]> git.p6c8.net - jirafeau_mojo42.git/blob - script.php
[FEATURE] Installer: Remove (unknown) form target URL
[jirafeau_mojo42.git] / script.php
1 <?php
2 /*
3 * Jirafeau, your web file repository
4 * Copyright (C) 2015 Jerome Jutteau <j.jutteau@gmail.com>
5 *
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU Affero General Public License as
8 * published by the Free Software Foundation, either version 3 of the
9 * License, or (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Affero General Public License for more details.
15 *
16 * You should have received a copy of the GNU Affero General Public License
17 * along with this program. If not, see <https://www.gnu.org/licenses/>.
18 */
19
20 /*
21 * This file permits to easyly script file sending, receiving, deleting, ...
22 * If you don't want this feature, you can simply delete this file from your
23 * web directory.
24 */
25 define ('JIRAFEAU_ROOT', dirname (__FILE__) . '/');
26
27 require (JIRAFEAU_ROOT . 'lib/settings.php');
28 require (JIRAFEAU_ROOT . 'lib/functions.php');
29 require (JIRAFEAU_ROOT . 'lib/lang.php');
30
31 global $script_langages;
32 $script_langages = array ('bash' => 'Bash');
33
34 /* Operations may take a long time.
35 * Be sure PHP's safe mode is off.
36 */
37 @set_time_limit(0);
38 /* Remove errors. */
39 @error_reporting(0);
40
41 if ($_SERVER['REQUEST_METHOD'] == "GET" && count ($_GET) == 0)
42 {
43 require (JIRAFEAU_ROOT . 'lib/template/header.php');
44 check_errors ($cfg);
45 if (has_error ())
46 {
47 show_errors ();
48 require (JIRAFEAU_ROOT . 'lib/template/footer.php');
49 exit;
50 }
51 ?>
52 <div class="info">
53 <h2>Scripting interface</h2>
54 <p>This interface permits to script your uploads and downloads.</p>
55 <p>See <a href="https://gitlab.com/mojo42/Jirafeau/blob/master/script.php">source code</a> of this interface to get available calls :)</p>
56 <p>Alternatively, go to <a href="<?php echo $cfg['web_root'] . 'script.php?lang=bash'; ?>">this page</a> to download a bash script.</p>
57 </div>
58 <br />
59 <?php
60 require (JIRAFEAU_ROOT . 'lib/template/footer.php');
61 exit;
62 }
63
64 /* Lets use interface now. */
65 header('Content-Type: text/plain; charset=utf-8');
66
67 check_errors ($cfg);
68 if (has_error ())
69 {
70 echo 'Error 1';
71 exit;
72 }
73
74 /* Upload file */
75 if (isset ($_FILES['file']) && is_writable (VAR_FILES)
76 && is_writable (VAR_LINKS))
77 {
78 if (!jirafeau_challenge_upload_ip ($cfg, get_ip_address($cfg)))
79 {
80 echo 'Error 2';
81 exit;
82 }
83
84 if (jirafeau_has_upload_password ($cfg) &&
85 (!isset ($_POST['upload_password']) ||
86 !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])))
87 {
88 echo 'Error 3';
89 exit;
90 }
91
92 $key = '';
93 if (isset ($_POST['key']))
94 $key = $_POST['key'];
95
96 $time = time ();
97 if (!isset ($_POST['time']) || !$cfg['availabilities'][$_POST['time']])
98 {
99 echo 'Error 4: The parameter time is invalid.';
100 exit;
101 }
102 else
103 switch ($_POST['time'])
104 {
105 case 'minute':
106 $time += JIRAFEAU_MINUTE;
107 break;
108 case 'hour':
109 $time += JIRAFEAU_HOUR;
110 break;
111 case 'day':
112 $time += JIRAFEAU_DAY;
113 break;
114 case 'week':
115 $time += JIRAFEAU_WEEK;
116 break;
117 case 'month':
118 $time += JIRAFEAU_MONTH;
119 break;
120 case 'quarter':
121 $time += JIRAFEAU_QUARTER;
122 break;
123 case 'year':
124 $time += JIRAFEAU_YEAR;
125 break;
126 default:
127 $time = JIRAFEAU_INFINITY;
128 break;
129 }
130
131 // Check file size
132 if ($cfg['maximal_upload_size'] > 0 &&
133 $_FILES['file']['size'] > $cfg['maximal_upload_size'] * 1024 * 1024)
134 {
135 echo 'Error 5: Your file exceeds the maximum authorized file size.';
136 exit;
137 }
138
139 $res = jirafeau_upload ($_FILES['file'],
140 isset ($_POST['one_time_download']),
141 $key, $time, get_ip_address($cfg),
142 $cfg['enable_crypt'], $cfg['link_name_length']);
143
144 if (empty($res) || $res['error']['has_error'])
145 {
146 echo 'Error 6 ' . $res['error']['why'];
147 exit;
148 }
149 /* Print direct link. */
150 echo $res['link'];
151 /* Print delete link. */
152 echo NL;
153 echo $res['delete_link'];
154 /* Print decrypt key. */
155 echo NL;
156 echo urlencode($res['crypt_key']);
157 }
158 elseif (isset ($_GET['h']))
159 {
160 $link_name = $_GET['h'];
161 $key = '';
162 if (isset ($_POST['key']))
163 $key = $_POST['key'];
164 $d = '';
165 if (isset ($_GET['d']))
166 $d = $_GET['d'];
167
168 if (!preg_match ('/[0-9a-zA-Z_-]+$/', $link_name))
169 {
170 echo 'Error 7';
171 exit;
172 }
173
174 $link = jirafeau_get_link ($link_name);
175 if (count ($link) == 0)
176 {
177 echo 'Error 8';
178 exit;
179 }
180 if (strlen ($d) > 0 && $d == $link['link_code'])
181 {
182 jirafeau_delete_link ($link_name);
183 echo "Ok";
184 exit;
185 }
186 if ($link['time'] != JIRAFEAU_INFINITY && time () > $link['time'])
187 {
188 jirafeau_delete_link ($link_name);
189 echo 'Error 9';
190 exit;
191 }
192 if (strlen ($link['key']) > 0 && md5 ($key) != $link['key'])
193 {
194 sleep (2);
195 echo 'Error 10';
196 exit;
197 }
198 $p = s2p ($link['md5']);
199 if (!file_exists (VAR_FILES . $p . $link['md5']))
200 {
201 echo 'Error 11';
202 exit;
203 }
204
205 /* Read file. */
206 header ('Content-Length: ' . $link['file_size']);
207 header ('Content-Type: ' . $link['mime_type']);
208 header ('Content-Disposition: attachment; filename="' .
209 $link['file_name'] . '"');
210
211 $r = fopen (VAR_FILES . $p . $link['md5'], 'r');
212 while (!feof ($r))
213 {
214 print fread ($r, 1024);
215 ob_flush();
216 }
217 fclose ($r);
218
219 if ($link['onetime'] == 'O')
220 jirafeau_delete_link ($link_name);
221 exit;
222 }
223 elseif (isset ($_GET['get_capacity']))
224 {
225 echo min (jirafeau_ini_to_bytes (ini_get ('post_max_size')),
226 jirafeau_ini_to_bytes (ini_get ('upload_max_filesize')));
227 }
228 elseif (isset ($_GET['get_maximal_upload_size']))
229 {
230 echo $cfg['maximal_upload_size'];
231 }
232 elseif (isset ($_GET['get_version']))
233 {
234 echo JIRAFEAU_VERSION;
235 }
236 elseif (isset ($_GET['lang']))
237 {
238 $l=$_GET['lang'];
239 if ($l == "bash")
240 {
241 ?>
242 #!/bin/bash
243
244 # This script has been auto-generated by Jirafeau but you can still edit options below.
245
246 # Config begin
247 proxy='' # Or set JIRAFEAU_PROXY.
248 url='<?php echo $cfg['web_root']; ?>' # Or set JIRAFEAU_URL.
249 time='<?php echo $cfg['availability_default']; ?>' # Or set JIRAFEAU_TIME.
250 one_time='' # Or set JIRAFEAU_ONE_TIME.
251 curl='' # Or set JIRAFEAU_CURL_PATH.
252 # Config end
253
254 if [ -n "$JIRAFEAU_PROXY" ]; then
255 proxy="$JIRAFEAU_PROXY"
256 fi
257
258 if [ -n "$JIRAFEAU_URL" ]; then
259 url="$JIRAFEAU_URL"
260 fi
261
262 if [ -z "$url" ]; then
263 echo "Please set url in script parameters or export JIRAFEAU_URL"
264 fi
265
266 if [ -n "$JIRAFEAU_TIME" ]; then
267 time="$JIRAFEAU_TIME"
268 fi
269
270 if [ -n "$JIRAFEAU_ONE_TIME" ]; then
271 one_time='1'
272 fi
273
274 if [ -z "$curl" ]; then
275 curl="$JIRAFEAU_CURL_PATH"
276 fi
277
278 if [ -z "$curl" ] && [ -e "/usr/bin/curl" ]; then
279 curl="/usr/bin/curl"
280 fi
281
282 if [ -z "$curl" ] && [ -e "/bin/curl.exe" ]; then
283 curl="/bin/curl.exe"
284 fi
285
286 if [ -z "$curl" ]; then
287 echo "Please set your curl binary path (by editing this script or export JIRAFEAU_CURL_PATH global variable)."
288 exit
289 fi
290
291 if [ -z "$2" ]; then
292 echo "Jirafeau Bash Script <?php echo JIRAFEAU_VERSION; ?>"
293 echo "--------------------------"
294 echo "Usage:"
295 echo " $0 OPTIONS"
296 echo
297 echo "Options:"
298 echo " $0 send FILE [PASSWORD]"
299 echo " $0 get URL [PASSWORD]"
300 echo " $0 delete URL"
301 echo
302 echo "Global variables to export:"
303 echo " JIRAFEAU_PROXY: Domain and port of proxy server, eg. »proxysever.example.com:3128«"
304 echo " JIRAFEAU_URL : URI to Jirafeau installation with trailing slash, eg. »https://example.com/jirafeau/«"
305 echo " JIRAFEAU_TIME : expiration time, eg. »minute«, »hour«, »day«, »week«, »month«, »quarter«, »year« or »none«"
306 echo " JIRAFEAU_ONE_TIME : self-destroy after first download, eg. »1« to enable or »« (empty) to disable"
307 echo " JIRAFEAU_CURL : alternative path to curl binary"
308
309 exit 0
310 fi
311
312 if [ -n "$proxy" ]; then
313 proxy="-x $proxy"
314 fi
315
316 options=''
317 if [ -n "$one_time" ]; then
318 options="$options -F one_time_download=1"
319 fi
320
321 password=''
322 if [ -n "$3" ]; then
323 password="$3"
324 options="$options -F key=$password"
325 fi
326
327 apipage='script.php'
328 downloadpage='f.php'
329
330 if [ "$1" == "send" ]; then
331 if [ ! -f "$2" ]; then
332 echo "File \"$2\" does not exists."
333 exit
334 fi
335
336 # Ret result
337 res=$($curl -X POST --http1.0 $proxy $options \
338 -F "time=$time" \
339 -F "file=@$2" \
340 $url$apipage)
341
342 if [[ "$res" == Error* ]]; then
343 echo "Error while uploading."
344 echo $res
345 exit
346 fi
347
348 # Not using head or tail to minimise command dependencies
349 code=$(cnt=0; echo "$res" | while read l; do
350 if [[ "$cnt" == "0" ]]; then
351 echo "$l"
352 fi
353 cnt=$(( cnt + 1 ))
354 done)
355 del_code=$(cnt=0; echo "$res" | while read l; do
356 if [[ "$cnt" == "1" ]]; then
357 echo "$l"
358 fi
359 cnt=$(( cnt + 1 ))
360 done)
361
362 echo
363 echo "Download page:"
364 echo " ${url}${downloadpage}?h=$code"
365 echo "Direct download:"
366 echo " ${url}${downloadpage}?h=$code&d=1"
367 echo "Delete link:"
368 echo " ${url}${downloadpage}?h=$code&d=$del_code"
369 echo
370 echo "Download via API:"
371 echo " ${0} get ${url}${apipage}?h=$code [PASSWORD}"
372 echo "Delete via API:"
373 echo " ${0} delete ${url}${downloadpage}?h=$code&d=$del_code"
374
375 elif [ "$1" == "get" ]; then
376 if [ -z "$password" ]; then
377 $curl $proxy -OJ "$2"
378 else
379 $curl $proxy -OJ -X POST -F key=$password "$2"
380 fi
381 elif [ "$1" == "delete" ]; then
382 $curl $proxy "$2"
383 fi
384 <?php
385 }
386 else
387 {
388 echo 'Error 12';
389 exit;
390 }
391 }
392 /* Create alias. */
393 elseif (isset ($_GET['alias_create']))
394 {
395 $ip = get_ip_address($cfg);
396 if (!jirafeau_challenge_upload_ip ($cfg, $ip))
397 {
398 echo 'Error 13';
399 exit;
400 }
401
402 if (jirafeau_has_upload_password ($cfg) &&
403 (!isset ($_POST['upload_password']) ||
404 !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])))
405 {
406 echo 'Error 14';
407 exit;
408 }
409
410 if (!isset ($_POST['alias']) ||
411 !isset ($_POST['destination']) ||
412 !isset ($_POST['password']))
413 {
414 echo 'Error 15';
415 exit;
416 }
417
418 echo jirafeau_alias_create ($_POST['alias'],
419 $_POST['destination'],
420 $_POST['password'],
421 $ip);
422 }
423 /* Get alias. */
424 elseif (isset ($_GET['alias_get']))
425 {
426 if (!isset ($_POST['alias']))
427 {
428 echo 'Error 16';
429 exit;
430 }
431
432 echo jirafeau_alias_get ($_POST['alias']);
433 }
434 /* Update alias. */
435 elseif (isset ($_GET['alias_update']))
436 {
437 if (!isset ($_POST['alias']) ||
438 !isset ($_POST['destination']) ||
439 !isset ($_POST['password']))
440 {
441 echo 'Error 17';
442 exit;
443 }
444
445 $new_password = '';
446 if (isset ($_POST['new_password']))
447 $new_password = $_POST['new_password'];
448
449 echo jirafeau_alias_update ($_POST['alias'],
450 $_POST['destination'],
451 $_POST['password'],
452 $new_password,
453 get_ip_address($cfg));
454 }
455 /* Delete alias. */
456 elseif (isset ($_GET['alias_delete']))
457 {
458 if (!isset ($_POST['alias']) ||
459 !isset ($_POST['password']))
460 {
461 echo 'Error 18';
462 exit;
463 }
464
465 echo jirafeau_alias_delete ($_POST['alias'],
466 $_POST['password']);
467 }
468 /* Initialize an asynchronous upload. */
469 elseif (isset ($_GET['init_async']))
470 {
471 if (!jirafeau_challenge_upload_ip ($cfg, get_ip_address($cfg)))
472 {
473 echo 'Error 19';
474 exit;
475 }
476
477 if (jirafeau_has_upload_password ($cfg) &&
478 (!isset ($_POST['upload_password']) ||
479 !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])))
480 {
481 echo 'Error 20';
482 exit;
483 }
484
485 if (!isset ($_POST['filename']))
486 {
487 echo 'Error 21';
488 exit;
489 }
490
491 $type = '';
492 if (isset ($_POST['type']))
493 $type = $_POST['type'];
494
495 $key = '';
496 if (isset ($_POST['key']))
497 $key = $_POST['key'];
498
499 $time = time ();
500 if (!isset ($_POST['time']) || !$cfg['availabilities'][$_POST['time']])
501 {
502 echo 'Error 22';
503 exit;
504 }
505 else
506 switch ($_POST['time'])
507 {
508 case 'minute':
509 $time += JIRAFEAU_MINUTE;
510 break;
511 case 'hour':
512 $time += JIRAFEAU_HOUR;
513 break;
514 case 'day':
515 $time += JIRAFEAU_DAY;
516 break;
517 case 'week':
518 $time += JIRAFEAU_WEEK;
519 break;
520 case 'month':
521 $time += JIRAFEAU_MONTH;
522 break;
523 case 'quarter':
524 $time += JIRAFEAU_QUARTER;
525 break;
526 case 'year':
527 $time += JIRAFEAU_YEAR;
528 break;
529 default:
530 $time = JIRAFEAU_INFINITY;
531 break;
532 }
533 echo jirafeau_async_init ($_POST['filename'],
534 $type,
535 isset ($_POST['one_time_download']),
536 $key,
537 $time,
538 get_ip_address($cfg));
539 }
540 /* Continue an asynchronous upload. */
541 elseif (isset ($_GET['push_async']))
542 {
543 if ((!isset ($_POST['ref']))
544 || (!isset ($_FILES['data']))
545 || (!isset ($_POST['code'])))
546 echo 'Error 23';
547 else
548 {
549 echo jirafeau_async_push ($_POST['ref'],
550 $_FILES['data'],
551 $_POST['code'],
552 $cfg['maximal_upload_size']);
553 }
554 }
555 /* Finalize an asynchronous upload. */
556 elseif (isset ($_GET['end_async']))
557 {
558 if (!isset ($_POST['ref'])
559 || !isset ($_POST['code']))
560 echo 'Error 24';
561 else
562 echo jirafeau_async_end ($_POST['ref'], $_POST['code'], $cfg['enable_crypt'], $cfg['link_name_length']);
563 }
564 else
565 echo 'Error 25';
566 exit;
567 ?>

patrick-canterino.de