script.php

   1 <?php
   2 /*
   3  *  Jirafeau, your web file repository
   4  *  Copyright (C) 2015  Jerome Jutteau <j.jutteau@gmail.com>
   5  *
   6  *  This program is free software: you can redistribute it and/or modify
   7  *  it under the terms of the GNU Affero General Public License as
   8  *  published by the Free Software Foundation, either version 3 of the
   9  *  License, or (at your option) any later version.
  10  *
  11  *  This program is distributed in the hope that it will be useful,
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *  GNU Affero General Public License for more details.
  15  *
  16  *  You should have received a copy of the GNU Affero General Public License
  17  *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
  18  */
  19
  20 /*
  21  * This file permits to easyly script file sending, receiving, deleting, ...
  22  * If you don't want this feature, you can simply delete this file from your
  23  * web directory.
  24  */
  25 define('JIRAFEAU_ROOT', dirname(__FILE__) . '/');
  26
  27 require(JIRAFEAU_ROOT . 'lib/settings.php');
  28 require(JIRAFEAU_ROOT . 'lib/functions.php');
  29 require(JIRAFEAU_ROOT . 'lib/lang.php');
  30
  31  global $script_langages;
  32  $script_langages = array('bash' => 'Bash');
  33
  34 /* Operations may take a long time.
  35  * Be sure PHP's safe mode is off.
  36  */
  37 @set_time_limit(0);
  38 /* Remove errors. */
  39 @error_reporting(0);
  40
  41 if ($_SERVER['REQUEST_METHOD'] == "GET" && count($_GET) == 0) {
  42     require(JIRAFEAU_ROOT . 'lib/template/header.php');
  43     check_errors($cfg);
  44     if (has_error()) {
  45         show_errors();
  46         require(JIRAFEAU_ROOT . 'lib/template/footer.php');
  47         exit;
  48     } ?>
  49     <div class="info">
  50     <h2>Scripting interface</h2>
  51     <p>This interface permits to script your uploads and downloads.</p>
  52     <p>See <a href="https://gitlab.com/mojo42/Jirafeau/blob/master/script.php">source code</a> of this interface to get available calls :)</p>
  53     <p>You may download a preconfigured <a href="script.php?lang=bash">Bash Script</a> to easily send to and get files from the API via command line.</p>
  54     </div>
  55     <br />
  56     <?php
  57     require(JIRAFEAU_ROOT . 'lib/template/footer.php');
  58     exit;
  59 }
  60
  61 /* Lets use interface now. */
  62 header('Content-Type: text/plain; charset=utf-8');
  63
  64 check_errors($cfg);
  65 if (has_error()) {
  66     echo 'Error 1';
  67     exit;
  68 }
  69
  70 /* Upload file */
  71 if (isset($_FILES['file']) && is_writable(VAR_FILES)
  72     && is_writable(VAR_LINKS)) {
  73     if (isset ($_POST['upload_password'])) {
  74         if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
  75             echo 'Error 3: Invalid password';
  76             exit;
  77         }
  78     } else {
  79         if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), null)) {
  80             echo 'Error 2: No password nor allowed IP';
  81             exit;
  82         }
  83     }
  84     $key = '';
  85     if (isset($_POST['key'])) {
  86         $key = $_POST['key'];
  87     }
  88
  89     $time = time();
  90     if (!isset($_POST['time']) || !$cfg['availabilities'][$_POST['time']]) {
  91         echo 'Error 4: The parameter time is invalid.';
  92         exit;
  93     } else {
  94         switch ($_POST['time']) {
  95             case 'minute':
  96                 $time += JIRAFEAU_MINUTE;
  97                 break;
  98             case 'hour':
  99                 $time += JIRAFEAU_HOUR;
 100                 break;
 101             case 'day':
 102                 $time += JIRAFEAU_DAY;
 103                 break;
 104             case 'week':
 105                 $time += JIRAFEAU_WEEK;
 106                 break;
 107             case 'month':
 108                 $time += JIRAFEAU_MONTH;
 109                 break;
 110             case 'quarter':
 111                 $time += JIRAFEAU_QUARTER;
 112                 break;
 113             case 'year':
 114                 $time += JIRAFEAU_YEAR;
 115                 break;
 116            default:
 117                 $time = JIRAFEAU_INFINITY;
 118                 break;
 119         }
 120     }
 121
 122     // Check file size
 123     if ($cfg['maximal_upload_size'] > 0 &&
 124         $_FILES['file']['size'] > $cfg['maximal_upload_size'] * 1024 * 1024) {
 125         echo 'Error 5: Your file exceeds the maximum authorized file size.';
 126         exit;
 127     }
 128
 129     $res = jirafeau_upload($_FILES['file'],
 130                             isset($_POST['one_time_download']),
 131                             $key, $time, get_ip_address($cfg),
 132                             $cfg['enable_crypt'], $cfg['link_name_length']);
 133
 134     if (empty($res) || $res['error']['has_error']) {
 135         echo 'Error 6 ' . $res['error']['why'];
 136         exit;
 137     }
 138     /* Print direct link. */
 139     echo $res['link'];
 140     /* Print delete link. */
 141     echo NL;
 142     echo $res['delete_link'];
 143     /* Print decrypt key. */
 144     echo NL;
 145     echo urlencode($res['crypt_key']);
 146 } elseif (isset($_GET['h'])) {
 147     $link_name = $_GET['h'];
 148     $key = '';
 149     if (isset($_POST['key'])) {
 150         $key = $_POST['key'];
 151     }
 152     $d = '';
 153     if (isset($_GET['d'])) {
 154         $d = $_GET['d'];
 155     }
 156
 157     if (!preg_match('/[0-9a-zA-Z_-]+$/', $link_name)) {
 158         echo 'Error 7';
 159         exit;
 160     }
 161
 162     $link = jirafeau_get_link($link_name);
 163     if (count($link) == 0) {
 164         echo 'Error 8';
 165         exit;
 166     }
 167     if (strlen($d) > 0 && $d == $link['link_code']) {
 168         jirafeau_delete_link($link_name);
 169         echo "Ok";
 170         exit;
 171     }
 172     if ($link['time'] != JIRAFEAU_INFINITY && time() > $link['time']) {
 173         jirafeau_delete_link($link_name);
 174         echo 'Error 9';
 175         exit;
 176     }
 177     if (strlen($link['key']) > 0 && md5($key) != $link['key']) {
 178         sleep(2);
 179         echo 'Error 10';
 180         exit;
 181     }
 182     $p = s2p($link['md5']);
 183     if (!file_exists(VAR_FILES . $p . $link['md5'])) {
 184         echo 'Error 11';
 185         exit;
 186     }
 187
 188     /* Read file. */
 189     header('Content-Length: ' . $link['file_size']);
 190     header('Content-Type: ' . $link['mime_type']);
 191     header('Content-Disposition: attachment; filename="' .
 192             $link['file_name'] . '"');
 193
 194     $r = fopen(VAR_FILES . $p . $link['md5'], 'r');
 195     while (!feof($r)) {
 196         print fread($r, 1024);
 197         ob_flush();
 198     }
 199     fclose($r);
 200
 201     if ($link['onetime'] == 'O') {
 202         jirafeau_delete_link($link_name);
 203     }
 204     exit;
 205 } elseif (isset($_GET['get_capacity'])) {
 206     echo jirafeau_get_max_upload_size_bytes();
 207 } elseif (isset($_GET['get_maximal_upload_size'])) {
 208     echo $cfg['maximal_upload_size'];
 209 } elseif (isset($_GET['get_version'])) {
 210     echo JIRAFEAU_VERSION;
 211 } elseif (isset($_GET['lang'])) {
 212     $l=$_GET['lang'];
 213     if ($l == "bash") {
 214         ?>
 215 #!/bin/bash
 216
 217 # This script has been auto-generated by Jirafeau but you can still edit options below.
 218
 219 # Config begin
 220 proxy='' # Or set JIRAFEAU_PROXY.
 221 url='<?php echo $cfg['web_root']; ?>' # Or set JIRAFEAU_URL.
 222 time='<?php echo $cfg['availability_default']; ?>' # Or set JIRAFEAU_TIME.
 223 one_time='' # Or set JIRAFEAU_ONE_TIME.
 224 curl='' # Or set JIRAFEAU_CURL_PATH.
 225 # Config end
 226
 227 if [ -n "$JIRAFEAU_PROXY" ]; then
 228     proxy="$JIRAFEAU_PROXY"
 229 fi
 230
 231 if [ -n "$JIRAFEAU_URL" ]; then
 232     url="$JIRAFEAU_URL"
 233 fi
 234
 235 if [ -z "$url" ]; then
 236     echo "Please set url in script parameters or export JIRAFEAU_URL"
 237 fi
 238
 239 if [ -n "$JIRAFEAU_TIME" ]; then
 240     time="$JIRAFEAU_TIME"
 241 fi
 242
 243 if [ -n "$JIRAFEAU_ONE_TIME" ]; then
 244     one_time='1'
 245 fi
 246
 247 if [ -z "$curl" ]; then
 248     curl="$JIRAFEAU_CURL_PATH"
 249 fi
 250
 251 if [ -z "$curl" ] && [ -e "/usr/bin/curl" ]; then
 252     curl="/usr/bin/curl"
 253 fi
 254
 255 if [ -z "$curl" ] && [ -e "/bin/curl.exe" ]; then
 256     curl="/bin/curl.exe"
 257 fi
 258
 259 if [ -z "$curl" ]; then
 260     echo "Please set your curl binary path (by editing this script or export JIRAFEAU_CURL_PATH global variable)."
 261     exit
 262 fi
 263
 264 if [ -z "$2" ]; then
 265     echo "Jirafeau Bash Script <?php echo JIRAFEAU_VERSION; ?>"
 266     echo "--------------------------"
 267     echo "Usage:"
 268     echo "    $0 OPTIONS"
 269     echo
 270     echo "Options:"
 271     echo "    $0 send FILE [PASSWORD]"
 272     echo "    $0 get URL [PASSWORD]"
 273     echo "    $0 delete URL"
 274     echo
 275     echo "Global variables to export:"
 276     echo "    JIRAFEAU_PROXY: Domain and port of proxy server, eg. »proxysever.example.com:3128«"
 277     echo "    JIRAFEAU_URL : URI to Jirafeau installation with trailing slash, eg. »https://example.com/jirafeau/«"
 278     echo "    JIRAFEAU_TIME : expiration time, eg. »minute«, »hour«, »day«, »week«, »month«, »quarter«, »year« or »none«"
 279     echo "    JIRAFEAU_ONE_TIME : self-destroy after first download, eg. »1« to enable or »« (empty) to disable"
 280     echo "    JIRAFEAU_CURL : alternative path to curl binary"
 281
 282     exit 0
 283 fi
 284
 285 if [ -n "$proxy" ]; then
 286     proxy="-x $proxy"
 287 fi
 288
 289 options=''
 290 if [ -n "$one_time" ]; then
 291     options="$options -F one_time_download=1"
 292 fi
 293
 294 password=''
 295 if [ -n "$3" ]; then
 296     password="$3"
 297     options="$options -F key=$password"
 298 fi
 299
 300 apipage='script.php'
 301 downloadpage='f.php'
 302
 303 if [ "$1" == "send" ]; then
 304     if [ ! -f "$2" ]; then
 305         echo "File \"$2\" does not exists."
 306         exit
 307     fi
 308
 309     # Ret result
 310     res=$($curl -X POST --http1.0 $proxy $options \
 311                   -F "time=$time" \
 312                   -F "file=@$2" \
 313                   $url$apipage)
 314
 315     if [[ "$res" == Error* ]]; then
 316         echo "Error while uploading."
 317         echo $res
 318         exit
 319     fi
 320
 321     # Not using head or tail to minimise command dependencies
 322     code=$(cnt=0; echo "$res" | while read l; do
 323         if [[ "$cnt" == "0" ]]; then
 324             echo "$l"
 325         fi
 326         cnt=$(( cnt + 1 ))
 327         done)
 328     del_code=$(cnt=0; echo "$res" | while read l; do
 329         if [[ "$cnt" == "1" ]]; then
 330             echo "$l"
 331         fi
 332         cnt=$(( cnt + 1 ))
 333         done)
 334     key_code=$(cnt=0; echo "$res" | while read l; do
 335         if [[ "$cnt" == "2" ]]; then
 336             echo "$l"
 337         fi
 338         cnt=$(( cnt + 1 ))
 339         done)
 340
 341     echo
 342     echo "Download page:"
 343     if [[ $key_code ]]; then
 344         echo "    ${url}${downloadpage}?h=$code&k=$key_code"
 345     else
 346         echo "    ${url}${downloadpage}?h=$code"
 347     fi
 348     echo "Direct download:"
 349     if [[ $key_code ]]; then
 350         echo "    ${url}${downloadpage}?h=$code&k=$key_code&d=1"
 351     else
 352         echo "    ${url}${downloadpage}?h=$code&d=1"
 353     fi
 354     echo "Delete link:"
 355     echo "    ${url}${downloadpage}?h=$code&d=$del_code"
 356     echo
 357     echo "Download via API:"
 358     if [[ $key_code ]]; then
 359         echo "    ${0} get ${url}${apipage}?h=$code&k=$key_code [PASSWORD}"
 360     else
 361         echo "    ${0} get ${url}${apipage}?h=$code [PASSWORD}"
 362     fi
 363     echo "Delete via API:"
 364     echo "    ${0} delete ${url}${downloadpage}?h=$code&d=$del_code"
 365
 366 elif [ "$1" == "get" ]; then
 367     if [ -z "$password" ]; then
 368         $curl $proxy -OJ "$2"
 369     else
 370         $curl $proxy -OJ -X POST -F key=$password "$2"
 371     fi
 372 elif [ "$1" == "delete" ]; then
 373     $curl $proxy "$2"
 374 fi
 375 <?php
 376
 377     } else {
 378         echo 'Error 12';
 379         exit;
 380     }
 381 }
 382 /* Initialize an asynchronous upload. */
 383 elseif (isset($_GET['init_async'])) {
 384     if (isset($_POST['upload_password'])){
 385         if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
 386             echo 'Error 20: Invalid password';
 387             exit;
 388         }
 389     } else {
 390         if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), null)) {
 391             echo 'Error 19: No password nor allowed IP';
 392             exit;
 393         }
 394     }
 395
 396     if (!isset($_POST['filename'])) {
 397         echo 'Error 21';
 398         exit;
 399     }
 400
 401     $type = '';
 402     if (isset($_POST['type'])) {
 403         $type = $_POST['type'];
 404     }
 405
 406     $key = '';
 407     if (isset($_POST['key'])) {
 408         $key = $_POST['key'];
 409     }
 410
 411     $time = time();
 412     if (!isset($_POST['time']) || !$cfg['availabilities'][$_POST['time']]) {
 413         echo 'Error 22';
 414         exit;
 415     } else {
 416         switch ($_POST['time']) {
 417             case 'minute':
 418                 $time += JIRAFEAU_MINUTE;
 419                 break;
 420             case 'hour':
 421                 $time += JIRAFEAU_HOUR;
 422                 break;
 423             case 'day':
 424                 $time += JIRAFEAU_DAY;
 425                 break;
 426             case 'week':
 427                 $time += JIRAFEAU_WEEK;
 428                 break;
 429             case 'month':
 430                 $time += JIRAFEAU_MONTH;
 431                 break;
 432             case 'quarter':
 433                 $time += JIRAFEAU_QUARTER;
 434                 break;
 435             case 'year':
 436                 $time += JIRAFEAU_YEAR;
 437                 break;
 438             default:
 439                 $time = JIRAFEAU_INFINITY;
 440                 break;
 441         }
 442     }
 443     echo jirafeau_async_init($_POST['filename'],
 444                               $type,
 445                               isset($_POST['one_time_download']),
 446                               $key,
 447                               $time,
 448                               get_ip_address($cfg));
 449 }
 450 /* Continue an asynchronous upload. */
 451 elseif (isset($_GET['push_async'])) {
 452     if ((!isset($_POST['ref']))
 453         || (!isset($_FILES['data']))
 454         || (!isset($_POST['code']))) {
 455         echo 'Error 23';
 456     } else {
 457         echo jirafeau_async_push($_POST['ref'],
 458                                   $_FILES['data'],
 459                                   $_POST['code'],
 460                                   $cfg['maximal_upload_size']);
 461     }
 462 }
 463 /* Finalize an asynchronous upload. */
 464 elseif (isset($_GET['end_async'])) {
 465     if (!isset($_POST['ref'])
 466         || !isset($_POST['code'])) {
 467         echo 'Error 24';
 468     } else {
 469         echo jirafeau_async_end($_POST['ref'], $_POST['code'], $cfg['enable_crypt'], $cfg['link_name_length']);
 470     }
 471 } else {
 472     echo 'Error 25';
 473 }
 474 exit;
 475 ?>