]>
git.p6c8.net - jirafeau.git/blob - f.php
3 * Jirafeau, your web file repository
4 * Copyright (C) 2008 Julien "axolotl" BERNARD <axolotl@magieeternelle.org>
5 * Copyright (C) 2015 Jerome Jutteau <j.jutteau@gmail.com>
7 * This program is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU Affero General Public License as
9 * published by the Free Software Foundation, either version 3 of the
10 * License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Affero General Public License for more details.
17 * You should have received a copy of the GNU Affero General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
20 define('JIRAFEAU_ROOT', dirname(__FILE__
) . '/');
22 require(JIRAFEAU_ROOT
. 'lib/settings.php');
23 require(JIRAFEAU_ROOT
. 'lib/functions.php');
24 require(JIRAFEAU_ROOT
. 'lib/lang.php');
26 if (!isset($_GET['h']) ||
empty($_GET['h'])) {
27 header('Location: ./');
31 /* Operations may take a long time.
32 * Be sure PHP's safe mode is off.
38 $link_name = $_GET['h'];
40 if (!preg_match('/[0-9a-zA-Z_-]+$/', $link_name)) {
41 require(JIRAFEAU_ROOT
.'lib/template/header.php');
42 echo '<div class="error"><p>' . t('FILE_404') . '</p></div>';
43 require(JIRAFEAU_ROOT
.'lib/template/footer.php');
47 $link = jirafeau_get_link($link_name);
48 if (count($link) == 0) {
49 require(JIRAFEAU_ROOT
.'lib/template/header.php');
50 echo '<div class="error"><p>' . t('FILE_404') .
52 require(JIRAFEAU_ROOT
.'lib/template/footer.php');
57 if (isset($_GET['d']) && !empty($_GET['d']) && $_GET['d'] != '1') {
58 $delete_code = $_GET['d'];
62 if (isset($_GET['k']) && !empty($_GET['k'])) {
63 $crypt_key = $_GET['k'];
67 if (isset($_GET['d']) && $_GET['d'] == '1') {
72 if (isset($_GET['p']) && !empty($_GET['p'])) {
76 $p = s2p($link['md5']);
77 if (!file_exists(VAR_FILES
. $p . $link['md5'])) {
78 jirafeau_delete_link($link_name);
79 require(JIRAFEAU_ROOT
.'lib/template/header.php');
80 echo '<div class="error"><p>'.t('FILE_NOT_AVAIL').
82 require(JIRAFEAU_ROOT
.'lib/template/footer.php');
86 if (!empty($delete_code) && $delete_code == $link['link_code']) {
87 require(JIRAFEAU_ROOT
.'lib/template/header.php');
88 if (isset($_POST['do_delete'])) {
89 jirafeau_delete_link($link_name);
90 echo '<div class="message"><p>'.t('FILE_DELETED').
94 <form action
="f.php" method
="post" id
="submit_delete_post" class="form login">
95 <input type
="hidden" name
="do_delete" value
=1/>
97 <legend
> <?php
echo t('CONFIRM_DEL') ?
> </legend
>
100 <?php
echo t('GONNA_DEL') . ' "' . jirafeau_escape($link['file_name']) . '" (' . jirafeau_human_size($link['file_size']) . ').' ?
>
103 <?php
echo t('USING_SERIVCE'). ' <a href="tos.php">' . t('TOS') . '</a>.' ?
>
106 <input type
="submit" id
="submit_delete" value
="<?php echo t('DELETE'); ?>"
107 onclick
="document.getElementById('submit_delete_post').action='<?php echo 'f.php?h=' . $link_name . '&d=' . $delete_code . "';"; ?>
108 document.getElementById('submit_delete
').submit ();"/>
111 </fieldset></form></div><?php
113 require(JIRAFEAU_ROOT.'lib
/template
/footer
.php
');
117 if ($link['time
'] != JIRAFEAU_INFINITY && time() > $link['time
']) {
118 jirafeau_delete_link($link_name);
119 require(JIRAFEAU_ROOT.'lib
/template
/header
.php
');
120 echo '<div
class="error"><p
>'.
121 t('FILE_EXPIRED
') . ' ' .
124 require(JIRAFEAU_ROOT . 'lib
/template
/footer
.php
');
128 if (empty($crypt_key) && $link['crypted
']) {
129 require(JIRAFEAU_ROOT.'lib
/template
/header
.php
');
130 echo '<div
class="error"><p
>' . t('FILE_404
') .
132 require(JIRAFEAU_ROOT.'lib
/template
/footer
.php
');
136 $password_challenged = false;
137 if (!empty($link['key
'])) {
138 if (!isset($_POST['key
'])) {
139 require(JIRAFEAU_ROOT.'lib
/template
/header
.php
');
141 '<form action
="f.php" method
="post" id
="submit_post" class="form login">'; ?>
142 <input type = "hidden" name = "jirafeau" value = "<?php echo JIRAFEAU_VERSION ?>"/><?php
144 '<legend
>' . t('PSW_PROTEC
') .
145 '</legend
><table
><tr
><td
>' .
146 t('GIMME_PSW
') . ' : ' .
147 '<input type
= "password" name
= "key" />' .
150 t('USING_SERIVCE
'). ' <a href
="tos.php">' . t('TOS
') . '</a
>.' .
153 if ($link['onetime
'] == 'O
') {
154 echo '<tr
><td id
="self_destruct">' .
157 } ?><tr><td><input type="submit" id = "submit_download" value="<?php echo t('DL
'); ?>"
158 onclick="document.getElementById('submit_post
').action='<?php
159 echo 'f.php?h=' . $link_name . '&d=1';
160 if (!empty($crypt_key)) {
161 echo '&k=' . urlencode($crypt_key);
163 document.getElementById('submit_download
').submit ();"/><?php
164 if ($cfg['preview
'] && jirafeau_is_viewable($link['mime_type
'])) {
165 ?><input type="submit" id = "submit_preview" value="<?php echo t('PREVIEW
'); ?>"
166 onclick="document.getElementById('submit_post
').action='<?php
167 echo 'f.php?h=' . $link_name . '&p=1';
168 if (!empty($crypt_key)) {
169 echo '&k=' . urlencode($crypt_key);
171 document.getElementById('submit_preview
').submit ();"/><?php
174 echo '</td
></tr
></table
></fieldset
></form
></div
>';
175 require(JIRAFEAU_ROOT.'lib
/template
/footer
.php
');
178 if ($link['key
'] == md5($_POST['key
'])) {
179 $password_challenged = true;
182 require(JIRAFEAU_ROOT.'lib
/template
/header
.php
');
183 echo '<div
class="error"><p
>' . t('ACCESS_KO
') .
185 require(JIRAFEAU_ROOT.'lib
/template
/footer
.php
');
191 if (!$password_challenged && !$do_download && !$do_preview) {
192 require(JIRAFEAU_ROOT.'lib
/template
/header
.php
');
194 '<form action
="f.php" method
="post" id
="submit_post" class="form download">'; ?>
195 <input type = "hidden" name = "jirafeau" value = "<?php echo JIRAFEAU_VERSION ?>"/><?php
196 echo '<fieldset
><legend
>' . jirafeau_escape($link['file_name
']) . '</legend
><table
>' .
198 t('NOW_DOWNLOADING
') . ' "' . jirafeau_escape($link['file_name']) . '" (' . jirafeau_human_size($link['file_size
']) . ').' .
201 t('USING_SERIVCE
'). ' <a href
="tos.php">' . t('TOS
') . '</a
>.' .
204 if ($link['onetime
'] == 'O
') {
205 echo '<tr
><td id
="self_destruct">' .
209 <tr><td><input type="submit" id = "submit_download" value="<?php echo t('DL
'); ?>"
210 onclick="document.getElementById('submit_post
').action='<?php
211 echo 'f.php?h=' . $link_name . '&d=1';
212 if (!empty($crypt_key)) {
213 echo '&k=' . urlencode($crypt_key);
215 document.getElementById('submit_post
').submit ();"/><?php
217 if ($cfg['preview
'] && jirafeau_is_viewable($link['mime_type
'])) {
218 ?><input type="submit" id = "submit_preview" value="<?php echo t('PREVIEW
'); ?>"
219 onclick="document.getElementById('submit_post
').action='<?php
220 echo 'f.php?h=' . $link_name . '&p=1';
221 if (!empty($crypt_key)) {
222 echo '&k=' . urlencode($crypt_key);
224 document.getElementById('submit_post
').submit ();"/><?php
228 echo '</table
></fieldset
></form
></div
>';
229 require(JIRAFEAU_ROOT.'lib
/template
/footer
.php
');
233 header('HTTP
/1.0 200 OK
');
234 header('Content
-Length
: ' . $link['file_size
']);
235 if (!jirafeau_is_viewable($link['mime_type
']) || !$cfg['preview
'] || $do_download) {
236 header('Content
-Disposition
: attachment
; filename
="' . $link['file_name'] . '"');
238 header('Content
-Disposition
: filename
="' . $link['file_name'] . '"');
240 header('Content
-Type
: ' . $link['mime_type
']);
241 header('Content
-MD5
: ' . hex_to_base64($link['md5
']));
243 /* Read encrypted file. */
244 if ($link['crypted
']) {
246 $m = mcrypt_module_open('rijndael
-256', '', 'ofb
', '');
247 /* Extract key and iv. */
248 $md5_key = md5($crypt_key);
249 $iv = jirafeau_crypt_create_iv($md5_key, mcrypt_enc_get_iv_size($m));
251 mcrypt_generic_init($m, $md5_key, $iv);
253 $r = fopen(VAR_FILES . $p . $link['md5
'], 'r
');
255 $dec = mdecrypt_generic($m, fread($r, 1024));
261 mcrypt_generic_deinit($m);
262 mcrypt_module_close($m);
266 $r = fopen(VAR_FILES . $p . $link['md5
'], 'r
');
268 print fread($r, 1024);
274 if ($link['onetime
'] == 'O
') {
275 jirafeau_delete_link($link_name);
patrick-canterino.de