script.php

   1 <?php
   2 /*
   3  *  Jirafeau, your web file repository
   4  *  Copyright (C) 2015  Jerome Jutteau <j.jutteau@gmail.com>
   5  *
   6  *  This program is free software: you can redistribute it and/or modify
   7  *  it under the terms of the GNU Affero General Public License as
   8  *  published by the Free Software Foundation, either version 3 of the
   9  *  License, or (at your option) any later version.
  10  *
  11  *  This program is distributed in the hope that it will be useful,
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *  GNU Affero General Public License for more details.
  15  *
  16  *  You should have received a copy of the GNU Affero General Public License
  17  *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
  18  */
  19
  20 /*
  21  * This file permits to easyly script file sending, receiving, deleting, ...
  22  * If you don't want this feature, you can simply delete this file from your
  23  * web directory.
  24  */
  25 define('JIRAFEAU_ROOT', dirname(__FILE__) . '/');
  26
  27 require(JIRAFEAU_ROOT . 'lib/settings.php');
  28 require(JIRAFEAU_ROOT . 'lib/functions.php');
  29 require(JIRAFEAU_ROOT . 'lib/lang.php');
  30
  31  global $script_langages;
  32  $script_langages = array('bash' => 'Bash');
  33
  34 /* Operations may take a long time.
  35  * Be sure PHP's safe mode is off.
  36  */
  37 @set_time_limit(0);
  38 /* Remove errors. */
  39 @error_reporting(0);
  40
  41 if ($_SERVER['REQUEST_METHOD'] == "GET" && count($_GET) == 0) {
  42     require(JIRAFEAU_ROOT . 'lib/template/header.php');
  43     check_errors($cfg);
  44     if (has_error()) {
  45         show_errors();
  46         require(JIRAFEAU_ROOT . 'lib/template/footer.php');
  47         exit;
  48     } ?>
  49     <div class="info">
  50     <h2>Scripting interface</h2>
  51     <p>This interface permits to script your uploads and downloads.</p>
  52     <p>See <a href="https://gitlab.com/mojo42/Jirafeau/blob/master/script.php">source code</a> of this interface to get available calls :)</p>
  53     <p>You may download a preconfigured <a href="script.php?lang=bash">Bash Script</a> to easily send to and get files from the API via command line.</p>
  54     </div>
  55     <br />
  56     <?php
  57     require(JIRAFEAU_ROOT . 'lib/template/footer.php');
  58     exit;
  59 }
  60
  61 /* Lets use interface now. */
  62 header('Content-Type: text/plain; charset=utf-8');
  63
  64 check_errors($cfg);
  65 if (has_error()) {
  66     echo 'Error 1';
  67     exit;
  68 }
  69
  70 /* Upload file */
  71 if (isset($_FILES['file']) && is_writable(VAR_FILES)
  72     && is_writable(VAR_LINKS)) {
  73     if (isset ($_POST['upload_password'])) {
  74         if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
  75             echo 'Error 3: Invalid password';
  76             exit;
  77         }
  78     } else {
  79         if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), null)) {
  80             echo 'Error 2: No password nor allowed IP';
  81             exit;
  82         }
  83     }
  84     $key = '';
  85     if (isset($_POST['key'])) {
  86         $key = $_POST['key'];
  87     }
  88
  89     $time = time();
  90     if (!isset($_POST['time']) || !$cfg['availabilities'][$_POST['time']]) {
  91         echo 'Error 4: The parameter time is invalid.';
  92         exit;
  93     } else {
  94         switch ($_POST['time']) {
  95             case 'minute':
  96                 $time += JIRAFEAU_MINUTE;
  97                 break;
  98             case 'hour':
  99                 $time += JIRAFEAU_HOUR;
 100                 break;
 101             case 'day':
 102                 $time += JIRAFEAU_DAY;
 103                 break;
 104             case 'week':
 105                 $time += JIRAFEAU_WEEK;
 106                 break;
 107             case 'month':
 108                 $time += JIRAFEAU_MONTH;
 109                 break;
 110             case 'quarter':
 111                 $time += JIRAFEAU_QUARTER;
 112                 break;
 113             case 'year':
 114                 $time += JIRAFEAU_YEAR;
 115                 break;
 116            default:
 117                 $time = JIRAFEAU_INFINITY;
 118                 break;
 119         }
 120     }
 121
 122     // Check file size
 123     if ($cfg['maximal_upload_size'] > 0 &&
 124         $_FILES['file']['size'] > $cfg['maximal_upload_size'] * 1024 * 1024) {
 125         echo 'Error 5: Your file exceeds the maximum authorized file size.';
 126         exit;
 127     }
 128
 129     $res = jirafeau_upload($_FILES['file'],
 130                             isset($_POST['one_time_download']),
 131                             $key, $time, get_ip_address($cfg),
 132                             $cfg['enable_crypt'], $cfg['link_name_length']);
 133
 134     if (empty($res) || $res['error']['has_error']) {
 135         echo 'Error 6 ' . $res['error']['why'];
 136         exit;
 137     }
 138     /* Print direct link. */
 139     echo $res['link'];
 140     /* Print delete link. */
 141     echo NL;
 142     echo $res['delete_link'];
 143     /* Print decrypt key. */
 144     echo NL;
 145     echo urlencode($res['crypt_key']);
 146 } elseif (isset($_GET['h'])) {
 147     $link_name = $_GET['h'];
 148     $key = '';
 149     if (isset($_POST['key'])) {
 150         $key = $_POST['key'];
 151     }
 152     $d = '';
 153     if (isset($_GET['d'])) {
 154         $d = $_GET['d'];
 155     }
 156
 157     if (!preg_match('/[0-9a-zA-Z_-]+$/', $link_name)) {
 158         echo 'Error 7';
 159         exit;
 160     }
 161
 162     $link = jirafeau_get_link($link_name);
 163     if (count($link) == 0) {
 164         echo 'Error 8';
 165         exit;
 166     }
 167     if (strlen($d) > 0 && $d == $link['link_code']) {
 168         jirafeau_delete_link($link_name);
 169         echo "Ok";
 170         exit;
 171     }
 172     if ($link['time'] != JIRAFEAU_INFINITY && time() > $link['time']) {
 173         jirafeau_delete_link($link_name);
 174         echo 'Error 9';
 175         exit;
 176     }
 177     if (strlen($link['key']) > 0 && md5($key) != $link['key']) {
 178         sleep(2);
 179         echo 'Error 10';
 180         exit;
 181     }
 182     $p = s2p($link['md5']);
 183     if (!file_exists(VAR_FILES . $p . $link['md5'])) {
 184         echo 'Error 11';
 185         exit;
 186     }
 187
 188     /* Read file. */
 189     header('Content-Length: ' . $link['file_size']);
 190     header('Content-Type: ' . $link['mime_type']);
 191     header('Content-Disposition: attachment; filename="' .
 192             $link['file_name'] . '"');
 193
 194     $r = fopen(VAR_FILES . $p . $link['md5'], 'r');
 195     while (!feof($r)) {
 196         print fread($r, 1024);
 197         ob_flush();
 198     }
 199     fclose($r);
 200
 201     if ($link['onetime'] == 'O') {
 202         jirafeau_delete_link($link_name);
 203     }
 204     exit;
 205 } elseif (isset($_GET['get_capacity'])) {
 206     echo min(jirafeau_ini_to_bytes(ini_get('post_max_size')),
 207               jirafeau_ini_to_bytes(ini_get('upload_max_filesize')));
 208 } elseif (isset($_GET['get_maximal_upload_size'])) {
 209     echo $cfg['maximal_upload_size'];
 210 } elseif (isset($_GET['get_version'])) {
 211     echo JIRAFEAU_VERSION;
 212 } elseif (isset($_GET['lang'])) {
 213     $l=$_GET['lang'];
 214     if ($l == "bash") {
 215         ?>
 216 #!/bin/bash
 217
 218 # This script has been auto-generated by Jirafeau but you can still edit options below.
 219
 220 # Config begin
 221 proxy='' # Or set JIRAFEAU_PROXY.
 222 url='<?php echo $cfg['web_root']; ?>' # Or set JIRAFEAU_URL.
 223 time='<?php echo $cfg['availability_default']; ?>' # Or set JIRAFEAU_TIME.
 224 one_time='' # Or set JIRAFEAU_ONE_TIME.
 225 curl='' # Or set JIRAFEAU_CURL_PATH.
 226 # Config end
 227
 228 if [ -n "$JIRAFEAU_PROXY" ]; then
 229     proxy="$JIRAFEAU_PROXY"
 230 fi
 231
 232 if [ -n "$JIRAFEAU_URL" ]; then
 233     url="$JIRAFEAU_URL"
 234 fi
 235
 236 if [ -z "$url" ]; then
 237     echo "Please set url in script parameters or export JIRAFEAU_URL"
 238 fi
 239
 240 if [ -n "$JIRAFEAU_TIME" ]; then
 241     time="$JIRAFEAU_TIME"
 242 fi
 243
 244 if [ -n "$JIRAFEAU_ONE_TIME" ]; then
 245     one_time='1'
 246 fi
 247
 248 if [ -z "$curl" ]; then
 249     curl="$JIRAFEAU_CURL_PATH"
 250 fi
 251
 252 if [ -z "$curl" ] && [ -e "/usr/bin/curl" ]; then
 253     curl="/usr/bin/curl"
 254 fi
 255
 256 if [ -z "$curl" ] && [ -e "/bin/curl.exe" ]; then
 257     curl="/bin/curl.exe"
 258 fi
 259
 260 if [ -z "$curl" ]; then
 261     echo "Please set your curl binary path (by editing this script or export JIRAFEAU_CURL_PATH global variable)."
 262     exit
 263 fi
 264
 265 if [ -z "$2" ]; then
 266     echo "Jirafeau Bash Script <?php echo JIRAFEAU_VERSION; ?>"
 267     echo "--------------------------"
 268     echo "Usage:"
 269     echo "    $0 OPTIONS"
 270     echo
 271     echo "Options:"
 272     echo "    $0 send FILE [PASSWORD]"
 273     echo "    $0 get URL [PASSWORD]"
 274     echo "    $0 delete URL"
 275     echo
 276     echo "Global variables to export:"
 277     echo "    JIRAFEAU_PROXY: Domain and port of proxy server, eg. »proxysever.example.com:3128«"
 278     echo "    JIRAFEAU_URL : URI to Jirafeau installation with trailing slash, eg. »https://example.com/jirafeau/«"
 279     echo "    JIRAFEAU_TIME : expiration time, eg. »minute«, »hour«, »day«, »week«, »month«, »quarter«, »year« or »none«"
 280     echo "    JIRAFEAU_ONE_TIME : self-destroy after first download, eg. »1« to enable or »« (empty) to disable"
 281     echo "    JIRAFEAU_CURL : alternative path to curl binary"
 282
 283     exit 0
 284 fi
 285
 286 if [ -n "$proxy" ]; then
 287     proxy="-x $proxy"
 288 fi
 289
 290 options=''
 291 if [ -n "$one_time" ]; then
 292     options="$options -F one_time_download=1"
 293 fi
 294
 295 password=''
 296 if [ -n "$3" ]; then
 297     password="$3"
 298     options="$options -F key=$password"
 299 fi
 300
 301 apipage='script.php'
 302 downloadpage='f.php'
 303
 304 if [ "$1" == "send" ]; then
 305     if [ ! -f "$2" ]; then
 306         echo "File \"$2\" does not exists."
 307         exit
 308     fi
 309
 310     # Ret result
 311     res=$($curl -X POST --http1.0 $proxy $options \
 312                   -F "time=$time" \
 313                   -F "file=@$2" \
 314                   $url$apipage)
 315
 316     if [[ "$res" == Error* ]]; then
 317         echo "Error while uploading."
 318         echo $res
 319         exit
 320     fi
 321
 322     # Not using head or tail to minimise command dependencies
 323     code=$(cnt=0; echo "$res" | while read l; do
 324         if [[ "$cnt" == "0" ]]; then
 325             echo "$l"
 326         fi
 327         cnt=$(( cnt + 1 ))
 328         done)
 329     del_code=$(cnt=0; echo "$res" | while read l; do
 330         if [[ "$cnt" == "1" ]]; then
 331             echo "$l"
 332         fi
 333         cnt=$(( cnt + 1 ))
 334         done)
 335     key_code=$(cnt=0; echo "$res" | while read l; do
 336         if [[ "$cnt" == "2" ]]; then
 337             echo "$l"
 338         fi
 339         cnt=$(( cnt + 1 ))
 340         done)
 341
 342     echo
 343     echo "Download page:"
 344     if [[ $key_code ]]; then
 345         echo "    ${url}${downloadpage}?h=$code&k=$key_code"
 346     else
 347         echo "    ${url}${downloadpage}?h=$code"
 348     fi
 349     echo "Direct download:"
 350     if [[ $key_code ]]; then
 351         echo "    ${url}${downloadpage}?h=$code&k=$key_code&d=1"
 352     else
 353         echo "    ${url}${downloadpage}?h=$code&d=1"
 354     fi
 355     echo "Delete link:"
 356     echo "    ${url}${downloadpage}?h=$code&d=$del_code"
 357     echo
 358     echo "Download via API:"
 359     if [[ $key_code ]]; then
 360         echo "    ${0} get ${url}${apipage}?h=$code&k=$key_code [PASSWORD}"
 361     else
 362         echo "    ${0} get ${url}${apipage}?h=$code [PASSWORD}"
 363     fi
 364     echo "Delete via API:"
 365     echo "    ${0} delete ${url}${downloadpage}?h=$code&d=$del_code"
 366
 367 elif [ "$1" == "get" ]; then
 368     if [ -z "$password" ]; then
 369         $curl $proxy -OJ "$2"
 370     else
 371         $curl $proxy -OJ -X POST -F key=$password "$2"
 372     fi
 373 elif [ "$1" == "delete" ]; then
 374     $curl $proxy "$2"
 375 fi
 376 <?php
 377
 378     } else {
 379         echo 'Error 12';
 380         exit;
 381     }
 382 }
 383 /* Initialize an asynchronous upload. */
 384 elseif (isset($_GET['init_async'])) {
 385     if (isset($_POST['upload_password'])){
 386         if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
 387             echo 'Error 20: Invalid password';
 388             exit;
 389         }
 390     } else {
 391         if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), null)) {
 392             echo 'Error 19: No password nor allowed IP';
 393             exit;
 394         }
 395     }
 396
 397     if (!isset($_POST['filename'])) {
 398         echo 'Error 21';
 399         exit;
 400     }
 401
 402     $type = '';
 403     if (isset($_POST['type'])) {
 404         $type = $_POST['type'];
 405     }
 406
 407     $key = '';
 408     if (isset($_POST['key'])) {
 409         $key = $_POST['key'];
 410     }
 411
 412     $time = time();
 413     if (!isset($_POST['time']) || !$cfg['availabilities'][$_POST['time']]) {
 414         echo 'Error 22';
 415         exit;
 416     } else {
 417         switch ($_POST['time']) {
 418             case 'minute':
 419                 $time += JIRAFEAU_MINUTE;
 420                 break;
 421             case 'hour':
 422                 $time += JIRAFEAU_HOUR;
 423                 break;
 424             case 'day':
 425                 $time += JIRAFEAU_DAY;
 426                 break;
 427             case 'week':
 428                 $time += JIRAFEAU_WEEK;
 429                 break;
 430             case 'month':
 431                 $time += JIRAFEAU_MONTH;
 432                 break;
 433             case 'quarter':
 434                 $time += JIRAFEAU_QUARTER;
 435                 break;
 436             case 'year':
 437                 $time += JIRAFEAU_YEAR;
 438                 break;
 439             default:
 440                 $time = JIRAFEAU_INFINITY;
 441                 break;
 442         }
 443     }
 444     echo jirafeau_async_init($_POST['filename'],
 445                               $type,
 446                               isset($_POST['one_time_download']),
 447                               $key,
 448                               $time,
 449                               get_ip_address($cfg));
 450 }
 451 /* Continue an asynchronous upload. */
 452 elseif (isset($_GET['push_async'])) {
 453     if ((!isset($_POST['ref']))
 454         || (!isset($_FILES['data']))
 455         || (!isset($_POST['code']))) {
 456         echo 'Error 23';
 457     } else {
 458         echo jirafeau_async_push($_POST['ref'],
 459                                   $_FILES['data'],
 460                                   $_POST['code'],
 461                                   $cfg['maximal_upload_size']);
 462     }
 463 }
 464 /* Finalize an asynchronous upload. */
 465 elseif (isset($_GET['end_async'])) {
 466     if (!isset($_POST['ref'])
 467         || !isset($_POST['code'])) {
 468         echo 'Error 24';
 469     } else {
 470         echo jirafeau_async_end($_POST['ref'], $_POST['code'], $cfg['enable_crypt'], $cfg['link_name_length']);
 471     }
 472 } else {
 473     echo 'Error 25';
 474 }
 475 exit;
 476 ?>