Hiding indexer.php and indexer/

[camjac251]

Does the the path_checking function break hiding the indexer.php file and indexer folder?

My nginx root is set to serve the user directory from logged in users through root /folder/path/video/$remote_user I tried to add in indexer.php and the folder into one of the users but both appeared in the indexing.

I tried to experiment and serve them from elsewhere but it didn't work as expected. The static files resolve at domain.name/indexer but domain.name/ serves the directory from the indexer.php location block, instead of my main one.

server {
    listen                  ssl http2;
    server_name             domain.name;
    root                    /folder/path/video/$remote_user;
    index index.html index.htm index.php /indexer.php;

    # SSL
    ssl_certificate         /directory/to/nginxuser/.certbot/live/domain.name/fullchain.pem;
    ssl_certificate_key     /directory/to/nginxuser/.certbot/live/domain.name/privkey.pem;
    ssl_trusted_certificate /directory/to/nginxuser/.certbot/live/domain.name/chain.pem;

    # error handling
    location = /error.html {
      ssi on;
      internal;
      auth_basic off;
      root /directory/to/nginxuser/.config/nginx/html/error;
    }

    # # fancy index
    # include                 confcustom/fancyindex.conf;

    # webdav access
    dav_methods PUT DELETE MKCOL COPY MOVE;
    dav_ext_methods PROPFIND OPTIONS;
    create_full_put_path on;
    dav_access user:r group:r;

    # authorization
    auth_basic            "closed site";
    auth_basic_user_file  credentials/users.htpasswd;
    location ^~ /indexer/ {
      root /directory/to/nginxuser/.config/nginx/html/indexer/;
    }
    location = /indexer.php {
      alias /directory/to/nginxuser/.config/nginx/html/indexer/indexer.php;
      include fastcgi_params;
      fastcgi_pass unix:/directory/to/nginxuser/.config/php-fpm/socket;
    }

    # security
    include                 nginxconfig.io/security.conf;

    # logging
    access_log              /directory/to/nginxuser/logs/nginx/$remote_user.domain.name.access.log;
    error_log               /directory/to/nginxuser/logs/nginx/$remote_user.domain.name.error.log warn;

    # additional config
    include                 nginxconfig.io/general.conf;
    include                 includes/php.conf;
}

[sixem]

The indexer.php file and indexer folder will always be shown if you are browsing the same directory that holds indexer.php. I suppose i could add a small check that hides those specific files if you are in the root directory though.

The idea is that you will never really be browsing that directory because a regular index file or whatever is usually present there instead.

[camjac251]

Is it possible with nginx to serve the indexer file through a map path possibly using nginx so it can just remain in one location and not in every root

[sixem]

Hmm, so what the script does is that it takes the path where the indexer.php resides and the $_SERVER['REQUEST_URI'], then joins them together to create the full path.

I could add support for overwriting the first part of the path by using $_SERVER variables.

Doing something like this should work for that i think:

location = /indexer.php {
        alias /var/www/some/static_path/indexer.php;
        fastcgi_param INDEXER_BASE_PATH "/var/www/some/variable/root_path";
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        include snippets/fastcgi-php.conf;
}

Then as long as the INDEXER_BASE_PATH matches the root directory set, it should work.

Would this solve it?

[camjac251]

With this location block, where would the static files be served from? I'm guessing I'd just keep the block from above? Would this work with it? $remote_user being used?

location = /indexer.php {
        alias /folder/path/nginxuser/.config/nginx/html/indexer/indexer.php;
        fastcgi_param INDEXER_BASE_PATH "/folder/path/video/$remote_user";
        include includes/php.conf;
}

[sixem]

I'm no nginx expert but it should work with $remote_user, yes. Also, just keeping the location block for the static files should also be fine, i think.

I'll try to get a PR up tomorrow with the changes.

[camjac251]

Tested it just now with the HTTP auth system and $remote_user and it's working amazingly. Thank you

[camjac251]

I ended up adding changing the dates field to these to see the timezone it set

$data['recent'][$type] = self::formatDate('m/d/y H:i T', $data['recent'][$type], $timezone['offset']);

return array($stamp, self::formatDate('m/d/y <\s\p\a\n \d\a\t\a-\v\i\e\w="\d\e\s\k\t\o\p">H:i T</\s\p\a\n>', $stamp, $modifier));

It's not showing my timezone I set on the server or my local one in browser

[sixem]

The script is not overriding any server attempts, no. All it does it set the href to /some/example.jpg without any domain names, ports or whatever, and then it lets the browser decide how to solve that. I'm not sure what i could change in order to fix that issue, sorry.

As for the timezone issue - did you update everything? I've made changes to most of the files in order to support that.

[camjac251]

After I posted the comment, I went back to test it again and it just worked. No port changes happened. I tried marking the comment as resolved but just ended up deleting it. Sorry for the confusion. I clean installed the script to make sure it worked correctly for this update. Everything was overwritten.

[sixem]

Hmm, could you check if the cookies are being set correctly? There should be a ei-client_timezone_offset cookie set with the client's UTC offset.

[camjac251]

I cleared the cookies and a new one ei-client_timezone_offset was made with value 300.

[sixem]

Oh, i think i just totally missed something ..

If you could go to line 170 of the indexer.php and then edit:

'offset' => $cookies['client_timezone_offset'] > 0 ? -$cookies['client_timezone_offset'] : abs($cookies['client_timezone_offset']) * 60

to

'offset' => $cookies['client_timezone_offset'] > 0 ? -$cookies['client_timezone_offset'] * 60 : abs($cookies['client_timezone_offset']) * 60

Does that solve it?

[camjac251]

That worked. Files now show local time to the client. Would it be possible to support the timezone flag? I added T so hopefully the person connecting could know that the times are correct to their timezone but it's locked at GMT.

[sixem]

Sadly i don't have access to the exact timezone unless i wanna use some extensive library. All i have is the client's offset from UTC.

I could add an option to display UTC/GMT relative timezones though, something like this: 30/03/20 09:17 UTC+2.

[camjac251]

Could it guess the timezone based off of what the system running php reports and the offset given by client?

[sixem]

I think that's what i meant. PHP will get the UTC time and modify it using whatever the client has set as the cookie (which is the offset from UTC).

So, we could just divide the cookie by 60 and we would have the UTC relative timezone, like UTC-5 and so on. I can add support for this, but what i can't add is a way to show the specific country timezone, like Europe/Paris etc.

[camjac251]

Would something like this work https://stackoverflow.com/a/11896631

[sixem]

Sort of, but from what i can see it would also show Europe/Paris for anyone living in a UTC+2 timezone and America/New_York for anyone in UTC-4 etc, so it wouldn't really be any more specific than a simple UTC+2 or GMT+2 timestamp in that case.

Plus, a long string like that would take up a lot of space on a row i've already been trying to minimize.

[sixem]

I've added a title to the modification date now which displays how long ago the item was modified along with a simple UTC timestamp, hopefully this will make things a little bit more clear.

I'll close this issue now as the original issue should be fixed now.