]> git.p6c8.net - jirafeau.git/blob - admin.php
Removed the download button and the corresponding link for encrypted files from the...
[jirafeau.git] / admin.php
1 <?php
2 /*
3 * Jirafeau, your web file repository
4 * Copyright (C) 2008 Julien "axolotl" BERNARD <axolotl@magieeternelle.org>
5 * Copyright (C) 2015 Jerome Jutteau <jerome@jutteau.fr>
6 * Copyright (C) 2024 Jirafeau project <https://gitlab.com/jirafeau> (see AUTHORS.md)
7 *
8 * This program is free software: you can redistribute it and/or modify
9 * it under the terms of the GNU Affero General Public License as
10 * published by the Free Software Foundation, either version 3 of the
11 * License, or (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU Affero General Public License for more details.
17 *
18 * You should have received a copy of the GNU Affero General Public License
19 * along with this program. If not, see <https://www.gnu.org/licenses/>.
20 */
21 session_start();
22 define('JIRAFEAU_ROOT', dirname(__FILE__) . '/');
23
24 require(JIRAFEAU_ROOT . 'lib/settings.php');
25 require(JIRAFEAU_ROOT . 'lib/functions.php');
26 require(JIRAFEAU_ROOT . 'lib/lang.php');
27
28 /* Check if installation is OK. */
29 if (file_exists(JIRAFEAU_ROOT . 'install.php')
30 && !file_exists(JIRAFEAU_ROOT . 'lib/config.local.php')) {
31 header('Location: install.php');
32 exit;
33 }
34
35 /* If called from CLI, no password or graphical interface */
36 if (php_sapi_name() == "cli") {
37 if ($cfg['installation_done'] == false) {
38 die("Installation not completed yet.\n");
39 }
40 if ((count($argv)>1) && $argv[1]=="clean_expired") {
41 $total = jirafeau_admin_clean();
42 echo "$total expired files deleted.\n";
43 } elseif ((count($argv)>1) && $argv[1]=="clean_async") {
44 $total = jirafeau_admin_clean_async();
45 echo "$total old unfinished transfers deleted.\n";
46 } else {
47 die("No command found. Should be admin.php <clean_expired|clean_async>.\n");
48 }
49 // Second check: Challenge by IP
50 } elseif (true === jirafeau_challenge_admin_ip($cfg, get_ip_address($cfg))) {
51 /* Disable admin interface if we have a empty admin password. */
52 if (empty($cfg['admin_password']) && empty($cfg['admin_http_auth_user'])) {
53 require(JIRAFEAU_ROOT . 'lib/template/header.php');
54 echo '<div class="error"><p>'.
55 t('NO_ADMIN') .
56 '</p></div>';
57 require(JIRAFEAU_ROOT.'lib/template/footer.php');
58 exit;
59 }
60
61 /* Logout if requested. */
62 if (jirafeau_admin_session_logged() && isset($_POST['action']) && (strcmp($_POST['action'], 'logout') == 0)) {
63 jirafeau_session_end();
64 }
65
66 if (!jirafeau_admin_session_logged()) {
67 /* Test HTTP authentication. */
68 if (!empty($cfg['admin_http_auth_user']) &&
69 ((is_array($cfg['admin_http_auth_user']) && in_array($_SERVER['PHP_AUTH_USER'], $cfg['admin_http_auth_user'])) ||
70 (($cfg['admin_http_auth_user'] == $_SERVER['PHP_AUTH_USER'])))) {
71 jirafeau_admin_session_start();
72 }
73 /* Test web password authentication. */
74 elseif (!empty($cfg['admin_password']) && isset($_POST['admin_password'])) {
75 if ($cfg['admin_password'] === hash('sha256', $_POST['admin_password'])) {
76 jirafeau_admin_session_start();
77 } else {
78 require(JIRAFEAU_ROOT . 'lib/template/header.php');
79 echo '<div class="error"><p>'. t('BAD_PSW') . '</p></div>';
80 require(JIRAFEAU_ROOT.'lib/template/footer.php');
81 exit;
82 }
83 }
84 /* Admin password prompt form. */
85 else {
86 require(JIRAFEAU_ROOT . 'lib/template/header.php'); ?>
87 <form method="post" class="form login">
88 <fieldset>
89 <table>
90 <tr>
91 <td class = "label"><label for = "enter_password">
92 <?php echo t('ADMIN_PSW') . ':'; ?></label>
93 </td>
94 </tr>
95 <tr>
96 <td class = "field"><input type = "password"
97 name = "admin_password" id = "admin_password"
98 size = "40" autocomplete = "current-password" />
99 </td>
100 </tr>
101 <tr class = "nav">
102 <td class = "nav next">
103 <input type = "submit" name = "key" value =
104 "<?php echo t('LOGIN'); ?>" />
105 </td>
106 </tr>
107 </table>
108 </fieldset>
109 </form>
110 <?php
111 require(JIRAFEAU_ROOT.'lib/template/footer.php');
112 exit;
113 }
114 }
115
116 /* Operations may take a long time.
117 * Be sure PHP's safe mode is off.
118 */
119 @set_time_limit(0);
120
121 /* Show admin interface if not downloading a file. */
122 if (!(isset($_POST['action']) && strcmp($_POST['action'], 'download') == 0)) {
123 require(JIRAFEAU_ROOT . 'lib/template/header.php'); ?><h2><?php echo t('ADMIN_INTERFACE'); ?></h2><?php
124 ?><h2>(version <?php echo JIRAFEAU_VERSION ?>)</h2><?php
125
126 if ($cfg['enable_crypt'] && !(extension_loaded('sodium'))) {
127 echo '<div class="error"><p>'.t('SODIUM_UNAVAILABLE').'</p></div>';
128 }
129
130 ?><div id = "admin">
131 <fieldset><legend><?php echo t('ACTIONS'); ?></legend>
132 <table>
133 <form method="post">
134 <tr>
135 <input type = "hidden" name = "action" value = "clean"/>
136 <?php echo jirafeau_admin_csrf_field() ?>
137 <td class = "info">
138 <?php echo t('CLEAN_EXPIRED'); ?>
139 </td>
140 <td></td>
141 <td>
142 <input type = "submit" value = "<?php echo t('CLEAN'); ?>" />
143 </td>
144 </tr>
145 </form>
146 <form method="post">
147 <tr>
148 <input type = "hidden" name = "action" value = "clean_async"/>
149 <?php echo jirafeau_admin_csrf_field() ?>
150 <td class = "info">
151 <?php echo t('CLEAN_INCOMPLETE'); ?>
152 </td>
153 <td></td>
154 <td>
155 <input type = "submit" value = "<?php echo t('CLEAN'); ?>" />
156 </td>
157 </tr>
158 </form>
159 <form method="post">
160 <tr>
161 <input type = "hidden" name = "action" value = "list"/>
162 <?php echo jirafeau_admin_csrf_field() ?>
163 <td class = "info">
164 <?php echo t('LS_FILES'); ?>
165 </td>
166 <td></td>
167 <td>
168 <input type = "submit" value = "<?php echo t('LIST'); ?>" />
169 </td>
170 </tr>
171 </form>
172 <form method="post">
173 <tr>
174 <input type = "hidden" name = "action" value = "size"/>
175 <?php echo jirafeau_admin_csrf_field() ?>
176 <td class = "info">
177 <?php echo t('SIZE_DATA'); ?>
178 </td>
179 <td></td>
180 <td>
181 <input type = "submit" value = "<?php echo t('SIZE'); ?>" />
182 </td>
183 </tr>
184 </form>
185 <form method="post">
186 <tr>
187 <input type = "hidden" name = "action" value = "search_by_name"/>
188 <?php echo jirafeau_admin_csrf_field() ?>
189 <td class = "info">
190 <?php echo t('SEARCH_NAME'); ?>
191 </td>
192 <td>
193 <input type = "text" name = "name" id = "name"/>
194 </td>
195 <td>
196 <input type = "submit" value = "<?php echo t('SEARCH'); ?>" />
197 </td>
198 </tr>
199 </form>
200 <form method="post">
201 <tr>
202 <input type = "hidden" name = "action" value = "search_by_file_hash"/>
203 <?php echo jirafeau_admin_csrf_field() ?>
204 <td class = "info">
205 <?php echo t('SEARH_BY_HASH'); ?>
206 </td>
207 <td>
208 <input type = "text" name = "hash" id = "hash"/>
209 </td>
210 <td>
211 <input type = "submit" value = "<?php echo t('SEARCH'); ?>" />
212 </td>
213 </tr>
214 </form>
215 <form method="post">
216 <tr>
217 <input type = "hidden" name = "action" value = "search_link"/>
218 <?php echo jirafeau_admin_csrf_field() ?>
219 <td class = "info">
220 <?php echo t('SEARCH_LINK'); ?>
221 </td>
222 <td>
223 <input type = "text" name = "link" id = "link"/>
224 </td>
225 <td>
226 <input type = "submit" value = "<?php echo t('SEARCH'); ?>" />
227 </td>
228 </tr>
229 </form>
230 <form method="post">
231 <tr>
232 <input type = "hidden" name = "action" value = "bug_report_info"/>
233 <?php echo jirafeau_admin_csrf_field() ?>
234 <td class = "info">
235 <?php echo t('REPORTING_AN_ISSUE'); ?>
236 </td>
237 <td></td>
238 <td>
239 <input type = "submit" value = "<?php echo t('INFO'); ?>" />
240 </td>
241 </tr>
242 </form>
243 </table>
244 <form method="post">
245 <input type = "hidden" name = "action" value = "logout" />
246 <?php echo jirafeau_admin_csrf_field() ?>
247 <input type = "submit" value = "<?php echo t('LOGOUT'); ?>" />
248 </form>
249 </fieldset></div><?php
250 }
251
252 /* Check for actions */
253 if (isset($_POST['action'])) {
254 if (strcmp($_POST['action'], 'clean') == 0) {
255 $total = jirafeau_admin_clean();
256 echo '<div class="message">' . NL;
257 echo '<p>';
258 echo t('CLEANED_FILES_CNT') . ' : ' . $total;
259 echo '</p></div>';
260 } elseif (strcmp($_POST['action'], 'clean_async') == 0) {
261 $total = jirafeau_admin_clean_async();
262 echo '<div class="message">' . NL;
263 echo '<p>';
264 echo t('CLEANED_FILES_CNT') . ' : ' . $total;
265 echo '</p></div>';
266 } elseif (strcmp($_POST['action'], 'size') == 0) {
267 $size = jirafeau_dir_size($cfg['var_root']);
268 $human_size = jirafeau_human_size($size);
269 echo '<div class="message">' . NL;
270 echo '<p>' . t('SIZE_DATA') . ': ' . $human_size .'</p>';
271 echo '</div>';
272 } elseif (strcmp($_POST['action'], 'list') == 0) {
273 jirafeau_admin_list("", "", "");
274 } elseif (strcmp($_POST['action'], 'search_by_name') == 0) {
275 jirafeau_admin_list($_POST['name'], "", "");
276 } elseif (strcmp($_POST['action'], 'search_by_file_hash') == 0) {
277 jirafeau_admin_list("", $_POST['hash'], "");
278 } elseif (strcmp($_POST['action'], 'search_link') == 0) {
279 jirafeau_admin_list("", "", $_POST['link']);
280 } elseif (strcmp($_POST['action'], 'delete_link') == 0) {
281 jirafeau_delete_link($_POST['link']);
282 echo '<div class="message">' . NL;
283 echo '<p>' . t('LINK_DELETED') . '</p></div>';
284 } elseif (strcmp($_POST['action'], 'delete_file') == 0) {
285 $count = jirafeau_delete_file($_POST['hash']);
286 echo '<div class="message">' . NL;
287 echo '<p>' . t('DELETED_LINKS') . ' : ' . $count . '</p></div>';
288 } elseif (strcmp($_POST['action'], 'download') == 0) {
289 $l = jirafeau_get_link($_POST['link']);
290 if (!count($l)) {
291 return;
292 }
293 $p = s2p($l['hash']);
294 header('Content-Length: ' . $l['file_size']);
295 header('Content-Type: ' . $l['mime_type']);
296 header('Content-Disposition: attachment; filename="' .
297 $l['file_name'] . '"');
298 if (file_exists(VAR_FILES . $p . $l['hash'])) {
299 $r = fopen(VAR_FILES . $p . $l['hash'], 'r');
300 while (!feof($r)) {
301 print fread($r, 1024);
302 }
303 fclose($r);
304 }
305 exit;
306 } elseif (strcmp($_POST['action'], 'bug_report_info') == 0) {
307 echo jirafeau_admin_bug_report($cfg);
308 }
309 }
310
311 require(JIRAFEAU_ROOT.'lib/template/footer.php');
312 } else {
313 require(JIRAFEAU_ROOT . 'lib/template/header.php');
314 jirafeau_fatal_error(t('ACCESS_KO'), $cfg);
315 }
316 ?>

patrick-canterino.de