return true;
} elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) ) {
return true;
+ } elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
+ if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
+ return true;
}
return false;
}
}
/**
- * tells if a mime-type is viewable in a browser
+ * Tells if a mime-type is viewable in a browser
* @param $mime the mime type
* @returns a boolean telling if a mime type is viewable
*/
* @param $ref asynchronous upload reference
* @param $file piece of data
* @param $code client code for this operation
+ * @param $max_file_size maximum allowed file size
* @return a string containing a next code to use or the string "Error"
*/
function
-jirafeau_async_push ($ref, $data, $code)
+jirafeau_async_push ($ref, $data, $code, $max_file_size)
{
/* Get async infos. */
$a = jirafeau_get_async_ref ($ref);
$p = s2p ($ref);
+ /* File path. */
+ $r_path = $data['tmp_name'];
+ $w_path = VAR_ASYNC . $p . $ref . '_data';
+
+ /* Check that file size is not above upload limit. */
+ if ($max_file_size > 0 &&
+ filesize ($r_path) + filesize ($w_path) > $max_file_size * 1024 * 1024)
+ {
+ jirafeau_async_delete ($ref);
+ return "Error";
+ }
+
/* Concatenate data. */
- $r = fopen ($data['tmp_name'], 'r');
- $w = fopen (VAR_ASYNC . $p . $ref . '_data', 'a');
+ $r = fopen ($r_path, 'r');
+ $w = fopen ($w_path, 'a');
while (!feof ($r))
{
if (fwrite ($w, fread ($r, 1024)) === false)
}
fclose ($r);
fclose ($w);
- unlink ($data['tmp_name']);
+ unlink ($r_path);
/* Update async file. */
$code = jirafeau_gen_random (4);
* @param $ref asynchronous upload reference
* @param $code client code for this operation
* @param $crypt boolean asking to crypt or not
- * @param $link_name_length link name lenght
+ * @param $link_name_length link name length
* @return a string containing the download reference followed by a delete code or the string "Error"
*/
function
return false;
}
+/**
+ * Test if visitor's IP is authorized to upload.
+ * @param $ip IP to be challenged
+ * @return true if IP is authorized, false otherwise.
+ */
+function jirafeau_challenge_upload_ip ($cfg, $ip)
+{
+ if (count ($cfg['upload_ip']) == 0)
+ return true;
+ forEach ($cfg['upload_ip'] as $i)
+ {
+ if ($i == $ip)
+ return true;
+ // CIDR test for IPv4 only.
+ if (strpos ($i, '/') !== false)
+ {
+ list ($subnet, $mask) = explode('/', $i);
+ if ((ip2long ($ip) & ~((1 << (32 - $mask)) - 1) ) == ip2long ($subnet))
+ return true;
+ }
+ }
+ return false;
+}
+
+/**
+ * Get the ip address of the client from REMOTE_ADDR
+ * or from HTTP_X_FORWARDED_FOR if behind a proxy
+ * @returns an the client ip address
+ */
+function get_ip_address($cfg) {
+ if (count ($cfg['proxy_ip']) == 0 ||
+ empty ($_SERVER['HTTP_X_FORWARDED_FOR']))
+ return $_SERVER['REMOTE_ADDR'];
+
+ $iplist = explode (',', $_SERVER['HTTP_X_FORWARDED_FOR']);
+ if (count ($iplist) == 0)
+ return $_SERVER['REMOTE_ADDR'];
+
+ foreach ($cfg['proxy_ip'] as $proxy_ip)
+ {
+ if ($_SERVER['REMOTE_ADDR'] != $proxy_ip)
+ continue;
+
+ // Take the last IP (the one which has been set by our proxy).
+ $ip = end($iplist);
+ $ip = preg_replace ('/\s+/', '', $ip);
+ return $ip;
+ }
+ return $_SERVER['REMOTE_ADDR'];
+}
+
+/**
+ * Convert hexadecimal string to base64
+ */
+function hex_to_base64($hex)
+{
+ $b = '';
+ foreach (str_split ($hex, 2) as $pair)
+ $b .= chr (hexdec ($pair));
+ return base64_encode ($b);
+}
git.p6c8.net / jirafeau_mojo42.git / blobdiff