3 * Jirafeau, your web file repository
4 * Copyright (C) 2015 Jerome Jutteau <jerome@jutteau.fr>
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU Affero General Public License as
8 * published by the Free Software Foundation, either version 3 of the
9 * License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Affero General Public License for more details.
16 * You should have received a copy of the GNU Affero General Public License
17 * along with this program. If not, see <https://www.gnu.org/licenses/>.
20 /* This file offer a kind of API for jirafeau. */
22 define('JIRAFEAU_ROOT', dirname(__FILE__
) . '/');
24 require(JIRAFEAU_ROOT
. 'lib/settings.php');
25 require(JIRAFEAU_ROOT
. 'lib/functions.php');
26 require(JIRAFEAU_ROOT
. 'lib/lang.php');
28 global $script_langages;
29 $script_langages = array('bash' => 'Bash');
31 /* Operations may take a long time.
32 * Be sure PHP's safe mode is off.
36 if ($_SERVER['REQUEST_METHOD'] == "GET" && count($_GET) == 0) {
37 require(JIRAFEAU_ROOT
. 'lib/template/header.php');
41 require(JIRAFEAU_ROOT
. 'lib/template/footer.php');
45 <h2
>Scripting
interface</h2
>
46 <p
>This
interface permits to script your uploads
and downloads
.</p
>
47 <p
>See
<a href
="<?php echo JIRAFEAU_WEBSITE ?>/blob/master/script.php">source code
</a
> of this
interface to get available calls
:)</p
>
48 <p
>You may download a preconfigured
<a href
="script.php?lang=bash">Bash Script
</a
> to easily send to
and get files from the API via command line
.</p
>
52 require(JIRAFEAU_ROOT
. 'lib/template/footer.php');
56 /* Lets use interface now. */
57 header('Content-Type: text/plain; charset=utf-8');
68 if (isset($_FILES['file']) && is_writable(VAR_FILES
)
69 && is_writable(VAR_LINKS
)) {
70 if (!jirafeau_user_session_logged()) {
71 if (isset($_POST['upload_password']) &&
72 !jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
73 echo 'Error 3: Invalid password';
75 } elseif (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), null)) {
76 echo 'Error 2: No password nor allowed IP';
82 if (isset($_POST['key'])) {
84 if ($cfg['download_password_requirement'] !== 'generated' && $cfg['download_password_policy'] === 'regex'){
85 if (!preg_match($cfg['download_password_policy_regex'], $key)){
86 echo 'Error 14: The download password is not complying to the security standards.';
90 }elseif ($cfg['download_password_requirement'] !== 'optional'){
91 echo 'Error 13: The parameter password is required.';
95 if (!isset($_POST['time']) ||
!$cfg['availabilities'][$_POST['time']]) {
96 echo 'Error 4: The parameter time is invalid.';
99 $time = jirafeau_datestr_to_int($_POST['time']);
103 if ($cfg['maximal_upload_size'] > 0 &&
104 $_FILES['file']['size'] > $cfg['maximal_upload_size'] * 1024 * 1024) {
105 echo 'Error 5: Your file exceeds the maximum authorized file size.';
109 // Check if one time download is enabled
110 if (!$cfg['one_time_download'] && isset($_POST['one_time_download'])) {
111 echo 'Error 26: One time download is disabled.';
115 if ($cfg['store_uploader_ip']) {
116 $ip = get_ip_address($cfg);
121 $res = jirafeau_upload(
123 isset($_POST['one_time_download']),
127 $cfg['enable_crypt'],
128 $cfg['link_name_length'],
132 if (empty($res) ||
$res['error']['has_error']) {
133 echo 'Error 6 ' . $res['error']['why'];
136 /* Print direct link. */
138 /* Print delete link. */
140 echo $res['delete_link'];
141 /* Print decrypt key. */
143 echo urlencode($res['crypt_key']);
144 } elseif (isset($_GET['h'])) {
145 $link_name = $_GET['h'];
147 if (isset($_POST['key'])) {
148 $key = $_POST['key'];
149 if ($cfg['download_password_requirement'] !== 'generated' && $cfg['download_password_policy'] === 'regex'){
150 if (!preg_match($cfg['download_password_policy_regex'], $key)){
151 echo 'Error 14: The download password is not complying to the security standards.';
155 }elseif ($cfg['download_password_requirement'] !== 'optional'){
156 echo 'Error 13: The parameter password is required.';
160 if (isset($_GET['d'])) {
164 if (!preg_match('/[0-9a-zA-Z_-]+$/', $link_name)) {
169 $link = jirafeau_get_link($link_name);
170 if (count($link) == 0) {
174 if (strlen($d) > 0 && $d == $link['link_code']) {
175 jirafeau_delete_link($link_name);
179 if ($link['time'] != JIRAFEAU_INFINITY
&& time() > $link['time']) {
180 jirafeau_delete_link($link_name);
184 if (strlen($link['key']) > 0 && md5($key) != $link['key']) {
189 $p = s2p($link['hash']);
190 if (!file_exists(VAR_FILES
. $p . $link['hash'])) {
196 header('Content-Length: ' . $link['file_size']);
197 header('Content-Type: ' . $link['mime_type']);
198 header('Content-Disposition: attachment; filename="' .
199 $link['file_name'] . '"');
201 $r = fopen(VAR_FILES
. $p . $link['hash'], 'r');
203 print fread($r, 1024);
207 if ($link['onetime'] == 'O') {
208 jirafeau_delete_link($link_name);
211 } elseif (isset($_GET['get_capacity'])) {
212 echo jirafeau_get_max_upload_size_bytes();
213 } elseif (isset($_GET['get_maximal_upload_size'])) {
214 echo $cfg['maximal_upload_size'];
215 } elseif (isset($_GET['get_version'])) {
216 echo JIRAFEAU_VERSION
;
217 } elseif (isset($_GET['lang'])) {
223 # This script has been auto-generated by Jirafeau but you can still edit options below.
226 proxy
='' # Or set JIRAFEAU_PROXY.
227 url
='<?php echo $cfg['web_root
']; ?>' # Or set JIRAFEAU_URL.
228 time
='<?php echo $cfg['availability_default
']; ?>' # Or set JIRAFEAU_TIME.
229 one_time
='' # Or set JIRAFEAU_ONE_TIME.
230 curl
='' # Or set JIRAFEAU_CURL_PATH.
231 upload_password
='' # Or set JIRAFEAU_UPLOAD_PASSWD
234 if [ -n
"$JIRAFEAU_PROXY" ]; then
235 proxy
="$JIRAFEAU_PROXY"
238 if [ -n
"$JIRAFEAU_URL" ]; then
242 if [ -z
"$url" ]; then
243 echo "Please set url in script parameters or export JIRAFEAU_URL"
246 if [ -n
"$JIRAFEAU_TIME" ]; then
247 time
="$JIRAFEAU_TIME"
250 if [ -n
"$JIRAFEAU_ONE_TIME" ]; then
254 if [ -n
"$JIRAFEAU_UPLOAD_PASSWD" ]; then
255 upload_password
="$JIRAFEAU_UPLOAD_PASSWD"
258 if [ -z
"$curl" ]; then
259 curl
="$JIRAFEAU_CURL_PATH"
262 if [ -z
"$curl" ] && [ -e
"/usr/bin/curl" ]; then
266 if [ -z
"$curl" ] && [ -e
"/bin/curl.exe" ]; then
270 if [ -z
"$curl" ]; then
271 echo "Please set your curl binary path (by editing this script or export JIRAFEAU_CURL_PATH global variable)."
276 echo "Jirafeau Bash Script <?php echo JIRAFEAU_VERSION; ?>"
277 echo "--------------------------"
282 echo " $0 send FILE [PASSWORD]"
283 echo " $0 get URL [PASSWORD]"
284 echo " $0 delete URL"
286 echo "Global variables to export:"
287 echo " JIRAFEAU_PROXY: Domain and port of proxy server, eg. »proxyserver.example.com:3128«"
288 echo " JIRAFEAU_URL : URI to Jirafeau installation with trailing slash, eg. »https://example.com/jirafeau/«"
289 echo " JIRAFEAU_TIME : expiration time, eg. »minute«, »hour«, »day«, »week«, fortnight, »month«, »quarter«, »year« or »none«"
290 echo " JIRAFEAU_ONE_TIME : self-destroy after first download, eg. »1« to enable or »« (empty) to disable"
291 echo " JIRAFEAU_CURL : alternative path to curl binary"
292 echo " JIRAFEAU_UPLOAD_PASSWD : upload password"
297 if [ -n
"$proxy" ]; then
302 if [ -n
"$one_time" ]; then
303 options
="$options -F one_time_download=1"
306 if [ -n
"$upload_password" ]; then
307 options
="$options -F upload_password=$upload_password"
313 options
="$options -F key=$password"
319 if [ "$1" == "send" ]; then
320 if [ ! -f
"$2" ]; then
321 echo "File \"$2\" does not exists."
326 res
=$
($curl -X POST
--http1
.0
$proxy $options \
331 if [[ "$res" == Error
* ]]; then
332 echo "Error while uploading."
337 # Not using head or tail to minimise command dependencies
338 code
=$
(cnt
=0; echo "$res" |
while read l
; do
339 if [[ "$cnt" == "0" ]]; then
344 del_code
=$
(cnt
=0; echo "$res" |
while read l
; do
345 if [[ "$cnt" == "1" ]]; then
350 key_code
=$
(cnt
=0; echo "$res" |
while read l
; do
351 if [[ "$cnt" == "2" ]]; then
358 echo "Download page:"
359 if [[ $key_code ]]; then
360 echo " ${url}${downloadpage}?h=$code&k=$key_code"
362 echo " ${url}${downloadpage}?h=$code"
364 echo "Direct download:"
365 if [[ $key_code ]]; then
366 echo " ${url}${downloadpage}?h=$code&k=$key_code&d=1"
368 echo " ${url}${downloadpage}?h=$code&d=1"
371 echo " ${url}${downloadpage}?h=$code&d=$del_code"
373 echo "Download via API:"
374 if [[ $key_code ]]; then
375 echo " ${0} get ${url}${apipage}?h=$code&k=$key_code [PASSWORD]"
377 echo " ${0} get ${url}${apipage}?h=$code [PASSWORD]"
379 echo "Delete via API:"
380 echo " ${0} delete \"${url}${downloadpage}?h=$code&d=$del_code\""
382 elif
[ "$1" == "get" ]; then
383 if [ -z
"$password" ]; then
384 $curl $proxy -OJ
"$2"
386 $curl $proxy -OJ
-X POST
-F key
=$password "$2"
388 elif
[ "$1" == "delete" ]; then
389 $curl $proxy "$2" --data
-raw
"do_delete=1%2F" | grep
"div class" |sed
-e
"s/<[^>]\+>//g"
397 /* Initialize an asynchronous upload. */
398 elseif (isset($_GET['init_async'])) {
399 if (jirafeau_user_session_logged()) {
400 } elseif (isset($_POST['upload_password'])) {
401 if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
402 echo 'Error 20: Invalid password';
406 if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), null)) {
407 echo 'Error 19: No password nor allowed IP';
412 if (!isset($_POST['filename'])) {
418 if (isset($_POST['type'])) {
419 $type = $_POST['type'];
423 if (isset($_POST['key'])) {
424 $key = $_POST['key'];
425 if ($cfg['download_password_requirement'] !== 'generated' && $cfg['download_password_policy'] === 'regex'){
426 if (!preg_match($cfg['download_password_policy_regex'], $key)){
427 echo 'Error 14: The download password is not complying to the security standards.';
431 }elseif ($cfg['download_password_requirement'] !== 'optional'){
432 echo 'Error 13: The parameter password is required.';
436 // Check if one time download is enabled
437 if (!$cfg['one_time_download'] && isset($_POST['one_time_download'])) {
438 echo 'Error 26: One time download is disabled.';
442 if (!isset($_POST['time']) ||
!$cfg['availabilities'][$_POST['time']]) {
446 $time = jirafeau_datestr_to_int($_POST['time']);
449 if ($cfg['store_uploader_ip']) {
450 $ip = get_ip_address($cfg);
455 echo jirafeau_async_init(
458 isset($_POST['one_time_download']),
464 /* Continue an asynchronous upload. */
465 elseif (isset($_GET['push_async'])) {
466 if ((!isset($_POST['ref']))
467 ||
(!isset($_FILES['data']))
468 ||
(!isset($_POST['code']))) {
471 echo jirafeau_async_push(
475 $cfg['maximal_upload_size']
479 /* Finalize an asynchronous upload. */
480 elseif (isset($_GET['end_async'])) {
481 if (!isset($_POST['ref'])
482 ||
!isset($_POST['code'])) {
485 echo jirafeau_async_end($_POST['ref'], $_POST['code'], $cfg['enable_crypt'], $cfg['link_name_length'], $cfg['file_hash']);