]> git.p6c8.net - jirafeau_project.git/blob - admin.php
README: Deny access to var on Apache using "Require all denied"
[jirafeau_project.git] / admin.php
1 <?php
2 /*
3 * Jirafeau, your web file repository
4 * Copyright (C) 2015 Jerome Jutteau <jerome@jutteau.fr>
5 *
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU Affero General Public License as
8 * published by the Free Software Foundation, either version 3 of the
9 * License, or (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Affero General Public License for more details.
15 *
16 * You should have received a copy of the GNU Affero General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19 session_start();
20 define('JIRAFEAU_ROOT', dirname(__FILE__) . '/');
21
22 require(JIRAFEAU_ROOT . 'lib/settings.php');
23 require(JIRAFEAU_ROOT . 'lib/functions.php');
24 require(JIRAFEAU_ROOT . 'lib/lang.php');
25
26 /* Check if installation is OK. */
27 if (file_exists(JIRAFEAU_ROOT . 'install.php')
28 && !file_exists(JIRAFEAU_ROOT . 'lib/config.local.php')) {
29 header('Location: install.php');
30 exit;
31 }
32
33 /* If called from CLI, no password or graphical interface */
34 if (php_sapi_name() == "cli") {
35 if ($cfg['installation_done'] == false) {
36 die("Installation not completed yet.\n");
37 }
38 if ((count($argv)>1) && $argv[1]=="clean_expired") {
39 $total = jirafeau_admin_clean();
40 echo "$total expired files deleted.\n";
41 } elseif ((count($argv)>1) && $argv[1]=="clean_async") {
42 $total = jirafeau_admin_clean_async();
43 echo "$total old unfinished transfers deleted.\n";
44 } else {
45 die("No command found. Should be admin.php <clean_expired|clean_async>.\n");
46 }
47 // Second check: Challenge by IP
48 } elseif (true === jirafeau_challenge_admin_ip($cfg, get_ip_address($cfg))) {
49 /* Disable admin interface if we have a empty admin password. */
50 if (empty($cfg['admin_password']) && empty($cfg['admin_http_auth_user'])) {
51 require(JIRAFEAU_ROOT . 'lib/template/header.php');
52 echo '<div class="error"><p>'.
53 t('NO_ADMIN') .
54 '</p></div>';
55 require(JIRAFEAU_ROOT.'lib/template/footer.php');
56 exit;
57 }
58
59 /* Logout if requested. */
60 if (jirafeau_admin_session_logged() && isset($_POST['action']) && (strcmp($_POST['action'], 'logout') == 0)) {
61 jirafeau_session_end();
62 }
63
64 if (!jirafeau_admin_session_logged()) {
65 /* Test HTTP authentication. */
66 if (!empty($cfg['admin_http_auth_user']) &&
67 ((is_array($cfg['admin_http_auth_user']) && in_array($_SERVER['PHP_AUTH_USER'], $cfg['admin_http_auth_user'])) ||
68 (($cfg['admin_http_auth_user'] == $_SERVER['PHP_AUTH_USER'])))) {
69 jirafeau_admin_session_start();
70 }
71 /* Test web password authentication. */
72 elseif (!empty($cfg['admin_password']) && isset($_POST['admin_password'])) {
73 if ($cfg['admin_password'] === hash('sha256', $_POST['admin_password'])) {
74 jirafeau_admin_session_start();
75 } else {
76 require(JIRAFEAU_ROOT . 'lib/template/header.php');
77 echo '<div class="error"><p>'. t('BAD_PSW') . '</p></div>';
78 require(JIRAFEAU_ROOT.'lib/template/footer.php');
79 exit;
80 }
81 }
82 /* Admin password prompt form. */
83 else {
84 require(JIRAFEAU_ROOT . 'lib/template/header.php'); ?>
85 <form method="post" class="form login">
86 <fieldset>
87 <table>
88 <tr>
89 <td class = "label"><label for = "enter_password">
90 <?php echo t('ADMIN_PSW') . ':'; ?></label>
91 </td>
92 </tr>
93 <tr>
94 <td class = "field"><input type = "password"
95 name = "admin_password" id = "admin_password"
96 size = "40" autocomplete = "current-password" />
97 </td>
98 </tr>
99 <tr class = "nav">
100 <td class = "nav next">
101 <input type = "submit" name = "key" value =
102 "<?php echo t('LOGIN'); ?>" />
103 </td>
104 </tr>
105 </table>
106 </fieldset>
107 </form>
108 <?php
109 require(JIRAFEAU_ROOT.'lib/template/footer.php');
110 exit;
111 }
112 }
113
114 /* Operations may take a long time.
115 * Be sure PHP's safe mode is off.
116 */
117 @set_time_limit(0);
118
119 /* Show admin interface if not downloading a file. */
120 if (!(isset($_POST['action']) && strcmp($_POST['action'], 'download') == 0)) {
121 require(JIRAFEAU_ROOT . 'lib/template/header.php'); ?><h2><?php echo t('ADMIN_INTERFACE'); ?></h2><?php
122 ?><h2>(version <?php echo JIRAFEAU_VERSION ?>)</h2><?php
123
124 if ($cfg['enable_crypt'] && !(extension_loaded('sodium'))) {
125 echo '<div class="error"><p>'.t('SODIUM_UNAVAILABLE').'</p></div>';
126 }
127
128 ?><div id = "admin">
129 <fieldset><legend><?php echo t('ACTIONS'); ?></legend>
130 <table>
131 <form method="post">
132 <tr>
133 <input type = "hidden" name = "action" value = "clean"/>
134 <?php echo jirafeau_admin_csrf_field() ?>
135 <td class = "info">
136 <?php echo t('CLEAN_EXPIRED'); ?>
137 </td>
138 <td></td>
139 <td>
140 <input type = "submit" value = "<?php echo t('CLEAN'); ?>" />
141 </td>
142 </tr>
143 </form>
144 <form method="post">
145 <tr>
146 <input type = "hidden" name = "action" value = "clean_async"/>
147 <?php echo jirafeau_admin_csrf_field() ?>
148 <td class = "info">
149 <?php echo t('CLEAN_INCOMPLETE'); ?>
150 </td>
151 <td></td>
152 <td>
153 <input type = "submit" value = "<?php echo t('CLEAN'); ?>" />
154 </td>
155 </tr>
156 </form>
157 <form method="post">
158 <tr>
159 <input type = "hidden" name = "action" value = "list"/>
160 <?php echo jirafeau_admin_csrf_field() ?>
161 <td class = "info">
162 <?php echo t('LS_FILES'); ?>
163 </td>
164 <td></td>
165 <td>
166 <input type = "submit" value = "<?php echo t('LIST'); ?>" />
167 </td>
168 </tr>
169 </form>
170 <form method="post">
171 <tr>
172 <input type = "hidden" name = "action" value = "size"/>
173 <?php echo jirafeau_admin_csrf_field() ?>
174 <td class = "info">
175 <?php echo t('SIZE_DATA'); ?>
176 </td>
177 <td></td>
178 <td>
179 <input type = "submit" value = "<?php echo t('SIZE'); ?>" />
180 </td>
181 </tr>
182 </form>
183 <form method="post">
184 <tr>
185 <input type = "hidden" name = "action" value = "search_by_name"/>
186 <?php echo jirafeau_admin_csrf_field() ?>
187 <td class = "info">
188 <?php echo t('SEARCH_NAME'); ?>
189 </td>
190 <td>
191 <input type = "text" name = "name" id = "name"/>
192 </td>
193 <td>
194 <input type = "submit" value = "<?php echo t('SEARCH'); ?>" />
195 </td>
196 </tr>
197 </form>
198 <form method="post">
199 <tr>
200 <input type = "hidden" name = "action" value = "search_by_file_hash"/>
201 <?php echo jirafeau_admin_csrf_field() ?>
202 <td class = "info">
203 <?php echo t('SEARH_BY_HASH'); ?>
204 </td>
205 <td>
206 <input type = "text" name = "hash" id = "hash"/>
207 </td>
208 <td>
209 <input type = "submit" value = "<?php echo t('SEARCH'); ?>" />
210 </td>
211 </tr>
212 </form>
213 <form method="post">
214 <tr>
215 <input type = "hidden" name = "action" value = "search_link"/>
216 <?php echo jirafeau_admin_csrf_field() ?>
217 <td class = "info">
218 <?php echo t('SEARCH_LINK'); ?>
219 </td>
220 <td>
221 <input type = "text" name = "link" id = "link"/>
222 </td>
223 <td>
224 <input type = "submit" value = "<?php echo t('SEARCH'); ?>" />
225 </td>
226 </tr>
227 </form>
228 <form method="post">
229 <tr>
230 <input type = "hidden" name = "action" value = "bug_report_info"/>
231 <?php echo jirafeau_admin_csrf_field() ?>
232 <td class = "info">
233 <?php echo t('REPORTING_AN_ISSUE'); ?>
234 </td>
235 <td></td>
236 <td>
237 <input type = "submit" value = "<?php echo t('INFO'); ?>" />
238 </td>
239 </tr>
240 </form>
241 </table>
242 <form method="post">
243 <input type = "hidden" name = "action" value = "logout" />
244 <?php echo jirafeau_admin_csrf_field() ?>
245 <input type = "submit" value = "<?php echo t('LOGOUT'); ?>" />
246 </form>
247 </fieldset></div><?php
248 }
249
250 /* Check for actions */
251 if (isset($_POST['action'])) {
252 if (strcmp($_POST['action'], 'clean') == 0) {
253 $total = jirafeau_admin_clean();
254 echo '<div class="message">' . NL;
255 echo '<p>';
256 echo t('CLEANED_FILES_CNT') . ' : ' . $total;
257 echo '</p></div>';
258 } elseif (strcmp($_POST['action'], 'clean_async') == 0) {
259 $total = jirafeau_admin_clean_async();
260 echo '<div class="message">' . NL;
261 echo '<p>';
262 echo t('CLEANED_FILES_CNT') . ' : ' . $total;
263 echo '</p></div>';
264 } elseif (strcmp($_POST['action'], 'size') == 0) {
265 $size = jirafeau_dir_size($cfg['var_root']);
266 $human_size = jirafeau_human_size($size);
267 echo '<div class="message">' . NL;
268 echo '<p>' . t('SIZE_DATA') . ': ' . $human_size .'</p>';
269 echo '</div>';
270 } elseif (strcmp($_POST['action'], 'list') == 0) {
271 jirafeau_admin_list("", "", "");
272 } elseif (strcmp($_POST['action'], 'search_by_name') == 0) {
273 jirafeau_admin_list($_POST['name'], "", "");
274 } elseif (strcmp($_POST['action'], 'search_by_file_hash') == 0) {
275 jirafeau_admin_list("", $_POST['hash'], "");
276 } elseif (strcmp($_POST['action'], 'search_link') == 0) {
277 jirafeau_admin_list("", "", $_POST['link']);
278 } elseif (strcmp($_POST['action'], 'delete_link') == 0) {
279 jirafeau_delete_link($_POST['link']);
280 echo '<div class="message">' . NL;
281 echo '<p>' . t('LINK_DELETED') . '</p></div>';
282 } elseif (strcmp($_POST['action'], 'delete_file') == 0) {
283 $count = jirafeau_delete_file($_POST['hash']);
284 echo '<div class="message">' . NL;
285 echo '<p>' . t('DELETED_LINKS') . ' : ' . $count . '</p></div>';
286 } elseif (strcmp($_POST['action'], 'download') == 0) {
287 $l = jirafeau_get_link($_POST['link']);
288 if (!count($l)) {
289 return;
290 }
291 $p = s2p($l['hash']);
292 header('Content-Length: ' . $l['file_size']);
293 header('Content-Type: ' . $l['mime_type']);
294 header('Content-Disposition: attachment; filename="' .
295 $l['file_name'] . '"');
296 if (file_exists(VAR_FILES . $p . $l['hash'])) {
297 $r = fopen(VAR_FILES . $p . $l['hash'], 'r');
298 while (!feof($r)) {
299 print fread($r, 1024);
300 }
301 fclose($r);
302 }
303 exit;
304 } elseif (strcmp($_POST['action'], 'bug_report_info') == 0) {
305 echo jirafeau_admin_bug_report($cfg);
306 }
307 }
308
309 require(JIRAFEAU_ROOT.'lib/template/footer.php');
310 } else {
311 require(JIRAFEAU_ROOT . 'lib/template/header.php');
312 jirafeau_fatal_error(t('ACCESS_KO'), $cfg);
313 }
314 ?>

patrick-canterino.de