]> git.p6c8.net - jirafeau_project.git/blob - index.php
[TASK] rework user auth
[jirafeau_project.git] / index.php
1 <?php
2 /*
3 * Jirafeau, your web file repository
4 * Copyright (C) 2013
5 * Jerome Jutteau <jerome@jutteau.fr>
6 * Jimmy Beauvois <jimmy.beauvois@gmail.com>
7 *
8 * This program is free software: you can redistribute it and/or modify
9 * it under the terms of the GNU Affero General Public License as
10 * published by the Free Software Foundation, either version 3 of the
11 * License, or (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU Affero General Public License for more details.
17 *
18 * You should have received a copy of the GNU Affero General Public License
19 * along with this program. If not, see <https://www.gnu.org/licenses/>.
20 */
21 session_start();
22 define('JIRAFEAU_ROOT', dirname(__FILE__) . '/');
23
24 require(JIRAFEAU_ROOT . 'lib/settings.php');
25 require(JIRAFEAU_ROOT . 'lib/functions.php');
26 require(JIRAFEAU_ROOT . 'lib/lang.php');
27
28 check_errors($cfg);
29 if (has_error()) {
30 require(JIRAFEAU_ROOT . 'lib/template/header.php');
31 show_errors();
32 require(JIRAFEAU_ROOT . 'lib/template/footer.php');
33 exit;
34 }
35 require(JIRAFEAU_ROOT . 'lib/template/header.php');
36
37 // Logout action
38 if (isset($_POST['action']) && (strcmp($_POST['action'], 'logout') == 0)) {
39 jirafeau_session_end();
40 }
41
42 /* Check if user is allowed to upload. */
43 // First check: Is user already logged
44 if (jirafeau_user_session_logged()) {}
45 // Second check: Challenge by IP NO PASSWORD
46 elseif (true === jirafeau_challenge_upload_ip_without_password($cfg, get_ip_address($cfg))) {
47 jirafeau_user_session_start();
48 }
49 // Third check: Challenge by IP
50 elseif (true === jirafeau_challenge_upload_ip($cfg, get_ip_address($cfg))) {
51 // Is an upload password required?
52 if (jirafeau_has_upload_password($cfg)) {
53 // Challenge by password
54 if (isset($_POST['upload_password'])) {
55 if (jirafeau_challenge_upload_password($cfg, $_POST['upload_password'])) {
56 jirafeau_user_session_start();
57 } else {
58 jirafeau_session_end();
59 jirafeau_fatal_error(t('BAD_PSW'), $cfg);
60 }
61 }
62
63 // Show login form if user session is not authorized yet
64 if (!jirafeau_user_session_logged()) {
65 ?>
66 <form method="post" class="form login">
67 <fieldset>
68 <table>
69 <tr>
70 <td class = "label"><label for = "enter_password">
71 <?php echo t('UP_PSW') . ':'; ?></label>
72 </td>
73 </tr><tr>
74 <td class = "field"><input type = "password"
75 name = "upload_password" id = "upload_password"
76 size = "40" autocomplete = "current-password" />
77 </td>
78 </tr>
79 <tr class = "nav">
80 <td class = "nav next">
81 <input type = "submit" name = "key" value = "<?php echo t('LOGIN'); ?>" />
82 </td>
83 </tr>
84 </table>
85 </fieldset>
86 </form>
87 <?php
88 require(JIRAFEAU_ROOT.'lib/template/footer.php');
89 exit;
90 }
91 }
92 } else {
93 jirafeau_fatal_error(t('ACCESS_KO'), $cfg);
94 }
95
96 ?>
97 <div id="upload_finished">
98 <p><?php echo t('FILE_UP') ?></p>
99
100 <div id="upload_finished_download_page">
101 <p>
102 <a id="upload_link" href=""><?php echo t('DL_PAGE') ?></a>
103 <a id="upload_link_email" href=""><img id="upload_image_email"/></a>
104 </p><p>
105 <code id=upload_link_text></code>
106 <button id="upload_link_button">&#128203;</button>
107 </p>
108 </div>
109
110 <?php if ($cfg['preview'] == true) {
111 ?>
112 <div id="upload_finished_preview">
113 <p>
114 <a id="preview_link" href=""><?php echo t('VIEW_LINK') ?></a>
115 </p><p>
116 <code id=preview_link_text></code>
117 <button id="preview_link_button">&#128203;</button>
118 </p>
119 </div>
120 <?php
121 } ?>
122
123 <div id="upload_direct_download">
124 <p>
125 <a id="direct_link" href=""><?php echo t('DIRECT_DL') ?></a>
126 </p><p>
127 <code id=direct_link_text></code>
128 <button id="direct_link_button">&#128203;</button>
129 </p>
130 </div>
131
132 <div id="upload_delete">
133 <p>
134 <a id="delete_link" href=""><?php echo t('DELETE_LINK') ?></a>
135 </p><p>
136 <code id=delete_link_text></code>
137 <button id="delete_link_button">&#128203;</button>
138 </p>
139 </div>
140
141 <div id="upload_validity">
142 <p><?php echo t('VALID_UNTIL'); ?>:</p>
143 <p id="date"></p>
144 </div>
145 </div>
146
147 <div id="uploading">
148 <p>
149 <?php echo t('UP'); ?>
150 <div id="uploaded_percentage"></div>
151 <div id="uploaded_speed"></div>
152 <div id="uploaded_time"></div>
153 </p>
154 </div>
155
156 <div id="error_pop" class="error">
157 </div>
158
159 <div id="upload">
160 <fieldset>
161 <legend>
162 <?php echo t('SEL_FILE'); ?>
163 </legend>
164 <p>
165 <input type="file" id="file_select" size="30"
166 onchange="control_selected_file_size(<?php echo $cfg['maximal_upload_size'] ?>, '<?php
167 if ($cfg['maximal_upload_size'] >= 1024) {
168 echo t('2_BIG') . ', ' . t('FILE_LIM') . " " . number_format($cfg['maximal_upload_size']/1024, 2) . " GB.";
169 } elseif ($cfg['maximal_upload_size'] > 0) {
170 echo t('2_BIG') . ', ' . t('FILE_LIM') . " " . $cfg['maximal_upload_size'] . " MB.";
171 }
172 ?>')"/>
173 </p>
174
175 <div id="options">
176 <table id="option_table">
177 <?php
178 if ($cfg['one_time_download']) {
179 echo '<tr><td>' . t('ONE_TIME_DL') . ':</td>';
180 echo '<td><input type="checkbox" id="one_time_download" /></td></tr>';
181 }
182 ?>
183 <tr>
184 <td><label for="input_key"><?php echo t('PSW') . ':'; ?></label></td>
185 <td><input type="password" name="key" id="input_key" autocomplete = "new-password"/></td>
186 </tr>
187 <tr>
188 <td><label for="select_time"><?php echo t('TIME_LIM') . ':'; ?></label></td>
189 <td><select name="time" id="select_time">
190 <?php
191 $expirationTimeOptions = array(
192 array(
193 'value' => 'minute',
194 'label' => '1_MIN'
195 ),
196 array(
197 'value' => 'hour',
198 'label' => '1_H'
199 ),
200 array(
201 'value' => 'day',
202 'label' => '1_D'
203 ),
204 array(
205 'value' => 'week',
206 'label' => '1_W'
207 ),
208 array(
209 'value' => 'fortnight',
210 'label' => '2_W'
211 ),
212 array(
213 'value' => 'month',
214 'label' => '1_M'
215 ),
216 array(
217 'value' => 'quarter',
218 'label' => '1_Q'
219 ),
220 array(
221 'value' => 'year',
222 'label' => '1_Y'
223 ),
224 array(
225 'value' => 'none',
226 'label' => 'NONE'
227 )
228 );
229 foreach ($expirationTimeOptions as $expirationTimeOption) {
230 $selected = ($expirationTimeOption['value'] === $cfg['availability_default'])? 'selected="selected"' : '';
231 if (true === $cfg['availabilities'][$expirationTimeOption['value']]) {
232 echo '<option value="' . $expirationTimeOption['value'] . '" ' .
233 $selected . '>' . t($expirationTimeOption['label']) . '</option>';
234 }
235 }
236 ?>
237 </select></td>
238 </tr>
239
240 <?php
241 if ($cfg['maximal_upload_size'] >= 1024) {
242 echo '<p class="config">' . t('FILE_LIM');
243 echo " " . number_format($cfg['maximal_upload_size'] / 1024, 2) . " GB.</p>";
244 } elseif ($cfg['maximal_upload_size'] > 0) {
245 echo '<p class="config">' . t('FILE_LIM');
246 echo " " . $cfg['maximal_upload_size'] . " MB.</p>";
247 } else {
248 echo '<p class="config"></p>';
249 }
250 ?>
251
252 <p id="max_file_size" class="config"></p>
253 <p>
254 <input type="submit" id="send" value="<?php echo t('SEND'); ?>"
255 onclick="
256 document.getElementById('upload').style.display = 'none';
257 document.getElementById('uploading').style.display = '';
258 upload (<?php echo jirafeau_get_max_upload_chunk_size_bytes($cfg['max_upload_chunk_size_bytes']); ?>);
259 "/>
260 </p>
261 </table>
262 </div> </fieldset>
263
264 <?php
265 if (jirafeau_user_session_logged()) {
266 ?>
267 <form method="post" class="form logout">
268 <input type = "hidden" name = "action" value = "logout"/>
269 <input type = "submit" value = "<?php echo t('LOGOUT'); ?>" />
270 </form>
271 <?php
272 }
273 ?>
274
275 </div>
276
277 <script type="text/javascript" lang="Javascript">
278 // @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-v3-or-Later
279 document.getElementById('error_pop').style.display = 'none';
280 document.getElementById('uploading').style.display = 'none';
281 document.getElementById('upload_finished').style.display = 'none';
282 document.getElementById('options').style.display = 'none';
283 document.getElementById('send').style.display = 'none';
284 if (!check_html5_file_api ())
285 document.getElementById('max_file_size').innerHTML = '<?php
286 $max_size = jirafeau_get_max_upload_size();
287 if ($max_size > 0) {
288 echo t('NO_BROWSER_SUPPORT') . $max_size;
289 }
290 ?>';
291
292 addCopyListener('upload_link_button', 'upload_link');
293 addCopyListener('preview_link_button', 'preview_link');
294 addCopyListener('direct_link_button', 'direct_link');
295 addCopyListener('delete_link_button', 'delete_link');
296 // @license-end
297 </script>
298 <?php require(JIRAFEAU_ROOT . 'lib/template/footer.php'); ?>

patrick-canterino.de