]> git.p6c8.net - jirafeau.git/blob - admin.php
Merge branch 'fix_cs' into 'next-release'
[jirafeau.git] / admin.php
1 <?php
2 /*
3 * Jirafeau, your web file repository
4 * Copyright (C) 2008 Julien "axolotl" BERNARD <axolotl@magieeternelle.org>
5 * Copyright (C) 2015 Jerome Jutteau <jerome@jutteau.fr>
6 * Copyright (C) 2024 Jirafeau project <https://gitlab.com/jirafeau> (see AUTHORS.md)
7 *
8 * This program is free software: you can redistribute it and/or modify
9 * it under the terms of the GNU Affero General Public License as
10 * published by the Free Software Foundation, either version 3 of the
11 * License, or (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU Affero General Public License for more details.
17 *
18 * You should have received a copy of the GNU Affero General Public License
19 * along with this program. If not, see <https://www.gnu.org/licenses/>.
20 */
21 session_start();
22 define('JIRAFEAU_ROOT', dirname(__FILE__) . '/');
23
24 require(JIRAFEAU_ROOT . 'lib/settings.php');
25 require(JIRAFEAU_ROOT . 'lib/functions.php');
26 require(JIRAFEAU_ROOT . 'lib/lang.php');
27
28 /* Check if installation is OK. */
29 if (file_exists(JIRAFEAU_ROOT . 'install.php')
30 && !file_exists(JIRAFEAU_ROOT . 'lib/config.local.php')) {
31 header('Location: install.php');
32 exit;
33 }
34
35 /* If called from CLI, no password or graphical interface */
36 if (php_sapi_name() == "cli") {
37 if ($cfg['installation_done'] == false) {
38 die("Installation not completed yet.\n");
39 }
40 if ((count($argv) > 1) && $argv[1] == 'clean_expired') {
41 $total = jirafeau_admin_clean();
42 echo "$total expired files deleted.\n";
43 } elseif ((count($argv) > 1) && $argv[1] == 'clean_async') {
44 $total = jirafeau_admin_clean_async();
45 echo "$total old unfinished transfers deleted.\n";
46 } else {
47 die("No command found. Should be admin.php <clean_expired|clean_async>.\n");
48 }
49 }
50 /* Second check: Challenge by IP */
51 elseif (true === jirafeau_challenge_admin_ip($cfg, get_ip_address($cfg))) {
52 /* Disable admin interface if we have a empty admin password. */
53 if (empty($cfg['admin_password']) && empty($cfg['admin_http_auth_user'])) {
54 require(JIRAFEAU_ROOT . 'lib/template/header.php');
55 echo '<div class="error"><p>'.
56 t('NO_ADMIN') .
57 '</p></div>';
58 require(JIRAFEAU_ROOT.'lib/template/footer.php');
59 exit;
60 }
61
62 /* Logout if requested. */
63 if (jirafeau_admin_session_logged() && isset($_POST['action']) && (strcmp($_POST['action'], 'logout') == 0)) {
64 jirafeau_session_end();
65 }
66
67 if (!jirafeau_admin_session_logged()) {
68 /* Test HTTP authentication. */
69 if (!empty($cfg['admin_http_auth_user']) &&
70 ((is_array($cfg['admin_http_auth_user']) && in_array($_SERVER['PHP_AUTH_USER'], $cfg['admin_http_auth_user'])) ||
71 (($cfg['admin_http_auth_user'] == $_SERVER['PHP_AUTH_USER'])))) {
72 jirafeau_admin_session_start();
73 }
74 /* Test web password authentication. */
75 elseif (!empty($cfg['admin_password']) && isset($_POST['admin_password'])) {
76 if ($cfg['admin_password'] === hash('sha256', $_POST['admin_password'])) {
77 jirafeau_admin_session_start();
78 } else {
79 require(JIRAFEAU_ROOT . 'lib/template/header.php');
80 echo '<div class="error"><p>'. t('BAD_PSW') . '</p></div>';
81 require(JIRAFEAU_ROOT.'lib/template/footer.php');
82 exit;
83 }
84 }
85 /* Admin password prompt form. */
86 else {
87 require(JIRAFEAU_ROOT . 'lib/template/header.php'); ?>
88 <form method="post" class="form login">
89 <fieldset>
90 <table>
91 <tr>
92 <td class = "label"><label for = "enter_password">
93 <?php echo t('ADMIN_PSW') . ':'; ?></label>
94 </td>
95 </tr>
96 <tr>
97 <td class = "field"><input type = "password"
98 name = "admin_password" id = "admin_password"
99 size = "40" autocomplete = "current-password" />
100 </td>
101 </tr>
102 <tr class = "nav">
103 <td class = "nav next">
104 <input type = "submit" name = "key" value =
105 "<?php echo t('LOGIN'); ?>" />
106 </td>
107 </tr>
108 </table>
109 </fieldset>
110 </form>
111 <?php
112 require(JIRAFEAU_ROOT.'lib/template/footer.php');
113 exit;
114 }
115 }
116
117 /* Operations may take a long time.
118 * Be sure PHP's safe mode is off.
119 */
120 @set_time_limit(0);
121
122 /* Show admin interface if not downloading a file. */
123 if (!(isset($_POST['action']) && strcmp($_POST['action'], 'download') == 0)) {
124 require(JIRAFEAU_ROOT . 'lib/template/header.php'); ?><h2><?php echo t('ADMIN_INTERFACE'); ?></h2><?php
125 ?><h2>(version <?php echo JIRAFEAU_VERSION ?>)</h2><?php
126
127 if ($cfg['enable_crypt'] && !(extension_loaded('sodium'))) {
128 echo '<div class="error"><p>'.t('SODIUM_UNAVAILABLE').'</p></div>';
129 }
130
131 ?><div id = "admin">
132 <fieldset><legend><?php echo t('ACTIONS'); ?></legend>
133 <table>
134 <form method="post">
135 <tr>
136 <input type = "hidden" name = "action" value = "clean"/>
137 <?php echo jirafeau_admin_csrf_field() ?>
138 <td class = "info">
139 <?php echo t('CLEAN_EXPIRED'); ?>
140 </td>
141 <td></td>
142 <td>
143 <input type = "submit" value = "<?php echo t('CLEAN'); ?>" />
144 </td>
145 </tr>
146 </form>
147 <form method="post">
148 <tr>
149 <input type = "hidden" name = "action" value = "clean_async"/>
150 <?php echo jirafeau_admin_csrf_field() ?>
151 <td class = "info">
152 <?php echo t('CLEAN_INCOMPLETE'); ?>
153 </td>
154 <td></td>
155 <td>
156 <input type = "submit" value = "<?php echo t('CLEAN'); ?>" />
157 </td>
158 </tr>
159 </form>
160 <form method="post">
161 <tr>
162 <input type = "hidden" name = "action" value = "list"/>
163 <?php echo jirafeau_admin_csrf_field() ?>
164 <td class = "info">
165 <?php echo t('LS_FILES'); ?>
166 </td>
167 <td></td>
168 <td>
169 <input type = "submit" value = "<?php echo t('LIST'); ?>" />
170 </td>
171 </tr>
172 </form>
173 <form method="post">
174 <tr>
175 <input type = "hidden" name = "action" value = "size"/>
176 <?php echo jirafeau_admin_csrf_field() ?>
177 <td class = "info">
178 <?php echo t('SIZE_DATA'); ?>
179 </td>
180 <td></td>
181 <td>
182 <input type = "submit" value = "<?php echo t('SIZE'); ?>" />
183 </td>
184 </tr>
185 </form>
186 <form method="post">
187 <tr>
188 <input type = "hidden" name = "action" value = "search_by_name"/>
189 <?php echo jirafeau_admin_csrf_field() ?>
190 <td class = "info">
191 <?php echo t('SEARCH_NAME'); ?>
192 </td>
193 <td>
194 <input type = "text" name = "name" id = "name"/>
195 </td>
196 <td>
197 <input type = "submit" value = "<?php echo t('SEARCH'); ?>" />
198 </td>
199 </tr>
200 </form>
201 <form method="post">
202 <tr>
203 <input type = "hidden" name = "action" value = "search_by_file_hash"/>
204 <?php echo jirafeau_admin_csrf_field() ?>
205 <td class = "info">
206 <?php echo t('SEARH_BY_HASH'); ?>
207 </td>
208 <td>
209 <input type = "text" name = "hash" id = "hash"/>
210 </td>
211 <td>
212 <input type = "submit" value = "<?php echo t('SEARCH'); ?>" />
213 </td>
214 </tr>
215 </form>
216 <form method="post">
217 <tr>
218 <input type = "hidden" name = "action" value = "search_link"/>
219 <?php echo jirafeau_admin_csrf_field() ?>
220 <td class = "info">
221 <?php echo t('SEARCH_LINK'); ?>
222 </td>
223 <td>
224 <input type = "text" name = "link" id = "link"/>
225 </td>
226 <td>
227 <input type = "submit" value = "<?php echo t('SEARCH'); ?>" />
228 </td>
229 </tr>
230 </form>
231 <form method="post">
232 <tr>
233 <input type = "hidden" name = "action" value = "bug_report_info"/>
234 <?php echo jirafeau_admin_csrf_field() ?>
235 <td class = "info">
236 <?php echo t('REPORTING_AN_ISSUE'); ?>
237 </td>
238 <td></td>
239 <td>
240 <input type = "submit" value = "<?php echo t('INFO'); ?>" />
241 </td>
242 </tr>
243 </form>
244 </table>
245 <form method="post">
246 <input type = "hidden" name = "action" value = "logout" />
247 <?php echo jirafeau_admin_csrf_field() ?>
248 <input type = "submit" value = "<?php echo t('LOGOUT'); ?>" />
249 </form>
250 </fieldset></div><?php
251 }
252
253 /* Check for actions */
254 if (isset($_POST['action'])) {
255 if (strcmp($_POST['action'], 'clean') == 0) {
256 $total = jirafeau_admin_clean();
257 echo '<div class="message">' . NL;
258 echo '<p>';
259 echo t('CLEANED_FILES_CNT') . ' : ' . $total;
260 echo '</p></div>';
261 } elseif (strcmp($_POST['action'], 'clean_async') == 0) {
262 $total = jirafeau_admin_clean_async();
263 echo '<div class="message">' . NL;
264 echo '<p>';
265 echo t('CLEANED_FILES_CNT') . ' : ' . $total;
266 echo '</p></div>';
267 } elseif (strcmp($_POST['action'], 'size') == 0) {
268 $size = jirafeau_dir_size($cfg['var_root']);
269 $human_size = jirafeau_human_size($size);
270 echo '<div class="message">' . NL;
271 echo '<p>' . t('SIZE_DATA') . ': ' . $human_size .'</p>';
272 echo '</div>';
273 } elseif (strcmp($_POST['action'], 'list') == 0) {
274 jirafeau_admin_list("", "", "");
275 } elseif (strcmp($_POST['action'], 'search_by_name') == 0) {
276 jirafeau_admin_list($_POST['name'], "", "");
277 } elseif (strcmp($_POST['action'], 'search_by_file_hash') == 0) {
278 jirafeau_admin_list("", $_POST['hash'], "");
279 } elseif (strcmp($_POST['action'], 'search_link') == 0) {
280 jirafeau_admin_list("", "", $_POST['link']);
281 } elseif (strcmp($_POST['action'], 'delete_link') == 0) {
282 jirafeau_delete_link($_POST['link']);
283 echo '<div class="message">' . NL;
284 echo '<p>' . t('LINK_DELETED') . '</p></div>';
285 } elseif (strcmp($_POST['action'], 'delete_file') == 0) {
286 $count = jirafeau_delete_file($_POST['hash']);
287 echo '<div class="message">' . NL;
288 echo '<p>' . t('DELETED_LINKS') . ' : ' . $count . '</p></div>';
289 } elseif (strcmp($_POST['action'], 'download') == 0) {
290 $l = jirafeau_get_link($_POST['link']);
291 if (!count($l)) {
292 return;
293 }
294 $p = s2p($l['hash']);
295 header('Content-Length: ' . $l['file_size']);
296 header('Content-Type: ' . $l['mime_type']);
297 header('Content-Disposition: attachment; filename="' .
298 $l['file_name'] . '"');
299 if (file_exists(VAR_FILES . $p . $l['hash'])) {
300 $r = fopen(VAR_FILES . $p . $l['hash'], 'r');
301 while (!feof($r)) {
302 print fread($r, 1024);
303 }
304 fclose($r);
305 }
306 exit;
307 } elseif (strcmp($_POST['action'], 'bug_report_info') == 0) {
308 echo jirafeau_admin_bug_report($cfg);
309 }
310 }
311
312 require(JIRAFEAU_ROOT.'lib/template/footer.php');
313 } else {
314 require(JIRAFEAU_ROOT . 'lib/template/header.php');
315 jirafeau_fatal_error(t('ACCESS_KO'), $cfg);
316 }
317 ?>

patrick-canterino.de