]> git.p6c8.net - jirafeau.git/blob - index.php
git.p6c8.net / jirafeau.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[BUGFIX] run session_start before outputing any html
[jirafeau.git] / index.php
1 <?php
2 /*
3 * Jirafeau, your web file repository
4 * Copyright (C) 2013
5 * Jerome Jutteau <j.jutteau@gmail.com>
6 * Jimmy Beauvois <jimmy.beauvois@gmail.com>
7 *
8 * This program is free software: you can redistribute it and/or modify
9 * it under the terms of the GNU Affero General Public License as
10 * published by the Free Software Foundation, either version 3 of the
11 * License, or (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU Affero General Public License for more details.
17 *
18 * You should have received a copy of the GNU Affero General Public License
19 * along with this program. If not, see <https://www.gnu.org/licenses/>.
20 */
21 session_start();
22 define('JIRAFEAU_ROOT', dirname(__FILE__) . '/');
23
24 require(JIRAFEAU_ROOT . 'lib/settings.php');
25 require(JIRAFEAU_ROOT . 'lib/functions.php');
26 require(JIRAFEAU_ROOT . 'lib/lang.php');
27
28 check_errors($cfg);
29 if (has_error()) {
30 show_errors();
31 require(JIRAFEAU_ROOT . 'lib/template/footer.php');
32 exit;
33 }
34
35 require(JIRAFEAU_ROOT . 'lib/template/header.php');
36
37 /* Check if user is allowed to upload. */
38 // First check: Challenge by IP
39 if (true === jirafeau_challenge_upload_ip($cfg['upload_ip'], get_ip_address($cfg))) {
40 // Is an upload password required?
41 if (jirafeau_has_upload_password($cfg)) {
42 // Logout action
43 if (isset($_POST['action']) && (strcmp($_POST['action'], 'logout') == 0)) {
44 session_unset();
45 }
46
47 // Challenge by password
48 // …save successful logins in session
49 if (isset($_POST['upload_password'])) {
50 if (jirafeau_challenge_upload_password($cfg, $_POST['upload_password'])) {
51 $_SESSION['upload_auth'] = true;
52 $_SESSION['user_upload_password'] = $_POST['upload_password'];
53 } else {
54 $_SESSION['admin_auth'] = false;
55 jirafeau_fatal_error(t('Wrong password.'), $cfg);
56 }
57 }
58
59 // Show login form if user session is not authorized yet
60 if (true === empty($_SESSION['upload_auth'])) {
61 ?>
62 <form method="post" class="form login">
63 <fieldset>
64 <table>
65 <tr>
66 <td class = "label"><label for = "enter_password">
67 <?php echo t('Upload password') . ':'; ?></label>
68 </td>
69 </tr><tr>
70 <td class = "field"><input type = "password"
71 name = "upload_password" id = "upload_password"
72 size = "40" />
73 </td>
74 </tr>
75 <tr class = "nav">
76 <td class = "nav next">
77 <input type = "submit" name = "key" value =
78 "<?php echo t('Login'); ?>" />
79 </td>
80 </tr>
81 </table>
82 </fieldset>
83 </form>
84 <?php
85 require(JIRAFEAU_ROOT.'lib/template/footer.php');
86 exit;
87 }
88 }
89 }
90 else {
91 jirafeau_fatal_error(t('Access denied'), $cfg);
92 }
93
94 ?>
95 <div id="upload_finished">
96 <p><?php echo t('File uploaded !') ?></p>
97
98 <div id="upload_finished_download_page">
99 <p>
100 <a id="upload_link" href=""><?php echo t('Download page') ?></a>
101 <a id="upload_link_email" href=""><img id="upload_image_email"/></a>
102 <button id="upload_link_button"></button>
103 </p>
104 </div>
105
106 <?php if ($cfg['preview'] == true) {
107 ?>
108 <div id="upload_finished_preview">
109 <p>
110 <a id="preview_link" href=""><?php echo t('View link') ?></a>
111 <button id="preview_link_button"></button>
112 </p>
113 </div>
114 <?php
115 } ?>
116
117 <div id="upload_direct_download">
118 <p>
119 <a id="direct_link" href=""><?php echo t('Direct download link') ?></a>
120 <button id="direct_link_button"></button>
121 </p>
122 </div>
123
124 <div id="upload_delete">
125 <p>
126 <a id="delete_link" href=""><?php echo t('Delete link') ?></a>
127 <button id="delete_link_button"></button>
128 </p>
129 </div>
130
131 <div id="upload_validity">
132 <p><?php echo t('This file is valid until the following date'); ?>:</p>
133 <p id="date"></p>
134 </div>
135 </div>
136
137 <div id="uploading">
138 <p>
139 <?php echo t('Uploading ...'); ?>
140 <div id="uploaded_percentage"></div>
141 <div id="uploaded_speed"></div>
142 <div id="uploaded_time"></div>
143 </p>
144 </div>
145
146 <div id="error_pop" class="error">
147 </div>
148
149 <div id="upload">
150 <fieldset>
151 <legend>
152 <?php echo t('Select a file'); ?>
153 </legend>
154 <p>
155 <input type="file" id="file_select" size="30"
156 onchange="control_selected_file_size(<?php echo $cfg['maximal_upload_size'] ?>, '<?php echo t('File is too big') . ', ' . t('File size is limited to') . " " . $cfg['maximal_upload_size'] . " MB"; ?>')"/>
157 </p>
158
159 <div id="options">
160 <table id="option_table">
161 <tr>
162 <td><?php echo t('One time download'); ?>:</td>
163 <td><input type="checkbox" id="one_time_download" /></td>
164 </tr>
165 <tr>
166 <td><label for="input_key"><?php echo t('Password') . ':'; ?></label></td>
167 <td><input type="text" name="key" id="input_key" /></td>
168 </tr>
169 <tr>
170 <td><label for="select_time"><?php echo t('Time limit') . ':'; ?></label></td>
171 <td><select name="time" id="select_time">
172 <?php
173 $expirationTimeOptions = array(
174 array(
175 'value' => 'minute',
176 'label' => 'One minute'
177 ),
178 array(
179 'value' => 'hour',
180 'label' => 'One hour'
181 ),
182 array(
183 'value' => 'day',
184 'label' => 'One day'
185 ),
186 array(
187 'value' => 'week',
188 'label' => 'One week'
189 ),
190 array(
191 'value' => 'month',
192 'label' => 'One month'
193 ),
194 array(
195 'value' => 'quarter',
196 'label' => 'One quarter'
197 ),
198 array(
199 'value' => 'year',
200 'label' => 'One year'
201 ),
202 array(
203 'value' => 'none',
204 'label' => 'None'
205 )
206 );
207 foreach ($expirationTimeOptions as $expirationTimeOption) {
208 $selected = ($expirationTimeOption['value'] === $cfg['availability_default'])? 'selected="selected"' : '';
209 if (true === $cfg['availabilities'][$expirationTimeOption['value']]) {
210 echo '<option value="' . $expirationTimeOption['value'] . '" ' .
211 $selected . '>' . t($expirationTimeOption['label']) . '</option>';
212 }
213 }
214 ?>
215 </select></td>
216 </tr>
217
218 <?php
219 if ($cfg['maximal_upload_size'] > 0) {
220 echo '<p class="config">' . t('File size is limited to');
221 echo " " . $cfg['maximal_upload_size'] . " MB</p>";
222 }
223 ?>
224
225 <p id="max_file_size" class="config"></p>
226 <p>
227 <?php
228 if (jirafeau_has_upload_password($cfg) && $_SESSION['upload_auth']) {
229 ?>
230 <input type="hidden" id="upload_password" name="upload_password" value="<?php echo $_SESSION['user_upload_password'] ?>"/>
231 <?php
232
233 } else {
234 ?>
235 <input type="hidden" id="upload_password" name="upload_password" value=""/>
236 <?php
237
238 }
239 ?>
240 <input type="submit" id="send" value="<?php echo t('Send'); ?>"
241 onclick="
242 document.getElementById('upload').style.display = 'none';
243 document.getElementById('uploading').style.display = '';
244 upload (<?php echo jirafeau_get_max_upload_size_bytes(); ?>);
245 "/>
246 </p>
247 </table>
248 </div> </fieldset>
249
250 <?php
251 if (jirafeau_has_upload_password($cfg)) {
252 ?>
253 <form method="post" class="form logout">
254 <input type = "hidden" name = "action" value = "logout"/>
255 <input type = "submit" value = "<?php echo t('Logout'); ?>" />
256 </form>
257 <?php
258
259 }
260 ?>
261
262 </div>
263
264 <script type="text/javascript" lang="Javascript">
265 document.getElementById('error_pop').style.display = 'none';
266 document.getElementById('uploading').style.display = 'none';
267 document.getElementById('upload_finished').style.display = 'none';
268 document.getElementById('options').style.display = 'none';
269 document.getElementById('send').style.display = 'none';
270 if (!check_html5_file_api ())
271 document.getElementById('max_file_size').innerHTML = '<?php
272 echo t('You browser may not support HTML5 so the maximum file size is ') . jirafeau_get_max_upload_size();
273 ?>';
274
275 addCopyListener('upload_link_button', 'upload_link');
276 addCopyListener('preview_link_button', 'preview_link');
277 addCopyListener('direct_link_button', 'direct_link');
278 addCopyListener('delete_link_button', 'delete_link');
279 </script>
280 <?php require(JIRAFEAU_ROOT . 'lib/template/footer.php'); ?>
My fork of Jirafeau

patrick-canterino.de