]> git.p6c8.net - jirafeau_mojo42.git/blob - script.php
add optional IP authentication for uploaders
[jirafeau_mojo42.git] / script.php
1 <?php
2 /*
3 * Jirafeau, your web file repository
4 * Copyright (C) 2015 Jerome Jutteau <j.jutteau@gmail.com>
5 *
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU Affero General Public License as
8 * published by the Free Software Foundation, either version 3 of the
9 * License, or (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Affero General Public License for more details.
15 *
16 * You should have received a copy of the GNU Affero General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 /*
21 * This file permits to easyly script file sending, receiving, deleting, ...
22 * If you don't want this feature, you can simply delete this file from your
23 * web directory.
24 */
25
26 define ('JIRAFEAU_ROOT', dirname (__FILE__) . '/');
27
28 require (JIRAFEAU_ROOT . 'lib/config.original.php');
29 require (JIRAFEAU_ROOT . 'lib/settings.php');
30 require (JIRAFEAU_ROOT . 'lib/functions.php');
31 require (JIRAFEAU_ROOT . 'lib/lang.php');
32
33 global $script_langages;
34 $script_langages = array ('bash' => 'Bash');
35
36 /* Operations may take a long time.
37 * Be sure PHP's safe mode is off.
38 */
39 @set_time_limit(0);
40 /* Remove errors. */
41 @error_reporting(0);
42
43 if ($_SERVER['REQUEST_METHOD'] == "GET" && count ($_GET) == 0)
44 {
45 require (JIRAFEAU_ROOT . 'lib/template/header.php');
46 check_errors ($cfg);
47 if (has_error ())
48 {
49 show_errors ();
50 require (JIRAFEAU_ROOT . 'lib/template/footer.php');
51 exit;
52 }
53 echo '<div class="info">';
54 echo '<h2>' . t('Welcome to Jirafeau\'s query interface') . '</h2>';
55 echo '<p>';
56 echo t('This interface permits to script your uploads and downloads.') .
57 ' ' . t('The instructions above show how to query this interface.');
58 echo '</p>';
59
60 echo '<h3>' . t('Get Jirafeau\'s version') . ':</h3>';
61 echo '<p>';
62 echo t('Send a GET query to') . ': <i>' . $web_root . 'script.php</i><br />';
63 echo '<br />';
64 echo t('Parameters') . ':<br />';
65 echo "<b>get_version=</b>1<i> (" . t('Required') . ")</i> <br />";
66 echo '</p>';
67 echo '<p>' . t('This will return brut text content.') . ' ' .
68 t('First line is the version number.') . '<br /></p>';
69 echo '<p>';
70 echo t('Example') . ": <a href=\"" . $web_root . "script.php?get_version=1\">" . $web_root . "script.php?get_version=1</a> ";
71 echo '</p>';
72
73 echo '<h3>' . t('Get server capacity') . ':</h3>';
74 echo '<p>';
75 echo t('Send a GET query to') . ': <i>' . $web_root . 'script.php</i><br />';
76 echo '<br />';
77 echo t('Parameters') . ':<br />';
78 echo "<b>get_capacity=</b>1<i> (" . t('Required') . ")</i> <br />";
79 echo '</p>';
80 echo '<p>' . t('This will return brut text content.') . ' ' .
81 t('First line is the server capacity (in Bytes).') . '<br /></p>';
82 echo '<p>';
83 echo t('Example') . ": <a href=\"" . $web_root . "script.php?get_capacity=1\">" . $web_root . "script.php?get_capacity=1</a> ";
84 echo '</p>';
85
86 echo '<h3>' . t('Maximal allowed size of an uploaded file') . ':</h3>';
87 echo '<p>';
88 echo t('Send a GET query to') . ': <i>' . $web_root . 'script.php</i><br />';
89 echo '<br />';
90 echo t('Parameters') . ':<br />';
91 echo "<b>get_maximal_upload_size=</b>1<i> (" . t('Required') . ")</i> <br />";
92 echo '</p>';
93 echo '<p>' . t('This will return brut text content.') . ' ' .
94 t('First line returns size (in MB).') . '<br /></p>';
95 echo '<p>';
96 echo t('Example') . ": <a href=\"" . $web_root . "script.php?get_maximal_upload_size=1\">" . $web_root . "script.php?get_maximal_upload_size=1</a> ";
97 echo '</p>';
98
99 echo '<h3>' . t('Upload a file') . ':</h3>';
100 echo '<p>';
101 echo t('Send a POST query to') . ': <i>' . $web_root . 'script.php</i><br />';
102 echo '<br />';
103 echo t('Parameters') . ':<br />';
104 echo "<b>file=</b>C:\\your\\file\\path<i> (" . t('Required') . ")</i> <br />";
105 echo "<b>time=</b>[minute|hour|day|week|month|year|none]<i> (" . t('Optional') . ', '. t('default: none') . ")</i> <br />";
106 echo "<b>password=</b>your_password<i> (" . t('Optional') . ")</i> <br />";
107 echo "<b>one_time_download=</b>1<i> (" . t('Optional') . ")</i> <br />";
108 echo "<b>upload_password=</b>your_upload_password<i> (" . t('Optional') . ")</i> <br />";
109 echo '</p>';
110 echo '<p>' . t('This will return brut text content.') . ' ' .
111 t('First line is the download reference and the second line the delete code.') . '<br /></p>';
112
113 echo '<h3>' . t('Get a file') . ':</h3>';
114 echo '<p>';
115 echo t('Send a GET query to') . ': <i>' . $web_root . 'script.php</i><br />';
116 echo '<br />';
117 echo t('Parameters') . ':<br />';
118 echo "<b>h=</b>your_download_reference<i> (" . t('Required') . ")</i> <br />";
119 echo '</p>';
120 echo '<p>';
121 echo t('If a password has been set, send a POST request with it.');
122 echo '<br />';
123 echo t('Parameters') . ':<br />';
124 echo "<b>password=</b>your_password<i> (" . t('Optional') . ")</i> <br />";
125 echo '</p>';
126 echo '<p>';
127 echo t('Example') . ": <a href=\"" . $web_root . "script.php?h=30ngy0hsDcpfrF8zR7x9iU\">" . $web_root . "script.php?h=30ngy0hsDcpfrF8zR7x9iU</a> ";
128 echo '</p>';
129
130 echo '<h3>' . t('Delete a file') . ':</h3>';
131 echo '<p>';
132 echo t('Send a GET query to') . ': <i>' . $web_root . 'script.php</i><br />';
133 echo '<br />';
134 echo t('Parameters') . ':<br />';
135 echo "<b>h=</b>your_download_reference<i> (" . t('Required') . ")</i> <br />";
136 echo "<b>d=</b>yout_delete_code<i> (" . t('Required') . ")</i> <br />";
137 echo '</p>';
138 echo '<p>' . t('This will return "Ok" if succeeded, "Error" otherwhise.') . '<br /></p>';
139 echo '<p>';
140 echo t('Example') . ": <a href=\"" . $web_root . "script.php?h=30ngy0hsDcpfrF8zR7x9iU&amp;d=0d210a952\">" . $web_root . "script.php?h=30ngy0hsDcpfrF8zR7x9iU&amp;d=0d210a952</a> ";
141 echo '</p>';
142
143 echo '<h3>' . t('Get a generated script') . ':</h3>';
144 echo '<p>';
145 echo t('Send a GET query to') . ': <i>' . $web_root . 'script.php</i><br />';
146 echo '<br />';
147 echo t('Parameters') . ':<br />';
148 echo "<b>lang=</b>[";
149 foreach ($script_langages as $lang => $name)
150 echo $lang;
151 echo "]<i> (" . t('Required') . ")</i> <br />";
152 echo '</p>';
153 echo '<p>' . t('This will return brut text content of the code.') . '<br /></p>';
154 echo '<p>';
155 echo t('Example') . ": <br />";
156 foreach ($script_langages as $lang => $name)
157 echo "$name: <a href=\"" . $web_root . "script.php?lang=$lang\">" . $web_root . "script.php?lang=$lang</a> ";
158 echo '</p>';
159
160 echo '<h3>' . t('Initalize an asynchronous transfer') . ':</h3>';
161 echo '<p>';
162 echo t('The goal is to permit to transfer big file, chunk by chunk.') . ' ';
163 echo t('Chunks of data must be sent in order.');
164 echo '</p>';
165 echo '<p>';
166 echo t('Send a GET query to') . ': <i>' . $web_root . 'script.php?init_async</i><br />';
167 echo '<br />';
168 echo t('Parameters') . ':<br />';
169 echo "<b>filename=</b>file_name.ext<i> (" . t('Required') . ")</i> <br />";
170 echo "<b>type=</b>MIME_TYPE<i> (" . t('Optional') . ")</i> <br />";
171 echo "<b>time=</b>[minute|hour|day|week|month|year|none]<i> (" . t('Optional') . ', '. t('default: none') . ")</i> <br />";
172 echo "<b>password=</b>your_password<i> (" . t('Optional') . ")</i> <br />";
173 echo "<b>one_time_download=</b>1<i> (" . t('Optional') . ")</i> <br />";
174 echo "<b>upload_password=</b>your_upload_password<i> (" . t('Optional') . ")</i> <br />";
175 echo '</p>';
176 echo '<p>' . t('This will return brut text content.') . ' ' .
177 t('First line is the asynchronous transfer reference and the second line the code to use in the next operation.') . '<br /></p>';
178
179 echo '<h3>' . t('Push data during asynchronous transfer') . ':</h3>';
180 echo '<p>';
181 echo t('Send a GET query to') . ': <i>' . $web_root . 'script.php?push_async</i><br />';
182 echo '<br />';
183 echo t('Parameters') . ':<br />';
184 echo "<b>ref=</b>async_reference<i> (" . t('Required') . ")</i> <br />";
185 echo "<b>data=</b>data_chunk<i> (" . t('Required') . ")</i> <br />";
186 echo "<b>code=</b>last_provided_code<i> (" . t('Required') . ")</i> <br />";
187 echo '</p>';
188 echo '<p>' . t('This will return brut text content.') . ' ' .
189 t('Returns the next code to use.') . '<br /></p>';
190
191 echo '<h3>' . t('Finalize asynchronous transfer') . ':</h3>';
192 echo '<p>';
193 echo t('Send a GET query to') . ': <i>' . $web_root . 'script.php?end_async</i><br />';
194 echo '<br />';
195 echo t('Parameters') . ':<br />';
196 echo "<b>ref=</b>async_reference<i> (" . t('Required') . ")</i> <br />";
197 echo "<b>code=</b>last_provided_code<i> (" . t('Required') . ")</i> <br />";
198 echo '</p>';
199 echo '<p>' . t('This will return brut text content.') . ' ' .
200 t('First line is the download reference and the second line the delete code.') . '<br /></p>';
201
202 echo '</div><br />';
203 require (JIRAFEAU_ROOT . 'lib/template/footer.php');
204 exit;
205 }
206
207 /* Lets use interface now. */
208 header('Content-Type: text; charset=utf-8');
209
210 check_errors ($cfg);
211 if (has_error ())
212 {
213 echo "Error";
214 exit;
215 }
216
217 /* Upload file */
218 if (isset ($_FILES['file']) && is_writable (VAR_FILES)
219 && is_writable (VAR_LINKS))
220 {
221 if (!jirafeau_challenge_upload_ip ($cfg, $_SERVER['REMOTE_ADDR']))
222 {
223 echo "Error";
224 exit;
225 }
226
227 if (jirafeau_has_upload_password ($cfg) &&
228 (!isset ($_POST['upload_password']) ||
229 !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])))
230 {
231 echo "Error";
232 exit;
233 }
234
235 $key = '';
236 if (isset ($_POST['key']))
237 $key = $_POST['key'];
238
239 $time = time ();
240 if (!isset ($_POST['time']) || !$cfg['availabilities'][$_POST['time']])
241 {
242 echo "Error";
243 exit;
244 }
245 else
246 switch ($_POST['time'])
247 {
248 case 'minute':
249 $time += JIRAFEAU_MINUTE;
250 break;
251 case 'hour':
252 $time += JIRAFEAU_HOUR;
253 break;
254 case 'day':
255 $time += JIRAFEAU_DAY;
256 break;
257 case 'week':
258 $time += JIRAFEAU_WEEK;
259 break;
260 case 'month':
261 $time += JIRAFEAU_MONTH;
262 break;
263 case 'year':
264 $time += JIRAFEAU_YEAR;
265 break;
266 default:
267 $time = JIRAFEAU_INFINITY;
268 break;
269 }
270
271 // Check file size
272 if ($cfg['maximal_upload_size'] > 0 &&
273 $_FILES['file']['size'] > $cfg['maximal_upload_size'] * 1024 * 1024)
274 {
275 echo "Error";
276 exit;
277 }
278
279 $res = jirafeau_upload ($_FILES['file'],
280 isset ($_POST['one_time_download']),
281 $key, $time, $_SERVER['REMOTE_ADDR'],
282 $cfg['enable_crypt'], $cfg['link_name_length']);
283
284 if (empty($res) || $res['error']['has_error'])
285 {
286 echo "Error";
287 exit;
288 }
289 /* Print direct link. */
290 echo $res['link'];
291 /* Print delete link. */
292 echo NL;
293 echo $res['delete_link'];
294 /* Print decrypt key. */
295 echo NL;
296 echo urlencode($res['crypt_key']);
297 }
298 elseif (isset ($_GET['h']))
299 {
300 $link_name = $_GET['h'];
301 $key = '';
302 if (isset ($_POST['key']))
303 $key = $_POST['key'];
304 $d = '';
305 if (isset ($_GET['d']))
306 $d = $_GET['d'];
307
308 if (!preg_match ('/[0-9a-zA-Z_-]+$/', $link_name))
309 {
310 echo "Error";
311 exit;
312 }
313
314 $link = jirafeau_get_link ($link_name);
315 if (count ($link) == 0)
316 {
317 echo "Error";
318 exit;
319 }
320 if (strlen ($d) > 0 && $d == $link['link_code'])
321 {
322 jirafeau_delete_link ($link_name);
323 echo "Ok";
324 exit;
325 }
326 if ($link['time'] != JIRAFEAU_INFINITY && time () > $link['time'])
327 {
328 jirafeau_delete_link ($link_name);
329 echo "Error";
330 exit;
331 }
332 if (strlen ($link['key']) > 0 && md5 ($key) != $link['key'])
333 {
334 echo "Error";
335 exit;
336 }
337 $p = s2p ($link['md5']);
338 if (!file_exists (VAR_FILES . $p . $link['md5']))
339 {
340 echo "Error";
341 exit;
342 }
343
344 /* Read file. */
345 header ('Content-Length: ' . $link['file_size']);
346 header ('Content-Type: ' . $link['mime_type']);
347 header ('Content-Disposition: attachment; filename="' .
348 $link['file_name'] . '"');
349
350 $r = fopen (VAR_FILES . $p . $link['md5'], 'r');
351 while (!feof ($r))
352 {
353 print fread ($r, 1024);
354 ob_flush();
355 }
356 fclose ($r);
357
358 if ($link['onetime'] == 'O')
359 jirafeau_delete_link ($link_name);
360 exit;
361 }
362 elseif (isset ($_GET['get_capacity']))
363 {
364 echo min (jirafeau_ini_to_bytes (ini_get ('post_max_size')),
365 jirafeau_ini_to_bytes (ini_get ('upload_max_filesize')));
366 }
367 elseif (isset ($_GET['get_maximal_upload_size']))
368 {
369 echo $cfg['maximal_upload_size'];
370 }
371 elseif (isset ($_GET['get_version']))
372 {
373 echo JIRAFEAU_VERSION;
374 }
375 elseif (isset ($_GET['lang']))
376 {
377 $l=$_GET['lang'];
378 if ($l == "bash")
379 {
380 ?>
381 #!/bin/bash
382
383 # This script has been auto-generated by Jirafeau but you can still edit
384 # options below.
385
386 # Config
387 proxy='' # ex: proxy='proxysever.test.com:3128' or set JIRAFEAU_PROXY global variable
388 url='<?php echo $cfg['web_root'] . 'script.php'; ?>' # or set JIRAFEAU_URL ex: url='http://mysite/jirafeau/script.php'
389 time='none' # minute, hour, day, week, month, year or none. Or set JIRAFEAU_TIME.
390 one_time='' # ex: one_time="1" or set JIRAFEAU_ONE_TIME.
391 curl='' # curl path to download or set JIRAFEAU_CURL_PATH.
392 # End of config
393
394 if [ -n "$JIRAFEAU_PROXY" ]; then
395 proxy="$JIRAFEAU_PROXY"
396 fi
397
398 if [ -n "$JIRAFEAU_URL" ]; then
399 url="$JIRAFEAU_URL"
400 fi
401
402 if [ -z "$url" ]; then
403 echo "Please set url in script parameters or export JIRAFEAU_URL"
404 fi
405
406 if [ -n "$JIRAFEAU_TIME" ]; then
407 time="$JIRAFEAU_TIME"
408 fi
409
410 if [ -n "$JIRAFEAU_ONE_TIME" ]; then
411 one_time='1'
412 fi
413
414 if [ -z "$curl" ]; then
415 curl="$JIRAFEAU_CURL_PATH"
416 fi
417
418 if [ -z "$curl" ] && [ -e "/usr/bin/curl" ]; then
419 curl="/usr/bin/curl"
420 fi
421
422 if [ -z "$curl" ] && [ -e "/bin/curl.exe" ]; then
423 curl="/bin/curl.exe"
424 fi
425
426 if [ -z "$curl" ]; then
427 echo "Please set your curl binary path (by editing this script or export JIRAFEAU_CURL_PATH global variable)."
428 exit
429 fi
430
431 if [ -z "$2" ]; then
432 echo "man:"
433 echo " $0 send PATH [PASSWORD]"
434 echo " $0 get URL [PASSWORD]"
435 echo " $0 delete URL"
436 echo ""
437 echo "Global variables to export:"
438 echo " JIRAFEAU_PROXY : example: proxysever.test.com:3128"
439 echo " JIRAFEAU_URL : example: http://mysite/jirafeau/script.php"
440 echo " JIRAFEAU_TIME : minute, hour, day, week, year, month or none"
441 echo " JIRAFEAU_ONE_TIME : set anything or set empty"
442 echo " JIRAFEAU_CURL : path to your curl binary"
443
444 exit 0
445 fi
446
447 if [ -n "$proxy" ]; then
448 proxy="-x $proxy"
449 fi
450
451 options=''
452 if [ -n "$one_time" ]; then
453 options="$options -F one_time_download=1"
454 fi
455
456 password=''
457 if [ -n "$3" ]; then
458 password="$3"
459 options="$options -F key=$password"
460 fi
461
462 if [ "$1" == "send" ]; then
463 if [ ! -f "$2" ]; then
464 echo "File \"$2\" does not exists."
465 exit
466 fi
467
468 # Ret result
469 res=$($curl -X POST --http1.0 $proxy $options \
470 -F "time=$time" \
471 -F "file=@$2" \
472 $url)
473
474 if [[ "$res" == "Error" ]]; then
475 echo "Error while uploading."
476 exit
477 fi
478
479 # Not using head or tail to minimise command dependencies
480 code=$(cnt=0; echo "$res" | while read l; do
481 if [[ "$cnt" == "0" ]]; then
482 echo "$l"
483 fi
484 cnt=$(( cnt + 1 ))
485 done)
486 del_code=$(cnt=0; echo "$res" | while read l; do
487 if [[ "$cnt" == "1" ]]; then
488 echo "$l"
489 fi
490 cnt=$(( cnt + 1 ))
491 done)
492 echo "${url}?h=$code"
493 echo "${url}?h=$code&d=$del_code"
494 elif [ "$1" == "get" ]; then
495 if [ -z "$password" ]; then
496 $curl $proxy -OJ "$2"
497 else
498 $curl $proxy -OJ -X POST -F key=$password "$2"
499 fi
500 elif [ "$1" == "delete" ]; then
501 $curl $proxy "$2"
502 fi
503 <?php
504 }
505 else
506 {
507 echo "Error";
508 exit;
509 }
510 }
511 /* Initialize an asynchronous upload. */
512 elseif (isset ($_GET['init_async']))
513 {
514 if (!jirafeau_challenge_upload_ip ($cfg, $_SERVER['REMOTE_ADDR']))
515 {
516 echo "Error";
517 exit;
518 }
519
520 if (jirafeau_has_upload_password ($cfg) &&
521 (!isset ($_POST['upload_password']) ||
522 !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])))
523 {
524 echo "Error";
525 exit;
526 }
527
528 if (!isset ($_POST['filename']))
529 {
530 echo "Error";
531 exit;
532 }
533
534 $type = '';
535 if (isset ($_POST['type']))
536 $type = $_POST['type'];
537
538 $key = '';
539 if (isset ($_POST['key']))
540 $key = $_POST['key'];
541
542 $time = time ();
543 if (!isset ($_POST['time']) || !$cfg['availabilities'][$_POST['time']])
544 {
545 echo "Error";
546 exit;
547 }
548 else
549 switch ($_POST['time'])
550 {
551 case 'minute':
552 $time += JIRAFEAU_MINUTE;
553 break;
554 case 'hour':
555 $time += JIRAFEAU_HOUR;
556 break;
557 case 'day':
558 $time += JIRAFEAU_DAY;
559 break;
560 case 'week':
561 $time += JIRAFEAU_WEEK;
562 break;
563 case 'month':
564 $time += JIRAFEAU_MONTH;
565 break;
566 case 'year':
567 $time += JIRAFEAU_YEAR;
568 break;
569 default:
570 $time = JIRAFEAU_INFINITY;
571 break;
572 }
573 echo jirafeau_async_init ($_POST['filename'],
574 $type,
575 isset ($_POST['one_time_download']),
576 $key,
577 $time,
578 $_SERVER['REMOTE_ADDR']);
579 }
580 /* Continue an asynchronous upload. */
581 elseif (isset ($_GET['push_async']))
582 {
583 if ((!isset ($_POST['ref']))
584 || (!isset ($_FILES['data']))
585 || (!isset ($_POST['code'])))
586 echo "Error";
587 else
588 {
589 echo jirafeau_async_push ($_POST['ref'],
590 $_FILES['data'],
591 $_POST['code'],
592 $cfg['maximal_upload_size']);
593 }
594 }
595 /* Finalize an asynchronous upload. */
596 elseif (isset ($_GET['end_async']))
597 {
598 if (!isset ($_POST['ref'])
599 || !isset ($_POST['code']))
600 echo "Error";
601 else
602 echo jirafeau_async_end ($_POST['ref'], $_POST['code'], $cfg['enable_crypt'], $cfg['link_name_length']);
603 }
604 else
605 echo "Error";
606 exit;
607 ?>
608

patrick-canterino.de