crazy. It's unneccessary, I've found. What you really need is simply something like this....
Apache will check the password, if you force authentication to occur, it's not YOUR job to actually check the password, just that the authenticated userid is present, so you know that Apache did basic authentication for you.
Code: Select all
<?php
// ***************************************************************
// bugreporter.php version 1.0
// This is an integration script that lets us pipe bug reports from MadExcept
// directly into X.
// ***************************************************************
ini_set('display_errors', 'On'); // debugging!
// require 'something/lib/autoload.php'; // add your own dependencies here.
$version = 'bugrep-1.0.0';
// when madexcept "calls" us via this script, we expect it to pass in the following credentials so we know it's a trusted madexcept sender
$user = 'acceptableuserid1';
$altuser = 'acceptableuserid2';
// **************************************************************
$realm = 'madExcept upload script';
$continue = 1; // when set to zero, do not continue logging the bug.
// ***************************************************************
// First we must check if the user has provided authentication, and if not,
// prompt for user and password using HTTP basic authentication.
// ***************************************************************
if (!isset($_SERVER['PHP_AUTH_USER']))
{ $continue = 0;
header('WWW-Authenticate: Basic realm="RAMSOFT"');
header('HTTP/1.0 401 Unauthorized');
echo 'This page requires authentication to view.';
exit;
}
else
{
// If the user is browsing (HTTP GET) show a message.
if ($_SERVER['REQUEST_METHOD'] == "GET" )
{
echo "\n".$version." : Intended to be invoked using http post";
exit;
}
else
if ( isset($_SERVER['PHP_AUTH_USER']))
{
if (($_SERVER['PHP_AUTH_USER'] == $user) || ($_SERVER['PHP_AUTH_USER'] == $altuser) )
{
$continue = 1;
}
else
{
$continue = 0;
};
}
// from:
if (isset($_POST['MailFrom']))
{
$mailFrom = $_POST['MailFrom'];
$i1 = strpos($mailFrom, '<');
$i2 = strrpos($mailFrom, '>');
if (!(($i1 === false) || ($i2 === false) || ($i1 >= $i2)))
{
$From = trim(substr($mailFrom, $i1 + 1, $i2 - $i1 - 1));
$FromName = trim(substr($mailFrom, 0, $i1 ));
}
}
else
{
$mailFrom = 'Unknown User';
}
// subject and body
if (isset($_POST['MailSubject']))
{
$Subject = $_POST['MailSubject'];
}
else
{
$Subject = 'Automated Bug Report';
};
if (isset($_POST['MailBody']))
{
$Body = $_POST['MailBody'];
}
else
{
$Body = '(Message body missing)';
$continue = 0;
}
if ($continue)
{
// do what you want, from here. integrate with SMTP, integrate with Redmine, integrate with any old thing that has any way to integrate.
// generate an OK response (200)
header('HTTP/1.0 200 SUCCESS'); // This was not documented in the MadExcept help, but it is required.
}
};
?>