Some UI improvement as password-protection

README.md

@@ -6,10 +6,13 @@ As of version 0.1.0 it also supports creating archives.
 It's handy if you do not have shell access. E.g. if you want to upload a lot of files (php framework or image collection) as archive - because it is much faster than uploading each file by itself.
 
 
-## Requirements    
+## Requirements
 PHP 5.3 and newer
 (If you still run PHP < 5.6 you should consider updating PHP. These old PHP versions do not get any security updates and your site may be vulnerable.)
 
+## Security
+* Don't leave utility on production server. It can easily be used to extract sensitive information (like configuration files with login/password to your database server). Delete it right after usage.
+* To prevent unauthorized access to script, it's password-protected. Default login/password is Rainbow/Dash (case-sensitive). Change constants VALID_USER and VALID_PASSWORD to make your own password.
 
 ## Usage
 * Download unzipper.php and place it in the same directory as your .zip archive.
@@ -32,13 +35,13 @@ Beta version state, use at you own risk.
 Released under GNU/GPL v3
 
 
-## Screenshot   
+## Screenshot
 ![Screenshot of unzipper](https://cloud.githubusercontent.com/assets/1136761/17080297/1bccbd60-512a-11e6-89cb-c6c112270154.png)
 
 
-## Updates    
+## Updates
 Get latest code at https://github.com/ndeet/unzipper
 
 
-## Credits   
-[See contributors on Github](https://github.com/ndeet/unzipper/graphs/contributors)  
+## Credits
+[See contributors on Github](https://github.com/ndeet/unzipper/graphs/contributors)

unzipper.php

@@ -8,13 +8,35 @@
  * @author  Andreas Tasch, at[tec], attec.at
  * @license GNU GPL v3
  * @package attec.toolbox
- * @version 0.1.1
+ * @version 0.1.2
  */
-define('VERSION', '0.1.1');
+define('VERSION', '0.1.2');
+define('VALID_USER','Rainbow');
+define('VALID_PASSWORD','Dash');
+
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+  header('WWW-Authenticate: Basic realm="This utility is password-protected"');
+  header('HTTP/1.0 401 Unauthorized');
+  echo 'This utility is password-protected';
+  exit;
+}else if (($_SERVER['PHP_AUTH_USER']!==VALID_USER) or
+  ($_SERVER['PHP_AUTH_PW']!==VALID_PASSWORD)) {
+  header('WWW-Authenticate: Basic realm="You entered invalid login|password"');
+  header('HTTP/1.0 401 Unauthorized');
+  echo 'You entered invalid login|password';
+  exit;
+}
 
 $timestart = microtime(TRUE);
 $GLOBALS['status'] = array();
 
+if (isset($_POST['dozip'])) {
+  $zippath = !empty($_POST['zippath']) ? strip_tags($_POST['zippath']) : '.';
+  // Resulting zipfile e.g. zipper--2016-07-23--11-55.zip.
+  $zipfile = 'zipper-' . date("Y-m-d--H-i") . '.zip';
+  Zipper::zipDir($zippath, $zipfile);
+}
+
 $unzipper = new Unzipper;
 if (isset($_POST['dounzip'])) {
   // Check if an archive was selected for unzipping.
@@ -23,13 +45,6 @@
   $unzipper->prepareExtraction($archive, $destination);
 }
 
-if (isset($_POST['dozip'])) {
-  $zippath = !empty($_POST['zippath']) ? strip_tags($_POST['zippath']) : '.';
-  // Resulting zipfile e.g. zipper--2016-07-23--11-55.zip.
-  $zipfile = 'zipper-' . date("Y-m-d--H-i") . '.zip';
-  Zipper::zipDir($zippath, $zipfile);
-}
-
 $timeend = microtime(TRUE);
 $time = round($timeend - $timestart, 4);
 
@@ -54,10 +69,10 @@ public function __construct() {
       closedir($dh);
 
       if (!empty($this->zipfiles)) {
-        $GLOBALS['status'] = array('info' => '.zip or .gz or .rar files found, ready for extraction');
+        $GLOBALS['status'][] = array('info' => '.zip or .gz or .rar files found, ready for extraction');
       }
       else {
-        $GLOBALS['status'] = array('info' => 'No .zip or .gz or rar files found. So only zipping functionality available.');
+        $GLOBALS['status'][] = array('info' => 'No .zip or .gz or rar files found. So only zipping functionality available.');
       }
     }
   }
@@ -121,7 +136,7 @@ public static function extract($archive, $destination) {
   public static function extractZipArchive($archive, $destination) {
     // Check if webserver supports unzipping.
     if (!class_exists('ZipArchive')) {
-      $GLOBALS['status'] = array('error' => 'Error: Your PHP version does not support unzip functionality.');
+      $GLOBALS['status'][] = array('error' => 'Error: Your PHP version does not support unzip functionality.');
       return;
     }
 
@@ -133,14 +148,14 @@ public static function extractZipArchive($archive, $destination) {
       if (is_writeable($destination . '/')) {
         $zip->extractTo($destination);
         $zip->close();
-        $GLOBALS['status'] = array('success' => 'Files unzipped successfully');
+        $GLOBALS['status'][] = array('success' => 'Files unzipped successfully');
       }
       else {
-        $GLOBALS['status'] = array('error' => 'Error: Directory not writeable by webserver.');
+        $GLOBALS['status'][] = array('error' => 'Error: Directory not writeable by webserver.');
       }
     }
     else {
-      $GLOBALS['status'] = array('error' => 'Error: Cannot read .zip archive.');
+      $GLOBALS['status'][] = array('error' => 'Error: Cannot read .zip archive.');
     }
   }
 
@@ -155,7 +170,7 @@ public static function extractZipArchive($archive, $destination) {
   public static function extractGzipFile($archive, $destination) {
     // Check if zlib is enabled
     if (!function_exists('gzopen')) {
-      $GLOBALS['status'] = array('error' => 'Error: Your PHP has no zlib support enabled.');
+      $GLOBALS['status'][] = array('error' => 'Error: Your PHP has no zlib support enabled.');
       return;
     }
 
@@ -171,20 +186,20 @@ public static function extractGzipFile($archive, $destination) {
 
     // Check if file was extracted.
     if (file_exists($destination . '/' . $filename)) {
-      $GLOBALS['status'] = array('success' => 'File unzipped successfully.');
+      $GLOBALS['status'][] = array('success' => 'File unzipped successfully.');
 
       // If we had a tar.gz file, let's extract that tar file.
       if (pathinfo($destination . '/' . $filename, PATHINFO_EXTENSION) == 'tar') {
         $phar = new PharData($destination . '/' . $filename);
         if ($phar->extractTo($destination)) {
-          $GLOBALS['status'] = array('success' => 'Extracted tar.gz archive successfully.');
+          $GLOBALS['status'][] = array('success' => 'Extracted tar.gz archive successfully.');
           // Delete .tar.
           unlink($destination . '/' . $filename);
         }
       }
     }
     else {
-      $GLOBALS['status'] = array('error' => 'Error unzipping file.');
+      $GLOBALS['status'][] = array('error' => 'Error unzipping file.');
     }
 
   }
@@ -200,7 +215,7 @@ public static function extractGzipFile($archive, $destination) {
   public static function extractRarArchive($archive, $destination) {
     // Check if webserver supports unzipping.
     if (!class_exists('RarArchive')) {
-      $GLOBALS['status'] = array('error' => 'Error: Your PHP version does not support .rar archive functionality. <a class="info" href="http://php.net/manual/en/rar.installation.php" target="_blank">How to install RarArchive</a>');
+      $GLOBALS['status'][] = array('error' => 'Error: Your PHP version does not support .rar archive functionality. <a class="info" href="http://php.net/manual/en/rar.installation.php" target="_blank">How to install RarArchive</a>');
       return;
     }
     // Check if archive is readable.
@@ -212,14 +227,14 @@ public static function extractRarArchive($archive, $destination) {
           $entry->extract($destination);
         }
         $rar->close();
-        $GLOBALS['status'] = array('success' => 'Files extracted successfully.');
+        $GLOBALS['status'][] = array('success' => 'Files extracted successfully.');
       }
       else {
-        $GLOBALS['status'] = array('error' => 'Error: Directory not writeable by webserver.');
+        $GLOBALS['status'][] = array('error' => 'Error: Directory not writeable by webserver.');
       }
     }
     else {
-      $GLOBALS['status'] = array('error' => 'Error: Cannot read .rar archive.');
+      $GLOBALS['status'][] = array('error' => 'Error: Cannot read .rar archive.');
     }
   }
 
@@ -295,7 +310,7 @@ public static function zipDir($sourcePath, $outZipPath) {
     }
     $z->close();
 
-    $GLOBALS['status'] = array('success' => 'Successfully created archive ' . $outZipPath);
+    $GLOBALS['status'][] = array('success' => 'Successfully created archive ' . $outZipPath);
   }
 }
 ?>
@@ -389,11 +404,20 @@ public static function zipDir($sourcePath, $outZipPath) {
   </style>
 </head>
 <body>
-<p class="status status--<?php echo strtoupper(key($GLOBALS['status'])); ?>">
-  Status: <?php echo reset($GLOBALS['status']); ?><br/>
+<?php foreach($GLOBALS['status'] as $value):
+  // this is a fastest approach to get first key and value
+  // https://stackoverflow.com/questions/1028668/get-first-key-in-a-possibly-associative-array
+  foreach($value as $status=>$description) break;
+?><p class="status status--<?php echo strtoupper($status); ?>">
+  Status: <?php echo $description; ?><br/>
+  <?php if(($status!=='info') and($time>0)): ?>
   <span class="small">Processing Time: <?php echo $time; ?> seconds</span>
+  <?php endif ?>
 </p>
+<?php endforeach ?>
+
 <form action="" method="POST">
+  <?php if(count($unzipper->zipfiles)>0): ?>
   <fieldset>
     <h1>Archive Unzipper</h1>
     <label for="zipfile">Select .zip or .rar archive or .gz file you want to extract:</label>
@@ -408,6 +432,7 @@ public static function zipDir($sourcePath, $outZipPath) {
     <p class="info">Enter extraction path without leading or trailing slashes (e.g. "mypath"). If left empty current directory will be used.</p>
     <input type="submit" name="dounzip" class="submit" value="Unzip Archive"/>
   </fieldset>
+  <?php endif ?>
 
   <fieldset>
     <h1>Archive Zipper</h1>