<?php
/*
* Jirafeau, your web file repository
- * Copyright (C) 2015 Jerome Jutteau <j.jutteau@gmail.com>
+ * Copyright (C) 2008 Julien "axolotl" BERNARD <axolotl@magieeternelle.org>
+ * Copyright (C) 2015 Jerome Jutteau <jerome@jutteau.fr>
+ * Copyright (C) 2024 Jirafeau project <https://gitlab.com/jirafeau> (see AUTHORS.md)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
-/*
- * This file permits to easyly script file sending, receiving, deleting, ...
- * If you don't want this feature, you can simply delete this file from your
- * web directory.
- */
+/* This file offer a kind of API for jirafeau. */
+
define('JIRAFEAU_ROOT', dirname(__FILE__) . '/');
require(JIRAFEAU_ROOT . 'lib/settings.php');
require(JIRAFEAU_ROOT . 'lib/functions.php');
require(JIRAFEAU_ROOT . 'lib/lang.php');
- global $script_langages;
- $script_langages = array('bash' => 'Bash');
+global $script_langages;
+$script_langages = array('bash' => 'Bash');
/* Operations may take a long time.
* Be sure PHP's safe mode is off.
*/
@set_time_limit(0);
-/* Remove errors. */
-@error_reporting(0);
if ($_SERVER['REQUEST_METHOD'] == "GET" && count($_GET) == 0) {
require(JIRAFEAU_ROOT . 'lib/template/header.php');
<div class="info">
<h2>Scripting interface</h2>
<p>This interface permits to script your uploads and downloads.</p>
- <p>See <a href="https://gitlab.com/mojo42/Jirafeau/blob/master/script.php">source code</a> of this interface to get available calls :)</p>
+ <p>See <a href="<?php echo JIRAFEAU_WEBSITE ?>/blob/master/script.php">source code</a> of this interface to get available calls :)</p>
<p>You may download a preconfigured <a href="script.php?lang=bash">Bash Script</a> to easily send to and get files from the API via command line.</p>
</div>
<br />
exit;
}
+session_start();
+
/* Upload file */
if (isset($_FILES['file']) && is_writable(VAR_FILES)
&& is_writable(VAR_LINKS)) {
- if (isset ($_POST['upload_password'])) {
- if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
+ if (!jirafeau_user_session_logged()) {
+ if (isset($_POST['upload_password']) &&
+ !jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
echo 'Error 3: Invalid password';
exit;
- }
- } else {
- if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), null)) {
+ } elseif (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), null)) {
echo 'Error 2: No password nor allowed IP';
exit;
}
}
-
+
$key = '';
if (isset($_POST['key'])) {
$key = $_POST['key'];
+ if ($cfg['download_password_requirement'] !== 'generated' && $cfg['download_password_policy'] === 'regex') {
+ if (!preg_match($cfg['download_password_policy_regex'], $key)) {
+ echo 'Error 14: The download password is not complying to the security standards.';
+ exit;
+ }
+ }
+ } elseif ($cfg['download_password_requirement'] !== 'optional') {
+ echo 'Error 13: The parameter password is required.';
+ exit;
}
- $time = time();
if (!isset($_POST['time']) || !$cfg['availabilities'][$_POST['time']]) {
echo 'Error 4: The parameter time is invalid.';
exit;
} else {
- switch ($_POST['time']) {
- case 'minute':
- $time += JIRAFEAU_MINUTE;
- break;
- case 'hour':
- $time += JIRAFEAU_HOUR;
- break;
- case 'day':
- $time += JIRAFEAU_DAY;
- break;
- case 'week':
- $time += JIRAFEAU_WEEK;
- break;
- case 'month':
- $time += JIRAFEAU_MONTH;
- break;
- case 'quarter':
- $time += JIRAFEAU_QUARTER;
- break;
- case 'year':
- $time += JIRAFEAU_YEAR;
- break;
- default:
- $time = JIRAFEAU_INFINITY;
- break;
- }
+ $time = jirafeau_datestr_to_int($_POST['time']);
}
// Check file size
exit;
}
- $res = jirafeau_upload($_FILES['file'],
- isset($_POST['one_time_download']),
- $key, $time, get_ip_address($cfg),
- $cfg['enable_crypt'], $cfg['link_name_length']);
+ // Check if one time download is enabled
+ if (!$cfg['one_time_download'] && isset($_POST['one_time_download'])) {
+ echo 'Error 26: One time download is disabled.';
+ exit;
+ }
+
+ if ($cfg['store_uploader_ip']) {
+ $ip = get_ip_address($cfg);
+ } else {
+ $ip = "";
+ }
+
+ $res = jirafeau_upload(
+ $_FILES['file'],
+ isset($_POST['one_time_download']),
+ $key,
+ $time,
+ $ip,
+ $cfg['enable_crypt'],
+ $cfg['link_name_length'],
+ $cfg['file_hash']
+ );
if (empty($res) || $res['error']['has_error']) {
echo 'Error 6 ' . $res['error']['why'];
$key = '';
if (isset($_POST['key'])) {
$key = $_POST['key'];
+ if ($cfg['download_password_requirement'] !== 'generated' && $cfg['download_password_policy'] === 'regex') {
+ if (!preg_match($cfg['download_password_policy_regex'], $key)) {
+ echo 'Error 14: The download password is not complying to the security standards.';
+ exit;
+ }
+ }
+ } elseif ($cfg['download_password_requirement'] !== 'optional') {
+ echo 'Error 13: The parameter password is required.';
+ exit;
}
$d = '';
if (isset($_GET['d'])) {
}
if (strlen($d) > 0 && $d == $link['link_code']) {
jirafeau_delete_link($link_name);
- echo "Ok";
+ echo 'Ok';
exit;
}
if ($link['time'] != JIRAFEAU_INFINITY && time() > $link['time']) {
echo 'Error 10';
exit;
}
- $p = s2p($link['md5']);
- if (!file_exists(VAR_FILES . $p . $link['md5'])) {
+ $p = s2p($link['hash']);
+ if (!file_exists(VAR_FILES . $p . $link['hash'])) {
echo 'Error 11';
exit;
}
header('Content-Disposition: attachment; filename="' .
$link['file_name'] . '"');
- $r = fopen(VAR_FILES . $p . $link['md5'], 'r');
+ $r = fopen(VAR_FILES . $p . $link['hash'], 'r');
while (!feof($r)) {
print fread($r, 1024);
- ob_flush();
}
fclose($r);
}
exit;
} elseif (isset($_GET['get_capacity'])) {
- echo min(jirafeau_ini_to_bytes(ini_get('post_max_size')),
- jirafeau_ini_to_bytes(ini_get('upload_max_filesize')));
+ echo jirafeau_get_max_upload_size_bytes();
} elseif (isset($_GET['get_maximal_upload_size'])) {
echo $cfg['maximal_upload_size'];
} elseif (isset($_GET['get_version'])) {
echo JIRAFEAU_VERSION;
} elseif (isset($_GET['lang'])) {
- $l=$_GET['lang'];
- if ($l == "bash") {
+ $l = $_GET['lang'];
+ if ($l == 'bash') {
?>
#!/bin/bash
time='<?php echo $cfg['availability_default']; ?>' # Or set JIRAFEAU_TIME.
one_time='' # Or set JIRAFEAU_ONE_TIME.
curl='' # Or set JIRAFEAU_CURL_PATH.
+upload_password='' # Or set JIRAFEAU_UPLOAD_PASSWD
# Config end
if [ -n "$JIRAFEAU_PROXY" ]; then
one_time='1'
fi
+if [ -n "$JIRAFEAU_UPLOAD_PASSWD" ]; then
+ upload_password="$JIRAFEAU_UPLOAD_PASSWD"
+fi
+
if [ -z "$curl" ]; then
curl="$JIRAFEAU_CURL_PATH"
fi
echo " $0 delete URL"
echo
echo "Global variables to export:"
- echo " JIRAFEAU_PROXY: Domain and port of proxy server, eg. »proxysever.example.com:3128«"
+ echo " JIRAFEAU_PROXY: Domain and port of proxy server, eg. »proxyserver.example.com:3128«"
echo " JIRAFEAU_URL : URI to Jirafeau installation with trailing slash, eg. »https://example.com/jirafeau/«"
- echo " JIRAFEAU_TIME : expiration time, eg. »minute«, »hour«, »day«, »week«, »month«, »quarter«, »year« or »none«"
+ echo " JIRAFEAU_TIME : expiration time, eg. »minute«, »hour«, »day«, »week«, fortnight, »month«, »quarter«, »year« or »none«"
echo " JIRAFEAU_ONE_TIME : self-destroy after first download, eg. »1« to enable or »« (empty) to disable"
echo " JIRAFEAU_CURL : alternative path to curl binary"
+ echo " JIRAFEAU_UPLOAD_PASSWD : upload password"
exit 0
fi
options="$options -F one_time_download=1"
fi
+if [ -n "$upload_password" ]; then
+ options="$options -F upload_password=$upload_password"
+fi
+
password=''
if [ -n "$3" ]; then
password="$3"
fi
cnt=$(( cnt + 1 ))
done)
+ key_code=$(cnt=0; echo "$res" | while read l; do
+ if [[ "$cnt" == "2" ]]; then
+ echo "$l"
+ fi
+ cnt=$(( cnt + 1 ))
+ done)
echo
echo "Download page:"
- echo " ${url}${downloadpage}?h=$code"
+ if [[ $key_code ]]; then
+ echo " ${url}${downloadpage}?h=$code&k=$key_code"
+ else
+ echo " ${url}${downloadpage}?h=$code"
+ fi
echo "Direct download:"
- echo " ${url}${downloadpage}?h=$code&d=1"
+ if [[ $key_code ]]; then
+ echo " ${url}${downloadpage}?h=$code&k=$key_code&d=1"
+ else
+ echo " ${url}${downloadpage}?h=$code&d=1"
+ fi
echo "Delete link:"
echo " ${url}${downloadpage}?h=$code&d=$del_code"
echo
echo "Download via API:"
- echo " ${0} get ${url}${apipage}?h=$code [PASSWORD}"
+ if [[ $key_code ]]; then
+ echo " ${0} get ${url}${apipage}?h=$code&k=$key_code [PASSWORD]"
+ else
+ echo " ${0} get ${url}${apipage}?h=$code [PASSWORD]"
+ fi
echo "Delete via API:"
- echo " ${0} delete ${url}${downloadpage}?h=$code&d=$del_code"
+ echo " ${0} delete \"${url}${downloadpage}?h=$code&d=$del_code\""
elif [ "$1" == "get" ]; then
if [ -z "$password" ]; then
$curl $proxy -OJ -X POST -F key=$password "$2"
fi
elif [ "$1" == "delete" ]; then
- $curl $proxy "$2"
+ $curl $proxy "$2" --data-raw "do_delete=1%2F" | grep "div class" |sed -e "s/<[^>]\+>//g"
fi
<?php
-
} else {
echo 'Error 12';
exit;
}
}
-/* Create alias. */
-elseif (isset($_GET['alias_create'])) {
- if (isset($_POST['upload_password'])){
- if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
- echo 'Error 14: Invalid password';
- exit;
- }
- } else {
- if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), null)) {
- echo 'Error 13: No password nor allowed IP';
- exit;
- }
- }
-
- if (!isset($_POST['alias']) ||
- !isset($_POST['destination']) ||
- !isset($_POST['password'])) {
- echo 'Error 15';
- exit;
- }
-
- echo jirafeau_alias_create($_POST['alias'],
- $_POST['destination'],
- $_POST['password'],
- $ip);
-}
-/* Get alias. */
-elseif (isset($_GET['alias_get'])) {
- if (!isset($_POST['alias'])) {
- echo 'Error 16';
- exit;
- }
-
- echo jirafeau_alias_get($_POST['alias']);
-}
-/* Update alias. */
-elseif (isset($_GET['alias_update'])) {
- if (!isset($_POST['alias']) ||
- !isset($_POST['destination']) ||
- !isset($_POST['password'])) {
- echo 'Error 17';
- exit;
- }
-
- $new_password = '';
- if (isset($_POST['new_password'])) {
- $new_password = $_POST['new_password'];
- }
-
- echo jirafeau_alias_update($_POST['alias'],
- $_POST['destination'],
- $_POST['password'],
- $new_password,
- get_ip_address($cfg));
-}
-/* Delete alias. */
-elseif (isset($_GET['alias_delete'])) {
- if (!isset($_POST['alias']) ||
- !isset($_POST['password'])) {
- echo 'Error 18';
- exit;
- }
-
- echo jirafeau_alias_delete($_POST['alias'],
- $_POST['password']);
-}
/* Initialize an asynchronous upload. */
elseif (isset($_GET['init_async'])) {
- if (isset($_POST['upload_password'])){
+ if (jirafeau_user_session_logged()) {
+ } elseif (isset($_POST['upload_password'])) {
if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
echo 'Error 20: Invalid password';
exit;
$key = '';
if (isset($_POST['key'])) {
$key = $_POST['key'];
+ if ($cfg['download_password_requirement'] !== 'generated' && $cfg['download_password_policy'] === 'regex') {
+ if (!preg_match($cfg['download_password_policy_regex'], $key)) {
+ echo 'Error 14: The download password is not complying to the security standards.';
+ exit;
+ }
+ }
+ } elseif ($cfg['download_password_requirement'] !== 'optional') {
+ echo 'Error 13: The parameter password is required.';
+ exit;
+ }
+
+ // Check if one time download is enabled
+ if (!$cfg['one_time_download'] && isset($_POST['one_time_download'])) {
+ echo 'Error 26: One time download is disabled.';
+ exit;
}
- $time = time();
if (!isset($_POST['time']) || !$cfg['availabilities'][$_POST['time']]) {
echo 'Error 22';
exit;
} else {
- switch ($_POST['time']) {
- case 'minute':
- $time += JIRAFEAU_MINUTE;
- break;
- case 'hour':
- $time += JIRAFEAU_HOUR;
- break;
- case 'day':
- $time += JIRAFEAU_DAY;
- break;
- case 'week':
- $time += JIRAFEAU_WEEK;
- break;
- case 'month':
- $time += JIRAFEAU_MONTH;
- break;
- case 'quarter':
- $time += JIRAFEAU_QUARTER;
- break;
- case 'year':
- $time += JIRAFEAU_YEAR;
- break;
- default:
- $time = JIRAFEAU_INFINITY;
- break;
- }
+ $time = jirafeau_datestr_to_int($_POST['time']);
}
- echo jirafeau_async_init($_POST['filename'],
- $type,
- isset($_POST['one_time_download']),
- $key,
- $time,
- get_ip_address($cfg));
+
+ if ($cfg['store_uploader_ip']) {
+ $ip = get_ip_address($cfg);
+ } else {
+ $ip = "";
+ }
+
+ echo jirafeau_async_init(
+ $_POST['filename'],
+ $type,
+ isset($_POST['one_time_download']),
+ $key,
+ $time,
+ $ip
+ );
}
/* Continue an asynchronous upload. */
elseif (isset($_GET['push_async'])) {
|| (!isset($_POST['code']))) {
echo 'Error 23';
} else {
- echo jirafeau_async_push($_POST['ref'],
- $_FILES['data'],
- $_POST['code'],
- $cfg['maximal_upload_size']);
+ echo jirafeau_async_push(
+ $_POST['ref'],
+ $_FILES['data'],
+ $_POST['code'],
+ $cfg['maximal_upload_size']
+ );
}
}
/* Finalize an asynchronous upload. */
|| !isset($_POST['code'])) {
echo 'Error 24';
} else {
- echo jirafeau_async_end($_POST['ref'], $_POST['code'], $cfg['enable_crypt'], $cfg['link_name_length']);
+ echo jirafeau_async_end($_POST['ref'], $_POST['code'], $cfg['enable_crypt'], $cfg['link_name_length'], $cfg['file_hash']);
}
} else {
echo 'Error 25';