X-Git-Url: https://git.p6c8.net/jirafeau.git/blobdiff_plain/f9f84c1e4389dc23e77b51dadd53410377128cfc..c011d5def42c58f75bc2a9dcadcafdc89d81901a:/file.php?ds=sidebyside diff --git a/file.php b/file.php index d01bee6..2edaf44 100644 --- a/file.php +++ b/file.php @@ -24,88 +24,145 @@ require (JIRAFEAU_ROOT . 'lib/config.php'); require (JIRAFEAU_ROOT . 'lib/settings.php'); require (JIRAFEAU_ROOT . 'lib/functions.php'); -if (isset ($_GET['h']) && !empty ($_GET['h'])) +if (!isset ($_GET['h']) || empty ($_GET['h'])) { - $link_name = $_GET['h']; + header ('Location: ' . $cfg['web_root']); + exit; +} - $delete_code = ''; - if (isset ($_GET['d']) && !empty ($_GET['d'])) - $delete_code = $_GET['d']; +/* Operations may take a long time. + * Be sure PHP's safe mode is off. + */ +set_time_limit(0); - if (!preg_match ('/[0-9a-f]{32}$/', $link_name)) - { - require (JIRAFEAU_ROOT.'lib/template/header.php'); - echo '<div class="error"><p>' . t('Sorry, the requested file is not found') . '</p></div>'; - require (JIRAFEAU_ROOT.'lib/template/footer.php'); - exit; - } +$link_name = $_GET['h']; - $link = jirafeau_get_link ($link_name); - if (count ($link) == 0) - { - require (JIRAFEAU_ROOT.'lib/template/header.php'); - echo '<div class="error"><p>' . t('Sorry, the requested file is not found') . - '</p></div>'; - require (JIRAFEAU_ROOT.'lib/template/footer.php'); - exit; - } - $p = s2p ($link['md5']); - if (!file_exists (VAR_FILES . $p . $link['md5'])) - { - jirafeau_delete_link ($link_name); - require (JIRAFEAU_ROOT.'lib/template/header.php'); - echo '<div class="error"><p>'.t('File not available.'). - '</p></div>'; - require (JIRAFEAU_ROOT.'lib/template/footer.php'); - exit; - } +if (!preg_match ('/[0-9a-zA-Z_-]+$/', $link_name)) +{ + require (JIRAFEAU_ROOT.'lib/template/header.php'); + echo '<div class="error"><p>' . t('Sorry, the requested file is not found') . '</p></div>'; + require (JIRAFEAU_ROOT.'lib/template/footer.php'); + exit; +} - if (!empty ($delete_code) && $delete_code == $link['link_code']) - { - jirafeau_delete_link ($link_name); - require (JIRAFEAU_ROOT.'lib/template/header.php'); - echo '<div class="message"><p>'.t('File has been deleted.'). - '</p></div>'; - require (JIRAFEAU_ROOT.'lib/template/footer.php'); - exit; - } +$link = jirafeau_get_link ($link_name); +if (count ($link) == 0) +{ + require (JIRAFEAU_ROOT.'lib/template/header.php'); + echo '<div class="error"><p>' . t('Sorry, the requested file is not found') . + '</p></div>'; + require (JIRAFEAU_ROOT.'lib/template/footer.php'); + exit; +} + +$delete_code = ''; +if (isset ($_GET['d']) && !empty ($_GET['d'])) + $delete_code = $_GET['d']; + +$crypt_key = ''; +if (isset ($_GET['k']) && !empty ($_GET['k'])) + $crypt_key = $_GET['k']; + +$button_download = false; +if (isset ($_GET['bd']) && !empty ($_GET['bd'])) + $button_download = true; - if ($link['time'] != JIRAFEAU_INFINITY && time () > $link['time']) +$button_preview = false; +if (isset ($_GET['bp']) && !empty ($_GET['bp'])) + $button_preview = true; + +$p = s2p ($link['md5']); +if (!file_exists (VAR_FILES . $p . $link['md5'])) +{ + jirafeau_delete_link ($link_name); + require (JIRAFEAU_ROOT.'lib/template/header.php'); + echo '<div class="error"><p>'.t('File not available.'). + '</p></div>'; + require (JIRAFEAU_ROOT.'lib/template/footer.php'); + exit; +} + +if (!empty ($delete_code) && $delete_code == $link['link_code']) +{ + jirafeau_delete_link ($link_name); + require (JIRAFEAU_ROOT.'lib/template/header.php'); + echo '<div class="message"><p>'.t('File has been deleted.'). + '</p></div>'; + require (JIRAFEAU_ROOT.'lib/template/footer.php'); + exit; +} + +if ($link['time'] != JIRAFEAU_INFINITY && time () > $link['time']) +{ + jirafeau_delete_link ($link_name); + require (JIRAFEAU_ROOT.'lib/template/header.php'); + echo '<div class="error"><p>'. + t('The time limit of this file has expired.') . ' ' . + t('File has been deleted.') . + '</p></div>'; + require (JIRAFEAU_ROOT . 'lib/template/footer.php'); + exit; +} + +if (empty ($crypt_key) && $link['crypted']) +{ + require (JIRAFEAU_ROOT.'lib/template/header.php'); + echo '<div class="error"><p>' . t('Sorry, the requested file is not found') . + '</p></div>'; + require (JIRAFEAU_ROOT.'lib/template/footer.php'); + exit; +} + +$password_challenged = false; +if (!empty ($link['key'])) +{ + if (!isset ($_POST['key'])) { - jirafeau_delete_link ($link_name); require (JIRAFEAU_ROOT.'lib/template/header.php'); - echo '<div class="error"><p>'. - t('The time limit of this file has expired.') . ' ' . - t('File has been deleted.') . - '</p></div>'; - require (JIRAFEAU_ROOT . 'lib/template/footer.php'); + echo '<div>' . + '<form action = "'; + echo $cfg['web_root'] . '/file.php'; + echo '" ' . + 'method = "post" id = "submit">'; ?> + <input type = "hidden" name = "jirafeau" value = "<?php echo JIRAFEAU_VERSION ?>"/><?php + echo '<fieldset>' . + '<legend>' . t('Password protection') . + '</legend><table><tr><td>' . + t('Give the password of this file') . ' : ' . + '<input type = "password" name = "key" />' . + '</td></tr>' . + '<tr><td>' . + t('By using our services, you accept of our'). ' <a href="' . $cfg['web_root'] . '/tos.php' . '">' . t('Term Of Service') . '</a>' . + '</td></tr>' . + '<tr><td>'; + ?><input type="submit" id = "submit_download" value="<?php echo t('Download'); ?>" + onclick="document.getElementById('submit').action=' +<?php + echo $cfg['web_root'] . '/file.php?h=' . $link_name . '&bd=1'; + if (!empty($crypt_key)) + echo '&k=' . urlencode($crypt_key); +?>'; + document.getElementById('submit_download').submit ();"/><?php + if ($cfg['download_page'] && $cfg['preview']) + { + ?><input type="submit" id = "submit_preview" value="<?php echo t('Preview'); ?>" + onclick="document.getElementById('submit').action=' +<?php + echo $cfg['web_root'] . '/file.php?h=' . $link_name . '&bp=1'; + if (!empty($crypt_key)) + echo '&k=' . urlencode($crypt_key); +?>'; + document.getElementById('submit_preview').submit ();"/><?php + } + echo '</td></tr></table></fieldset></form></div>'; + require (JIRAFEAU_ROOT.'lib/template/footer.php'); exit; } - - if (!empty ($link['key'])) + else { - if (!isset ($_POST['key'])) - { - require (JIRAFEAU_ROOT.'lib/template/header.php'); - ?><div id = "upload"> - <form action = - "<?php echo $_SERVER['REQUEST_URI']; ?>" method = - "post"> <input type = "hidden" name = "jirafeau" value = - "<?php echo JIRAFEAU_VERSION; ?>" /><fieldset> - <legend><?php echo t('Password protection'); - ?></legend> <table> <tr> - <td><?php echo t('Give the password of this file') . ' : '; - ?><input type = "password" name = - "key" /></td> </tr> <tr> <td><input type = - "submit" value = - "<?php echo t('Download'); ?>" - /></td> </tr> </table> </fieldset> </form> </div> - <?php require (JIRAFEAU_ROOT.'lib/template/footer.php'); - exit; - } - else - { - if ($link['key'] != md5 ($_POST['key'])) + if ($link['key'] == md5 ($_POST['key'])) + $password_challenged = true; + else { header ("Access denied"); require (JIRAFEAU_ROOT.'lib/template/header.php'); @@ -114,26 +171,95 @@ if (isset ($_GET['h']) && !empty ($_GET['h'])) require (JIRAFEAU_ROOT.'lib/template/footer.php'); exit; } - } } +} - header ('Content-Length: ' . $link['file_size']); +if ($cfg['download_page'] && !$password_challenged && !$button_download && !$button_preview) +{ + require (JIRAFEAU_ROOT.'lib/template/header.php'); + echo '<div>' . + '<form action = "'; + echo $cfg['web_root'] . '/file.php'; + echo '" ' . + 'method = "post" id = "submit">'; ?> + <input type = "hidden" name = "jirafeau" value = "<?php echo JIRAFEAU_VERSION ?>"/><?php + echo '<fieldset><legend>' . $link['file_name'] . '</legend><table>' . + '<tr><td>' . + t('You are about to download') . ' "' . $link['file_name'] . '" (' . jirafeau_human_size($link['file_size']) . ')' . + '</td></tr>' . + '<tr><td>' . + t('By using our services, you accept of our'). ' <a href="' . $cfg['web_root'] . '/tos.php' . '">' . t('Term Of Service') . '</a>'; + ?><input type="submit" id = "submit_download" value="<?php echo t('Download'); ?>" + onclick="document.getElementById('submit').action=' +<?php + echo $cfg['web_root'] . '/file.php?h=' . $link_name . '&bd=1'; + if (!empty($crypt_key)) + echo '&k=' . urlencode($crypt_key); +?>'; + document.getElementById('submit_download').submit ();"/><?php + + if ($cfg['download_page'] && $cfg['preview']) + { + ?><input type="submit" id = "submit_preview" value="<?php echo t('Preview'); ?>" + onclick="document.getElementById('submit').action=' +<?php + echo $cfg['web_root'] . '/file.php?h=' . $link_name . '&bp=1'; + if (!empty($crypt_key)) + echo '&k=' . urlencode($crypt_key); +?>'; + document.getElementById('submit_preview').submit ();"/><?php + } + echo '</td></tr>'; + echo '</table></fieldset></form></div>'; + require (JIRAFEAU_ROOT.'lib/template/footer.php'); + exit; +} + +header ('HTTP/1.0 200 OK'); +header ('Content-Length: ' . $link['file_size']); +if (!jirafeau_is_viewable ($link['mime_type']) || !$cfg['preview'] || $button_download) + header ('Content-Disposition: attachment; filename="' . + $link['file_name'] . '"'); +else header ('Content-Type: ' . $link['mime_type']); - if (!jirafeau_is_viewable ($link['mime_type'])) + +/* Read encrypted file. */ +if ($link['crypted']) +{ + /* Init module */ + $m = mcrypt_module_open('rijndael-256', '', 'ofb', ''); + /* Extract key and iv. */ + $md5_key = md5 ($crypt_key); + $iv = jirafeau_crypt_create_iv ($md5_key, mcrypt_enc_get_iv_size($m)); + /* Init module. */ + mcrypt_generic_init ($m, $md5_key, $iv); + /* Decrypt file. */ + $r = fopen (VAR_FILES . $p . $link['md5'], 'r'); + while (!feof ($r)) { - header ('Content-Disposition: attachment; filename="' . - $link['file_name'] . '"'); + $dec = mdecrypt_generic($m, fread ($r, 1024)); + print $dec; + ob_flush(); } - readfile (VAR_FILES . $p . $link['md5']); - - if ($link['onetime'] == 'O') - jirafeau_delete_link ($link_name); - exit; + fclose ($r); + /* Cleanup. */ + mcrypt_generic_deinit($m); + mcrypt_module_close($m); } +/* Read file. */ else { - header ('Location: '.$cfg['web_root']); - exit; + $r = fopen (VAR_FILES . $p . $link['md5'], 'r'); + while (!feof ($r)) + { + print fread ($r, 1024); + ob_flush(); + } + fclose ($r); } +if ($link['onetime'] == 'O') + jirafeau_delete_link ($link_name); +exit; + ?>