]> git.p6c8.net - jirafeau_mojo42.git/blob - index.php
[FEATURE] Add check ip_nopassword in challenge_upload function
[jirafeau_mojo42.git] / index.php
1 <?php
2 /*
3 * Jirafeau, your web file repository
4 * Copyright (C) 2013
5 * Jerome Jutteau <j.jutteau@gmail.com>
6 * Jimmy Beauvois <jimmy.beauvois@gmail.com>
7 *
8 * This program is free software: you can redistribute it and/or modify
9 * it under the terms of the GNU Affero General Public License as
10 * published by the Free Software Foundation, either version 3 of the
11 * License, or (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU Affero General Public License for more details.
17 *
18 * You should have received a copy of the GNU Affero General Public License
19 * along with this program. If not, see <https://www.gnu.org/licenses/>.
20 */
21 session_start();
22 define('JIRAFEAU_ROOT', dirname(__FILE__) . '/');
23
24 require(JIRAFEAU_ROOT . 'lib/settings.php');
25 require(JIRAFEAU_ROOT . 'lib/functions.php');
26 require(JIRAFEAU_ROOT . 'lib/lang.php');
27
28 check_errors($cfg);
29 if (has_error()) {
30 show_errors();
31 require(JIRAFEAU_ROOT . 'lib/template/footer.php');
32 exit;
33 }
34
35 require(JIRAFEAU_ROOT . 'lib/template/header.php');
36
37 /* Check if user is allowed to upload. */
38 // First check: Challenge by IP NO PASSWORD
39 if (true === jirafeau_challenge_upload_ip($cfg['upload_ip_nopassword'], get_ip_address($cfg))) {
40 }
41 // Second check: Challenge by IP
42 elseif (true === jirafeau_challenge_upload_ip($cfg['upload_ip'], get_ip_address($cfg))) {
43 // Is an upload password required?
44 if (jirafeau_has_upload_password($cfg)) {
45 // Logout action
46 if (isset($_POST['action']) && (strcmp($_POST['action'], 'logout') == 0)) {
47 session_unset();
48 }
49
50 // Challenge by password
51 // …save successful logins in session
52 if (isset($_POST['upload_password'])) {
53 if (jirafeau_challenge_upload_password($cfg, $_POST['upload_password'])) {
54 $_SESSION['upload_auth'] = true;
55 $_SESSION['user_upload_password'] = $_POST['upload_password'];
56 } else {
57 $_SESSION['admin_auth'] = false;
58 jirafeau_fatal_error(t('BAD_PSW'), $cfg);
59 }
60 }
61
62 // Show login form if user session is not authorized yet
63 if (true === empty($_SESSION['upload_auth'])) {
64 ?>
65 <form method="post" class="form login">
66 <fieldset>
67 <table>
68 <tr>
69 <td class = "label"><label for = "enter_password">
70 <?php echo t('UP_PSW') . ':'; ?></label>
71 </td>
72 </tr><tr>
73 <td class = "field"><input type = "password"
74 name = "upload_password" id = "upload_password"
75 size = "40" />
76 </td>
77 </tr>
78 <tr class = "nav">
79 <td class = "nav next">
80 <input type = "submit" name = "key" value =
81 "<?php echo t('LOGIN'); ?>" />
82 </td>
83 </tr>
84 </table>
85 </fieldset>
86 </form>
87 <?php
88 require(JIRAFEAU_ROOT.'lib/template/footer.php');
89 exit;
90 }
91 }
92 }
93 else {
94 jirafeau_fatal_error(t('ACCESS_KO'), $cfg);
95 }
96
97 ?>
98 <div id="upload_finished">
99 <p><?php echo t('FILE_UP') ?></p>
100
101 <div id="upload_finished_download_page">
102 <p>
103 <a id="upload_link" href=""><?php echo t('DL_PAGE') ?></a>
104 <a id="upload_link_email" href=""><img id="upload_image_email"/></a>
105 </p><p>
106 <code id=upload_link_text></code>
107 <button id="upload_link_button"></button>
108 </p>
109 </div>
110
111 <?php if ($cfg['preview'] == true) {
112 ?>
113 <div id="upload_finished_preview">
114 <p>
115 <a id="preview_link" href=""><?php echo t('VIEW_LINK') ?></a>
116 </p><p>
117 <code id=preview_link_text></code>
118 <button id="preview_link_button"></button>
119 </p>
120 </div>
121 <?php
122 } ?>
123
124 <div id="upload_direct_download">
125 <p>
126 <a id="direct_link" href=""><?php echo t('DIRECT_DL') ?></a>
127 </p><p>
128 <code id=direct_link_text></code>
129 <button id="direct_link_button"></button>
130 </p>
131 </div>
132
133 <div id="upload_delete">
134 <p>
135 <a id="delete_link" href=""><?php echo t('DELETE_LINK') ?></a>
136 </p><p>
137 <code id=delete_link_text></code>
138 <button id="delete_link_button"></button>
139 </p>
140 </div>
141
142 <div id="upload_validity">
143 <p><?php echo t('VALID_UNTIL'); ?>:</p>
144 <p id="date"></p>
145 </div>
146 </div>
147
148 <div id="uploading">
149 <p>
150 <?php echo t('UP'); ?>
151 <div id="uploaded_percentage"></div>
152 <div id="uploaded_speed"></div>
153 <div id="uploaded_time"></div>
154 </p>
155 </div>
156
157 <div id="error_pop" class="error">
158 </div>
159
160 <div id="upload">
161 <fieldset>
162 <legend>
163 <?php echo t('SEL_FILE'); ?>
164 </legend>
165 <p>
166 <input type="file" id="file_select" size="30"
167 onchange="control_selected_file_size(<?php echo $cfg['maximal_upload_size'] ?>, '<?php echo t('2_BIG') . ', ' . t('FILE_LIM') . " " . $cfg['maximal_upload_size'] . " MB"; ?>')"/>
168 </p>
169
170 <div id="options">
171 <table id="option_table">
172 <tr>
173 <td><?php echo t('ONE_TIME_DL'); ?>:</td>
174 <td><input type="checkbox" id="one_time_download" /></td>
175 </tr>
176 <tr>
177 <td><label for="input_key"><?php echo t('PSW') . ':'; ?></label></td>
178 <td><input type="text" name="key" id="input_key" /></td>
179 </tr>
180 <tr>
181 <td><label for="select_time"><?php echo t('TIME_LIM') . ':'; ?></label></td>
182 <td><select name="time" id="select_time">
183 <?php
184 $expirationTimeOptions = array(
185 array(
186 'value' => 'minute',
187 'label' => '1_MIN'
188 ),
189 array(
190 'value' => 'hour',
191 'label' => '1_H'
192 ),
193 array(
194 'value' => 'day',
195 'label' => '1_D'
196 ),
197 array(
198 'value' => 'week',
199 'label' => '1_W'
200 ),
201 array(
202 'value' => 'month',
203 'label' => '1_M'
204 ),
205 array(
206 'value' => 'quarter',
207 'label' => '1_Q'
208 ),
209 array(
210 'value' => 'year',
211 'label' => '1_Y'
212 ),
213 array(
214 'value' => 'none',
215 'label' => 'NONE'
216 )
217 );
218 foreach ($expirationTimeOptions as $expirationTimeOption) {
219 $selected = ($expirationTimeOption['value'] === $cfg['availability_default'])? 'selected="selected"' : '';
220 if (true === $cfg['availabilities'][$expirationTimeOption['value']]) {
221 echo '<option value="' . $expirationTimeOption['value'] . '" ' .
222 $selected . '>' . t($expirationTimeOption['label']) . '</option>';
223 }
224 }
225 ?>
226 </select></td>
227 </tr>
228
229 <?php
230 if ($cfg['maximal_upload_size'] > 0) {
231 echo '<p class="config">' . t('FILE_LIM');
232 echo " " . $cfg['maximal_upload_size'] . " MB</p>";
233 }
234 ?>
235
236 <p id="max_file_size" class="config"></p>
237 <p>
238 <?php
239 if (jirafeau_has_upload_password($cfg) && $_SESSION['upload_auth']) {
240 ?>
241 <input type="hidden" id="upload_password" name="upload_password" value="<?php echo $_SESSION['user_upload_password'] ?>"/>
242 <?php
243
244 } else {
245 ?>
246 <input type="hidden" id="upload_password" name="upload_password" value=""/>
247 <?php
248
249 }
250 ?>
251 <input type="submit" id="send" value="<?php echo t('SEND'); ?>"
252 onclick="
253 document.getElementById('upload').style.display = 'none';
254 document.getElementById('uploading').style.display = '';
255 upload (<?php echo jirafeau_get_max_upload_size_bytes(); ?>);
256 "/>
257 </p>
258 </table>
259 </div> </fieldset>
260
261 <?php
262 if (jirafeau_has_upload_password($cfg)
263 && false === jirafeau_challenge_upload_ip($cfg['upload_ip_nopassword'], get_ip_address($cfg))) {
264 ?>
265 <form method="post" class="form logout">
266 <input type = "hidden" name = "action" value = "logout"/>
267 <input type = "submit" value = "<?php echo t('LOGOUT'); ?>" />
268 </form>
269 <?php
270
271 }
272 ?>
273
274 </div>
275
276 <script type="text/javascript" lang="Javascript">
277 // @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-v3-or-Later
278 document.getElementById('error_pop').style.display = 'none';
279 document.getElementById('uploading').style.display = 'none';
280 document.getElementById('upload_finished').style.display = 'none';
281 document.getElementById('options').style.display = 'none';
282 document.getElementById('send').style.display = 'none';
283 if (!check_html5_file_api ())
284 document.getElementById('max_file_size').innerHTML = '<?php
285 echo t('NO_BROWSER_SUPPORT') . jirafeau_get_max_upload_size();
286 ?>';
287
288 addCopyListener('upload_link_button', 'upload_link');
289 addCopyListener('preview_link_button', 'preview_link');
290 addCopyListener('direct_link_button', 'direct_link');
291 addCopyListener('delete_link_button', 'delete_link');
292 // @license-end
293 </script>
294 <?php require(JIRAFEAU_ROOT . 'lib/template/footer.php'); ?>

patrick-canterino.de