]> git.p6c8.net - jirafeau_project.git/blob - f.php
Merge branch 'bug_admin_download_encrypted' into 'next-release'
[jirafeau_project.git] / f.php
1 <?php
2 /*
3 * Jirafeau, your web file repository
4 * Copyright (C) 2008 Julien "axolotl" BERNARD <axolotl@magieeternelle.org>
5 * Copyright (C) 2015 Jerome Jutteau <jerome@jutteau.fr>
6 * Copyright (C) 2024 Jirafeau project <https://gitlab.com/jirafeau> (see AUTHORS.md)
7 *
8 * This program is free software: you can redistribute it and/or modify
9 * it under the terms of the GNU Affero General Public License as
10 * published by the Free Software Foundation, either version 3 of the
11 * License, or (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU Affero General Public License for more details.
17 *
18 * You should have received a copy of the GNU Affero General Public License
19 * along with this program. If not, see <https://www.gnu.org/licenses/>.
20 */
21 define('JIRAFEAU_ROOT', dirname(__FILE__) . '/');
22
23 require(JIRAFEAU_ROOT . 'lib/settings.php');
24 require(JIRAFEAU_ROOT . 'lib/functions.php');
25 require(JIRAFEAU_ROOT . 'lib/lang.php');
26
27 if (!isset($_GET['h']) || empty($_GET['h'])) {
28 header('Location: ./');
29 exit;
30 }
31
32 /* Operations may take a long time.
33 * Be sure PHP's safe mode is off.
34 */
35 @set_time_limit(0);
36
37 $link_name = $_GET['h'];
38
39 if (!preg_match('/[0-9a-zA-Z_-]+$/', $link_name)) {
40 require(JIRAFEAU_ROOT.'lib/template/header.php');
41 echo '<div class="error"><p>' . t('FILE_404') . '</p></div>';
42 require(JIRAFEAU_ROOT.'lib/template/footer.php');
43 exit;
44 }
45
46 $link = jirafeau_get_link($link_name);
47 if (count($link) == 0) {
48 require(JIRAFEAU_ROOT.'lib/template/header.php');
49 echo '<div class="error"><p>' . t('FILE_404') .
50 '</p></div>';
51 require(JIRAFEAU_ROOT.'lib/template/footer.php');
52 exit;
53 }
54
55 $delete_code = '';
56 if (isset($_GET['d']) && !empty($_GET['d']) && $_GET['d'] != '1') {
57 $delete_code = $_GET['d'];
58 }
59
60 $crypt_key = '';
61 if (isset($_GET['k']) && !empty($_GET['k'])) {
62 $crypt_key = $_GET['k'];
63 }
64
65 $do_download = false;
66 if (isset($_GET['d']) && $_GET['d'] == '1') {
67 $do_download = true;
68 }
69
70 $do_preview = false;
71 if (isset($_GET['p']) && !empty($_GET['p'])) {
72 $do_preview = true;
73 }
74
75 $p = s2p($link['hash']);
76 if (!file_exists(VAR_FILES . $p . $link['hash'])) {
77 jirafeau_delete_link($link_name);
78 require(JIRAFEAU_ROOT.'lib/template/header.php');
79 echo '<div class="error"><p>'.t('FILE_NOT_AVAIL').
80 '</p></div>';
81 require(JIRAFEAU_ROOT.'lib/template/footer.php');
82 exit;
83 }
84
85 if (!empty($delete_code) && $delete_code == $link['link_code']) {
86 require(JIRAFEAU_ROOT.'lib/template/header.php');
87 if (isset($_POST['do_delete'])) {
88 jirafeau_delete_link($link_name);
89 echo '<div class="message"><p>'.t('FILE_DELETED').
90 '</p></div>';
91 } else { ?>
92 <div>
93 <form action="<?php echo 'f.php?h=' . $link_name . '&amp;d=' . $delete_code; ?>" method="post" id="submit_delete_post" class="form login">
94 <input type="hidden" name="do_delete" value="1" />
95 <fieldset>
96 <legend> <?php echo t('CONFIRM_DEL') ?> </legend>
97 <table>
98 <tr><td>
99 <?php echo t('GONNA_DEL') . ' "' . jirafeau_escape($link['file_name']) . '" (' . jirafeau_human_size($link['file_size']) . ').' ?>
100 </td></tr>
101 <tr><td>
102 <?php echo t('USING_SERVICE'). ' <a href="tos.php" target="_blank" rel="noopener noreferrer">' . t('TOS') . '</a>.' ?>
103 </td></tr>
104 <tr><td>
105 <input type="submit" id="submit_delete" value="<?php echo t('DELETE'); ?>"/>
106 </td></tr>
107 </table>
108 </fieldset></form></div><?php
109 }
110 require(JIRAFEAU_ROOT.'lib/template/footer.php');
111 exit;
112 }
113
114 if ($link['time'] != JIRAFEAU_INFINITY && time() > $link['time']) {
115 jirafeau_delete_link($link_name);
116 require(JIRAFEAU_ROOT.'lib/template/header.php');
117 echo '<div class="error"><p>'.
118 t('FILE_EXPIRED') . ' ' .
119 t('FILE_DELETED') .
120 '</p></div>';
121 require(JIRAFEAU_ROOT . 'lib/template/footer.php');
122 exit;
123 }
124
125 if (empty($crypt_key) && $link['crypted']) {
126 require(JIRAFEAU_ROOT.'lib/template/header.php');
127 echo '<div class="error"><p>' . t('FILE_404') .
128 '</p></div>';
129 require(JIRAFEAU_ROOT.'lib/template/footer.php');
130 exit;
131 }
132
133 $password_challenged = false;
134 if (!empty($link['key'])) {
135 if (!isset($_POST['key'])) {
136 require(JIRAFEAU_ROOT.'lib/template/header.php');
137 echo '<div>' .
138 '<form action="f.php" method="post" id="submit_post" class="form login">'; ?>
139 <input type = "hidden" name = "jirafeau" value = "<?php echo JIRAFEAU_VERSION ?>"/><?php
140 echo '<fieldset>' .
141 '<legend>' . t('PSW_PROTEC') .
142 '</legend><table><tr><td>' .
143 t('GIMME_PSW') . ' : ' .
144 '<input type = "password" name = "key" autocomplete = "current-password"/>' .
145 '</td></tr>' .
146 '<tr><td>' .
147 t('USING_SERVICE'). ' <a href="tos.php" target="_blank" rel="noopener noreferrer">' . t('TOS') . '</a>.' .
148 '</td></tr>';
149
150 if ($link['onetime'] == 'O') {
151 echo '<tr><td id="self_destruct">' .
152 t('AUTO_DESTRUCT') .
153 '</td></tr>';
154 } ?><tr><td><input type="submit" id = "submit_download" value="<?php echo t('DL'); ?>"
155 onclick="document.getElementById('submit_post').action='<?php
156 echo 'f.php?h=' . $link_name . '&amp;d=1';
157 if (!empty($crypt_key)) {
158 echo '&amp;k=' . urlencode($crypt_key);
159 } ?>';
160 document.getElementById('submit_download').submit ();"/><?php
161 if ($cfg['preview'] && jirafeau_is_viewable($link['mime_type'])) {
162 ?><input type="submit" id = "submit_preview" value="<?php echo t('PREVIEW'); ?>"
163 onclick="document.getElementById('submit_post').action='<?php
164 echo 'f.php?h=' . $link_name . '&amp;p=1';
165 if (!empty($crypt_key)) {
166 echo '&amp;k=' . urlencode($crypt_key);
167 } ?>';
168 document.getElementById('submit_preview').submit ();"/><?php
169 }
170 echo '</td></tr></table></fieldset></form></div>';
171 require(JIRAFEAU_ROOT.'lib/template/footer.php');
172 exit;
173 } else {
174 if ($link['key'] == md5($_POST['key'])) {
175 $password_challenged = true;
176 } else {
177 sleep(2);
178 require(JIRAFEAU_ROOT.'lib/template/header.php');
179 echo '<div class="error"><p>' . t('ACCESS_KO') .
180 '</p></div>';
181 require(JIRAFEAU_ROOT.'lib/template/footer.php');
182 exit;
183 }
184 }
185 }
186
187 if (!$password_challenged && !$do_download && !$do_preview) {
188 require(JIRAFEAU_ROOT.'lib/template/header.php');
189 echo '<div>' .
190 '<form action="f.php" method="post" id="submit_post" class="form download">'; ?>
191 <input type = "hidden" name = "jirafeau" value = "<?php echo JIRAFEAU_VERSION ?>"/><?php
192 echo '<fieldset><legend>' . jirafeau_escape($link['file_name']) . '</legend><table>' .
193 '<tr><td>' .
194 t('NOW_DOWNLOADING') . ' "' . jirafeau_escape($link['file_name']) . '" (' . jirafeau_human_size($link['file_size']) . ').' .
195 '</td></tr>' .
196 '<tr><td>' .
197 t('USING_SERVICE'). ' <a href="tos.php" target="_blank" rel="noopener noreferrer">' . t('TOS') . '</a>.' .
198 '</td></tr>';
199
200 if ($link['onetime'] == 'O') {
201 echo '<tr><td id="self_destruct">' .
202 t('AUTO_DESTRUCT') .
203 '</td></tr>';
204 } ?>
205 <tr><td><input type="submit" id = "submit_download" value="<?php echo t('DL'); ?>"
206 onclick="document.getElementById('submit_post').action='<?php
207 echo 'f.php?h=' . $link_name . '&amp;d=1';
208 if (!empty($crypt_key)) {
209 echo '&amp;k=' . urlencode($crypt_key);
210 } ?>';
211 document.getElementById('submit_post').submit ();"/><?php
212
213 if ($cfg['preview'] && jirafeau_is_viewable($link['mime_type'])) {
214 ?><input type="submit" id = "submit_preview" value="<?php echo t('PREVIEW'); ?>"
215 onclick="document.getElementById('submit_post').action='<?php
216 echo 'f.php?h=' . $link_name . '&amp;p=1';
217 if (!empty($crypt_key)) {
218 echo '&amp;k=' . urlencode($crypt_key);
219 } ?>';
220 document.getElementById('submit_post').submit ();"/><?php
221 }
222 echo '</td></tr>';
223 echo '</table></fieldset></form></div>';
224 require(JIRAFEAU_ROOT.'lib/template/footer.php');
225 exit;
226 }
227
228 header('HTTP/1.0 200 OK');
229 header('Content-Length: ' . $link['file_size']);
230 if (!jirafeau_is_viewable($link['mime_type']) || !$cfg['preview'] || $do_download) {
231 header('Content-Disposition: attachment; filename="' . $link['file_name'] . '"');
232 } else {
233 header('Content-Disposition: filename="' . $link['file_name'] . '"');
234 }
235 header('Content-Type: ' . $link['mime_type']);
236 if ($cfg['file_hash'] == "md5") {
237 header('Content-MD5: ' . hex_to_base64($link['hash']));
238 }
239 if ($cfg['litespeed_workaround']) {
240 // Work around that LiteSpeed truncates large files.
241 // See https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:config:internal-redirect
242 if ($_GET['litespeed_workaround'] == 'phase2') {
243 $file_web_path = preg_replace('#^' . $_SERVER['DOCUMENT_ROOT'] . '#', '', VAR_FILES);
244 header('X-LiteSpeed-Location: ' . $file_web_path . $p . $link['hash']);
245 } else {
246 // Since Content-Type isn't forwarded by LiteSpeed, first
247 // redirect to the same URL but append the file name.
248 header('Location: ' . $_SERVER['PHP_SELF'] . '/' . $link['file_name'] . '?' .
249 $_SERVER['QUERY_STRING'] . '&litespeed_workaround=phase2');
250 }
251 }
252 /* Read encrypted file (Sodium mode). */
253 elseif ($link['crypted']) {
254 jirafeau_decrypt_file(VAR_FILES . $p . $link['hash'], 'php://output', $crypt_key);
255 }
256 /* Read encrypted file (legacy mode using mcrypt). */
257 elseif ($link['crypted_legacy']) {
258 jirafeau_decrypt_file_legacy(VAR_FILES . $p . $link['hash'], 'php://output', $crypt_key);
259 }
260 /* Read file. */
261 else {
262 if ($cfg['use_xsendfile']) {
263 $file_web_path = preg_replace('#^' . $_SERVER['DOCUMENT_ROOT'] . '#', '', VAR_FILES);
264 header('X-Sendfile: ' . $file_web_path . $p . $link['hash']);
265 } else {
266 $r = fopen(VAR_FILES . $p . $link['hash'], 'r');
267 while (!feof($r)) {
268 print fread($r, 1024);
269 }
270 fclose($r);
271 }
272 }
273
274 if ($link['onetime'] == 'O') {
275 jirafeau_delete_link($link_name);
276 }
277
278 jirafeau_write_download_stats($link_name, get_ip_address($cfg));
279
280 exit;
281
282 ?>

patrick-canterino.de