file.php

   1 <?php
   2 /*
   3  *  Jirafeau, your web file repository
   4  *  Copyright (C) 2008  Julien "axolotl" BERNARD <axolotl@magieeternelle.org>
   5  *  Copyright (C) 2012  Jerome Jutteau <j.jutteau@gmail.com>
   6  *
   7  *  This program is free software: you can redistribute it and/or modify
   8  *  it under the terms of the GNU Affero General Public License as
   9  *  published by the Free Software Foundation, either version 3 of the
  10  *  License, or (at your option) any later version.
  11  *
  12  *  This program is distributed in the hope that it will be useful,
  13  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  *  GNU Affero General Public License for more details.
  16  *
  17  *  You should have received a copy of the GNU Affero General Public License
  18  *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19  */
  20
  21 define('JIRAFEAU_ROOT', dirname(__FILE__) . '/');
  22
  23 require(JIRAFEAU_ROOT . 'lib/config.php');
  24 require(JIRAFEAU_ROOT . 'lib/settings.php');
  25 require(JIRAFEAU_ROOT . 'lib/functions.php');
  26
  27 if(isset($_GET['h']) && !empty($_GET['h'])) {
  28   $link_name = $_GET['h'];
  29
  30   $delete_code = '';
  31   if(isset($_GET['d']) && !empty($_GET['d']))
  32     $delete_code = $_GET['d'];
  33
  34   if(!ereg('[0-9a-f]{32}$', $link_name)) {
  35     header("HTTP/1.0 404 Not Found");
  36
  37     require(JIRAFEAU_ROOT . 'lib/template/header.php');
  38     echo '<div class="error"><p>Error 404: Not Found</p></div>';
  39     require(JIRAFEAU_ROOT . 'lib/template/footer.php');
  40     exit;
  41   }
  42
  43   $link_file = VAR_LINKS . $link_name;
  44   if(file_exists($link_file)) {
  45     $content = file($link_file);
  46     $file_name = trim($content[0]);
  47     $mime_type = trim($content[1]);
  48     $file_size = trim($content[2]);
  49     $key = trim($content[3], NL);
  50     $time = trim($content[4]);
  51     $md5 = trim($content[5]);
  52     $onetime = trim($content[6]);
  53     $link_code = trim($content[9]);
  54
  55
  56
  57     if(!file_exists(VAR_FILES . $md5)) {
  58       jirafeau_delete($link_name);
  59       require(JIRAFEAU_ROOT . 'lib/template/header.php');
  60       echo '<div class="error"><p>' . _('File not available.') . '</p></div>';
  61       require(JIRAFEAU_ROOT . 'lib/template/footer.php');
  62       exit;
  63     }
  64
  65     if(!empty($delete_code) && $delete_code == $link_code) {
  66       jirafeau_delete($link_name);
  67       require(JIRAFEAU_ROOT . 'lib/template/header.php');
  68       echo '<div class="message"><p>' . _('File has been deleted.') . '</p></div>';
  69       require(JIRAFEAU_ROOT . 'lib/template/footer.php');
  70       exit;
  71     }
  72
  73     if($time != JIRAFEAU_INFINITY && time() > $time) {
  74       jirafeau_delete($link_name);
  75       require(JIRAFEAU_ROOT . 'lib/template/header.php');
  76       echo '<div class="error"><p>' . _('The time limit of this file has expired. It has been deleted.') . '</p></div>';
  77       require(JIRAFEAU_ROOT . 'lib/template/footer.php');
  78       exit;
  79     }
  80
  81     if(!empty($key)) {
  82     if(!isset($_POST['key'])) {
  83       require(JIRAFEAU_ROOT . 'lib/template/header.php');
  84 ?>
  85 <div id="upload">
  86 <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
  87 <input type="hidden" name="jirafeau" value="<?php echo JIRAFEAU_VERSION; ?>" />
  88 <fieldset>
  89   <legend><?php echo _('Key protection'); ?></legend>
  90   <table>
  91   <tr>
  92     <td><?php echo _('Give the key of this file:'); ?> <input type="password" name="key" /></td>
  93   </tr>
  94   <tr>
  95     <td><input type="submit" value="<?php echo _('I have the right to download this file'); ?>" /></td>
  96   </tr>
  97   </table>
  98 </fieldset>
  99 </form>
 100 </div>
 101 <?php
 102         require(JIRAFEAU_ROOT . 'lib/template/footer.php');
 103         exit;
 104       } else {
 105         if($key != md5($_POST['key'])) {
 106           header("HTTP/1.0 403 Forbidden");
 107
 108           require(JIRAFEAU_ROOT . 'lib/template/header.php');
 109           echo '<div class="error"><p>Error 403: Forbidden</p></div>';
 110           require(JIRAFEAU_ROOT . 'lib/template/footer.php');
 111           exit;
 112         }
 113       }
 114     }
 115
 116     header('Content-Length: ' . $file_size);
 117     header('Content-Type: ' . $mime_type);
 118     if(!jirafeau_is_viewable($mime_type)) {
 119       header('Content-Disposition: attachment; filename="' . $file_name . '"');
 120     }
 121     readfile(VAR_FILES . $md5);
 122
 123     if($onetime == 'O') {
 124       jirafeau_delete($link_name);
 125     }
 126     exit;
 127   } else {
 128     header("HTTP/1.0 404 Not Found");
 129
 130     require(JIRAFEAU_ROOT . 'lib/template/header.php');
 131     echo '<div class="error"><p>Error 404: Not Found</p></div>';
 132     require(JIRAFEAU_ROOT . 'lib/template/footer.php');
 133     exit;
 134   }
 135 } else {
 136   header('Location: ' . $cfg['web_root']);
 137   exit;
 138 }
 139
 140 ?>