X-Git-Url: https://git.p6c8.net/jirafeau.git/blobdiff_plain/11e172891035764434fbf06bc4a6f1ff0b04fdca..38069302c9544b4fcc1eb2492138dbcbe83d7bd7:/script.php

diff --git a/script.php b/script.php
old mode 100755
new mode 100644
index 396538c..bb44562
--- a/script.php
+++ b/script.php
@@ -25,7 +25,7 @@
 
 define ('JIRAFEAU_ROOT', dirname (__FILE__) . '/');
 
-require (JIRAFEAU_ROOT . 'lib/config.php');
+require (JIRAFEAU_ROOT . 'lib/config.original.php');
 require (JIRAFEAU_ROOT . 'lib/settings.php');
 require (JIRAFEAU_ROOT . 'lib/functions.php');
 require (JIRAFEAU_ROOT . 'lib/lang.php');
@@ -33,10 +33,17 @@ require (JIRAFEAU_ROOT . 'lib/lang.php');
  global $script_langages;
  $script_langages = array ('bash' => 'Bash');
 
+/* Operations may take a long time.
+ * Be sure PHP's safe mode is off.
+ */
+@set_time_limit(0);
+/* Remove errors. */
+@error_reporting(0);
+
 if ($_SERVER['REQUEST_METHOD'] == "GET" && count ($_GET) == 0)
 {
     require (JIRAFEAU_ROOT . 'lib/template/header.php');
-    check_errors ();
+    check_errors ($cfg);
     if (has_error ())
     {
         show_errors ();
@@ -85,6 +92,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET" && count ($_GET) == 0)
     echo "<b>time=</b>[minute|hour|day|week|month|none]<i> (" . t('Optional') . ', '. t('default: none') . ")</i> <br />";
     echo "<b>password=</b>your_password<i> (" . t('Optional') . ")</i> <br />";
     echo "<b>one_time_download=</b>1<i> (" . t('Optional') . ")</i> <br />";
+    echo "<b>upload_password=</b>your_upload_password<i> (" . t('Optional') . ")</i> <br />";
     echo '</p>';
     echo '<p>' . t('This will return brut text content.') . ' ' .
          t('First line is the download reference and the second line the delete code.') . '<br /></p>';
@@ -136,7 +144,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET" && count ($_GET) == 0)
         echo "$name: <a href=\"" . $web_root . "script.php?lang=$lang\">" . $web_root . "script.php?lang=$lang</a> ";
     echo '</p>';
     
-    echo '<h3>' . t('Initalize a asynchronous transfert') . ':</h3>';
+    echo '<h3>' . t('Initalize an asynchronous transfert') . ':</h3>';
     echo '<p>';
     echo t('The goal is to permit to transfert big file, chunk by chunk.') . ' ';
     echo t('Chunks of data must be sent in order.');
@@ -150,6 +158,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET" && count ($_GET) == 0)
     echo "<b>time=</b>[minute|hour|day|week|month|none]<i> (" . t('Optional') . ', '. t('default: none') . ")</i> <br />";
     echo "<b>password=</b>your_password<i> (" . t('Optional') . ")</i> <br />";
     echo "<b>one_time_download=</b>1<i> (" . t('Optional') . ")</i> <br />";
+    echo "<b>upload_password=</b>your_upload_password<i> (" . t('Optional') . ")</i> <br />";
     echo '</p>';
     echo '<p>' . t('This will return brut text content.') . ' ' .
          t('First line is the asynchronous transfert reference and the second line the code to use in the next operation.') . '<br /></p>';
@@ -185,10 +194,25 @@ if ($_SERVER['REQUEST_METHOD'] == "GET" && count ($_GET) == 0)
 /* Lets use interface now. */
 header('Content-Type: text; charset=utf-8');
 
+check_errors ($cfg);
+if (has_error ())
+{
+    echo "Error";
+    exit;
+}
+
 /* Upload file */
 if (isset ($_FILES['file']) && is_writable (VAR_FILES)
     && is_writable (VAR_LINKS))
 {
+    if (jirafeau_has_upload_password ($cfg) &&
+         (!isset ($_POST['upload_password']) ||
+          !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])))
+    {
+        echo "Error";
+        exit;
+    }
+
     $key = '';
     if (isset ($_POST['key']))
         $key = $_POST['key'];
@@ -220,7 +244,8 @@ if (isset ($_FILES['file']) && is_writable (VAR_FILES)
         }
     $res = jirafeau_upload ($_FILES['file'],
                             isset ($_POST['one_time_download']),
-                            $key, $time, $_SERVER['REMOTE_ADDR']);
+                            $key, $time, $_SERVER['REMOTE_ADDR'],
+                            $cfg['enable_crypt'], $cfg['link_name_lenght']);
     
     if (empty($res) || $res['error']['has_error'])
     {
@@ -229,9 +254,12 @@ if (isset ($_FILES['file']) && is_writable (VAR_FILES)
     }
     /* Print direct link. */
     echo $res['link'];
-    echo NL;
     /* Print delete link. */
+    echo NL;
     echo $res['delete_link'];
+    /* Print decrypt key. */
+    echo NL;
+    echo urlencode($res['crypt_key']);
 }
 elseif (isset ($_GET['h']))
 {
@@ -243,7 +271,7 @@ elseif (isset ($_GET['h']))
     if (isset ($_GET['d']))
         $d = $_GET['d'];
     
-    if (!preg_match ('/[0-9a-zA-Z_-]{22}$/', $link_name))
+    if (!preg_match ('/[0-9a-zA-Z_-]+$/', $link_name))
     {
         echo "Error";
         exit;
@@ -445,6 +473,14 @@ fi
 /* Initialize an asynchronous upload. */
 elseif (isset ($_GET['init_async']))
 {
+    if (jirafeau_has_upload_password ($cfg) &&
+         (!isset ($_POST['upload_password']) ||
+          !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])))
+    {
+        echo "Error";
+        exit;
+    }
+
     if (!isset ($_POST['filename']))
     {
         echo "Error";
@@ -456,8 +492,8 @@ elseif (isset ($_GET['init_async']))
         $type = $_POST['type'];
     
     $key = '';
-    if (isset ($_POST['password']))
-        $key = $_POST['password'];
+    if (isset ($_POST['key']))
+        $key = $_POST['key'];
 
     $time = time ();
     if (!isset ($_POST['time']))
@@ -508,7 +544,7 @@ elseif (isset ($_GET['end_async']))
         || !isset ($_POST['code']))
         echo "Error";
     else
-        echo jirafeau_async_end ($_POST['ref'], $_POST['code']);
+        echo jirafeau_async_end ($_POST['ref'], $_POST['code'], $cfg['enable_crypt'], $cfg['link_name_lenght']);
 }
 else
     echo "Error";