file.php

   1 <?php
   2 /*
   3  *  Jirafeau, your web file repository
   4  *  Copyright (C) 2008  Julien "axolotl" BERNARD <axolotl@magieeternelle.org>
   5  *  Copyright (C) 2012  Jerome Jutteau <j.jutteau@gmail.com>
   6  *
   7  *  This program is free software: you can redistribute it and/or modify
   8  *  it under the terms of the GNU Affero General Public License as
   9  *  published by the Free Software Foundation, either version 3 of the
  10  *  License, or (at your option) any later version.
  11  *
  12  *  This program is distributed in the hope that it will be useful,
  13  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  *  GNU Affero General Public License for more details.
  16  *
  17  *  You should have received a copy of the GNU Affero General Public License
  18  *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19  */
  20 define ('JIRAFEAU_ROOT', dirname (__FILE__) . '/');
  21
  22 require (JIRAFEAU_ROOT.'lib/config.php');
  23 require (JIRAFEAU_ROOT.'lib/settings.php');
  24 require (JIRAFEAU_ROOT.'lib/functions.php');
  25
  26 if (isset ($_GET['h']) && !empty ($_GET['h']))
  27 {
  28     $link_name = $_GET['h'];
  29
  30     $delete_code = '';
  31     if (isset ($_GET['d']) && !empty ($_GET['d']))
  32         $delete_code = $_GET['d'];
  33
  34     if (!ereg ('[0-9a-f]{32}$', $link_name))
  35     {
  36         header ("HTTP/1.0 404 Not Found");
  37
  38         require (JIRAFEAU_ROOT.'lib/template/header.php');
  39         echo '<div class="error"><p>Error 404: Not Found</p></div>';
  40         require (JIRAFEAU_ROOT.'lib/template/footer.php');
  41         exit;
  42     }
  43
  44     $link_file = VAR_LINKS.$link_name;
  45     if (file_exists ($link_file))
  46     {
  47         $content = file ($link_file);
  48         $file_name = trim ($content[0]);
  49         $mime_type = trim ($content[1]);
  50         $file_size = trim ($content[2]);
  51         $key = trim ($content[3], NL);
  52         $time = trim ($content[4]);
  53         $md5 = trim ($content[5]);
  54         $onetime = trim ($content[6]);
  55         $link_code = trim ($content[9]);
  56
  57         if (!file_exists (VAR_FILES.$md5))
  58         {
  59             jirafeau_delete ($link_name);
  60             require (JIRAFEAU_ROOT.'lib/template/header.php');
  61             echo '<div class="error"><p>'._('File not available.').
  62                 '</p></div>';
  63             require (JIRAFEAU_ROOT.'lib/template/footer.php');
  64             exit;
  65         }
  66
  67         if (!empty ($delete_code) && $delete_code == $link_code)
  68         {
  69             jirafeau_delete ($link_name);
  70             require (JIRAFEAU_ROOT.'lib/template/header.php');
  71             echo '<div class="message"><p>'._('File has been deleted.').
  72                  '</p></div>';
  73             require (JIRAFEAU_ROOT.'lib/template/footer.php');
  74             exit;
  75         }
  76
  77         if ($time != JIRAFEAU_INFINITY && time ()> $time)
  78         {
  79             jirafeau_delete ($link_name);
  80             require (JIRAFEAU_ROOT.'lib/template/header.php');
  81             echo '<div class="error"><p>'.
  82                 _('The time limit of this file has expired.' .
  83                   'It has been deleted.') . '</p></div>';
  84             require (JIRAFEAU_ROOT.'lib/template/footer.php');
  85             exit;
  86         }
  87
  88         if (!empty ($key))
  89         {
  90             if (!isset ($_POST['key']))
  91             {
  92                 require (JIRAFEAU_ROOT.'lib/template/header.php');
  93                 ?><div id = "upload">
  94                     <form action =
  95                     "<?php echo $_SERVER['REQUEST_URI']; ?>" method =
  96                     "post"> <input type = "hidden" name = "jirafeau" value =
  97                     "<?php echo JIRAFEAU_VERSION; ?>" /><fieldset>
  98                     <legend><?php echo _('Key protection');
  99                 ?></legend> <table> <tr>
 100                     <td><?php echo _('Give the key of this file:');
 101                 ?><input type = "password" name =
 102                     "key" /></td> </tr> <tr> <td><input type =
 103                     "submit" value =
 104                     "<?php echo _('I have the right to download this file'); ?>"
 105                     /></td> </tr> </table> </fieldset> </form> </div>
 106                     <?php require (JIRAFEAU_ROOT.'lib/template/footer.php');
 107                 exit;
 108             }
 109             else
 110             {
 111                 if ($key != md5 ($_POST['key']))
 112                 {
 113                     header ("HTTP/1.0 403 Forbidden");
 114
 115                     require (JIRAFEAU_ROOT.'lib/template/header.php');
 116                     echo '<div class="error"><p>Error 403: Forbidden</p></div>';
 117                     require (JIRAFEAU_ROOT.'lib/template/footer.php');
 118                     exit;
 119                 }
 120             }
 121         }
 122
 123         header ('Content-Length: ' . $file_size);
 124         header ('Content-Type: ' . $mime_type);
 125         if (!jirafeau_is_viewable ($mime_type))
 126         {
 127             header ('Content-Disposition: attachment; filename="' .
 128                     $file_name . '"');
 129         }
 130         readfile (VAR_FILES.$md5);
 131
 132         if ($onetime == 'O')
 133             jirafeau_delete ($link_name);
 134         exit;
 135     }
 136     else
 137     {
 138         header ("HTTP/1.0 404 Not Found");
 139
 140         require (JIRAFEAU_ROOT.'lib/template/header.php');
 141         echo '<div class="error"><p>Error 404: Not Found</p></div>';
 142         require (JIRAFEAU_ROOT.'lib/template/footer.php');
 143         exit;
 144     }
 145 }
 146 else
 147 {
 148     header ('Location: '.$cfg['web_root']);
 149     exit;
 150 }
 151
 152 ?>