X-Git-Url: https://git.p6c8.net/jirafeau_project.git/blobdiff_plain/4823b32b6ce68f7a6a0949c225c808da4979506f..f90fb205aba25e0f599e3140a1e6b3ebcb1972a2:/lib/functions.php diff --git a/lib/functions.php b/lib/functions.php index ebfffd4..8a82b2a 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -101,10 +101,8 @@ function jirafeau_gen_random($l) return $code; } -function jirafeau_gen_download_pass() +function jirafeau_gen_download_pass($length, $allowed_chars) { - $length = $cfg['download_password_gen_len']; - $allowed_chars = $cfg['download_password_gen_chars']; if ($length <= 0) { return false; } @@ -145,8 +143,11 @@ function jirafeau_human_size($octets) // Convert UTC timestamp to a datetime field function jirafeau_get_datetimefield($timestamp) { - $content = '' - . strftime('%Y-%m-%d %H:%M', $timestamp) . ' (GMT)'; + + $ts = date_create("@" . $timestamp); + $content = '' + . date_format($ts, 'Y-m-d H:i') . ' (GMT)'; + return $content; } @@ -163,6 +164,9 @@ function jirafeau_clean_rm_link($link) if (file_exists(VAR_LINKS . $p . $link)) { unlink(VAR_LINKS . $p . $link); } + if (file_exists(VAR_LINKS . $p . $link . '_download')) { + unlink(VAR_LINKS . $p . $link . '_download'); + } $parse = VAR_LINKS . $p; $scan = array(); while (file_exists($parse) @@ -443,23 +447,62 @@ function jirafeau_upload($file, $one_time_download, $key, $time, $ip, $crypt, $l 'link' => '', 'delete_link' => '')); } + jirafeau_add_file($file, $one_time_download, $key, $time, $ip, $crypt, $link_name_length, $file_hash_method); +} - /* array representing no error */ - $noerr = array('has_error' => false, 'why' => ''); - +/** + * + * @param bool $crypt_module_enabled + * @param string $file_path + * @return array [bool, string] + */ +function jirafeau_handle_add_file_encryption($crypt_module_enabled, $file_path) { /* Crypt file if option is enabled. */ $crypted = false; $crypt_key = ''; - if ($crypt == true && !(extension_loaded('mcrypt') == true)) { - error_log("PHP extension mcrypt not loaded, won't encrypt in Jirafeau"); + if ($crypt_module_enabled == true && !(extension_loaded('sodium') == true)) { + error_log("PHP extension sodium not loaded, won't encrypt in Jirafeau"); } - if ($crypt == true && extension_loaded('mcrypt') == true) { - $crypt_key = jirafeau_encrypt_file($file['tmp_name'], $file['tmp_name']); + if ($crypt_module_enabled == true && extension_loaded('sodium') == true) { + $crypt_key = jirafeau_encrypt_file($file_path, $file_path.'crypt'); if (strlen($crypt_key) > 0) { - $crypted = true; + if (rename($file_path.'crypt', $file_path) === true) { + $crypted = true; + } } } + return [$crypted, $crypt_key]; +} + +/** + * adds an uploaded or copy/linked local file + * @param $file the file struct given by $_FILE[] + * @param $one_time_download is the file a one time download ? + * @param $key if not empty, protect the file with this key + * @param $time the time of validity of the file + * @param $ip uploader's ip + * @param $crypt boolean asking to crypt or not + * @param $link_name_length size of the link name + * @param $is_upload, determines if the file is uploaded or local - it controls which file-functions are used + * @return array an array containing some information + * 'error' => information on possible errors + * 'link' => the link name of the uploaded file + * 'delete_link' => the link code to delete file + */ +function jirafeau_add_file($file, $one_time_download, $key, $time, $ip, $crypt, $link_name_length, $file_hash_method, $is_upload = true) +{ + // TODO needs to be adapted + $move_operation = $is_upload ? 'move_uploaded_file' : 'symlink'; + + /* array representing no error */ + $noerr = array('has_error' => false, 'why' => ''); + + $crypted = false; + $crypt_key = ''; + list($crypted, $crypt_key) = jirafeau_handle_add_file_encryption($crypt, $file['tmp_name']); + + /* file information */ $hash = jirafeau_hash_file($file_hash_method, $file['tmp_name']); $name = str_replace(NL, '', trim($file['name'])); @@ -472,7 +515,11 @@ function jirafeau_upload($file, $one_time_download, $key, $time, $ip, $crypt, $l if (file_exists(VAR_FILES . $p . $hash)) { $rc = unlink($file['tmp_name']); } elseif ((file_exists(VAR_FILES . $p) || @mkdir(VAR_FILES . $p, 0755, true)) - && move_uploaded_file($file['tmp_name'], VAR_FILES . $p . $hash)) { + && + //move_uploaded_file($file['tmp_name'], VAR_FILES . $p . $hash)) + $move_operation($file['tmp_name'], VAR_FILES . $p . $hash)) + { + $rc = true; } if (!$rc) { @@ -543,6 +590,37 @@ function jirafeau_upload($file, $one_time_download, $key, $time, $ip, $crypt, $l 'crypt_key' => $crypt_key); } + +function jirafeau_admin_list_table ($name, $file_hash, $link_hash, $visitor_function = null) { + echo '
'; + if (!empty($name)) { + echo t('FILENAME') . ": " . jirafeau_escape($name); + } + if (!empty($file_hash)) { + echo t('FILE') . ": " . jirafeau_escape($file_hash); + } + if (!empty($link_hash)) { + echo t('LINK') . ": " . jirafeau_escape($link_hash); + } + if (empty($name) && empty($file_hash) && empty($link_hash)) { + echo t('LS_FILES'); + } + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + if ($visitor_function != null) { + $visitor_function($name, $file_hash, $link_hash); + } + echo '
' . t('ACTION') . '
'; +} + + + + + /** * Tells if a mime-type is viewable in a browser * @param $mime the mime type @@ -660,103 +738,86 @@ function jirafeau_get_link($hash) $out['upload_date'] = trim($c[7]); $out['ip'] = trim($c[8]); $out['link_code'] = trim($c[9]); - $out['crypted'] = trim($c[10]) == 'C'; + $out['crypted'] = trim($c[10]) == 'C2'; + $out['crypted_legacy'] = trim($c[10]) == 'C'; return $out; } /** - * List files in admin interface. + * List files ii folder in admin interface. */ function jirafeau_admin_list($name, $file_hash, $link_hash) { - echo '
'; - if (!empty($name)) { - echo t('FILENAME') . ": " . jirafeau_escape($name); - } - if (!empty($file_hash)) { - echo t('FILE') . ": " . jirafeau_escape($file_hash); - } - if (!empty($link_hash)) { - echo t('LINK') . ": " . jirafeau_escape($link_hash); - } - if (empty($name) && empty($file_hash) && empty($link_hash)) { - echo t('LS_FILES'); - } - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - - /* Get all links files. */ - $stack = array(VAR_LINKS); - while (($d = array_shift($stack)) && $d != null) { - $dir = scandir($d); - foreach ($dir as $node) { - if (strcmp($node, '.') == 0 || strcmp($node, '..') == 0 || - preg_match('/\.tmp/i', "$node")) { - continue; - } - if (is_dir($d . $node)) { - /* Push new found directory. */ - $stack[] = $d . $node . '/'; - } elseif (is_file($d . $node)) { - /* Read link information. */ - $l = jirafeau_get_link($node); - if (!count($l)) { + $function = function($name, $file_hash, $link_hash) { + /* Get all links files. */ + $stack = array(VAR_LINKS); + while (($d = array_shift($stack)) && $d != null) { + $dir = scandir($d); + foreach ($dir as $node) { + if (strcmp($node, '.') == 0 || strcmp($node, '..') == 0 || + preg_match('/\.tmp/i', "$node")) { continue; } - - /* Filter. */ - if (!empty($name) && !@preg_match("/$name/i", jirafeau_escape($l['file_name']))) { - continue; + if (is_dir($d . $node)) { + /* Push new found directory. */ + $stack[] = $d . $node . '/'; + } elseif (is_file($d . $node)) { + /* Read link information. */ + $l = jirafeau_get_link($node); + if (!count($l)) { + continue; + } + + /* Filter. */ + if (!empty($name) && !@preg_match("/$name/i", jirafeau_escape($l['file_name']))) { + continue; + } + if (!empty($file_hash) && $file_hash != $l['hash']) { + continue; + } + if (!empty($link_hash) && $link_hash != $node) { + continue; + } + /* Print link information. */ + echo ''; + echo ''; + echo ''; } - if (!empty($file_hash) && $file_hash != $l['hash']) { - continue; - } - if (!empty($link_hash) && $link_hash != $node) { - continue; - } - /* Print link information. */ - echo ''; - echo ''; - echo ''; } } - } - echo '
' . t('ACTION') . '
' . + '' . jirafeau_escape($l['file_name']) . '
'; + echo t('TYPE') . ': ' . jirafeau_escape($l['mime_type']) . '
'; + echo t('SIZE') . ': ' . jirafeau_human_size($l['file_size']) . '
'; + echo t('EXPIRE') . ': ' . ($l['time'] == -1 ? '∞' : jirafeau_get_datetimefield($l['time'])) . '
'; + echo t('ONETIME') . ': ' . ($l['onetime'] == 'O' ? 'Yes' : 'No') . '
'; + echo t('UPLOAD_DATE') . ': ' . jirafeau_get_datetimefield($l['upload_date']) . '
'; + if (strlen($l['ip']) > 0) { + echo t('ORIGIN') . ': ' . $l['ip'] . '
'; + } + echo '		'; + echo '
' . + '' . + '' . + jirafeau_admin_csrf_field() . + '' . + '
' . + '
' . + '' . + '' . + jirafeau_admin_csrf_field() . + '' . + '
' . + '
' . + '' . + '' . + jirafeau_admin_csrf_field() . + '' . + '
' . + '
' . - '' . jirafeau_escape($l['file_name']) . '
'; - echo t('TYPE') . ': ' . jirafeau_escape($l['mime_type']) . '
'; - echo t('SIZE') . ': ' . jirafeau_human_size($l['file_size']) . '
'; - echo t('EXPIRE') . ': ' . ($l['time'] == -1 ? '∞' : jirafeau_get_datetimefield($l['time'])) . '
'; - echo t('ONETIME') . ': ' . ($l['onetime'] == 'O' ? 'Yes' : 'No') . '
'; - echo t('UPLOAD_DATE') . ': ' . jirafeau_get_datetimefield($l['upload_date']) . '
'; - if (strlen($l['ip']) > 0) { - echo t('ORIGIN') . ': ' . $l['ip'] . '
'; - } - echo '		'; - echo '
' . - '' . - '' . - jirafeau_admin_csrf_field() . - '' . - '
' . - '
' . - '' . - '' . - jirafeau_admin_csrf_field() . - '' . - '
' . - '
' . - '' . - '' . - jirafeau_admin_csrf_field() . - '' . - '
' . - '
'; + }; + jirafeau_admin_list_table($name, $file_hash, $link_hash, $function); } /** @@ -866,7 +927,7 @@ function jirafeau_fileperms($path) function jirafeau_admin_bug_report($cfg) { $out = "
" . t('REPORTING_AN_ISSUE') . ""; - $out .= "If you have a problem related to Jirafeau, please open an issue, explain your problem in english and copy-paste the following content:

"; + $out .= "If you have a problem related to Jirafeau, please open an issue, explain your problem in english and copy-paste the following content:

"; $out .= "# Jirafeau
"; $out .= "- version: " . JIRAFEAU_VERSION . "
"; @@ -890,6 +951,7 @@ function jirafeau_admin_bug_report($cfg) $out .= "# PHP options
"; $out .= "- php version: " . phpversion() . "
"; + $out .= "- sodium version: " . phpversion('sodium') . "
"; $out .= "- mcrypt version: " . phpversion('mcrypt') . "
"; $php_options = [ 'post_max_size', @@ -996,8 +1058,8 @@ function jirafeau_async_delete($ref) function jirafeau_async_init($filename, $type, $one_time, $key, $time, $ip) { /* Create temporary folder. */ - $ref; - $p; + $ref = ''; + $p = ''; $code = jirafeau_gen_random(4); do { $ref = jirafeau_gen_random(32); @@ -1131,10 +1193,12 @@ function jirafeau_async_end($ref, $code, $crypt, $link_name_length, $file_hash_m $crypted = false; $crypt_key = ''; - if ($crypt == true && extension_loaded('mcrypt') == true) { - $crypt_key = jirafeau_encrypt_file($p, $p); + if ($crypt == true && extension_loaded('sodium') == true) { + $crypt_key = jirafeau_encrypt_file($p, $p.'.crypt'); if (strlen($crypt_key) > 0) { - $crypted = true; + if (rename($p.'.crypt', $p) === true) { + $crypted = true; + } } } @@ -1169,7 +1233,7 @@ function jirafeau_async_end($ref, $code, $crypt, $link_name_length, $file_hash_m $handle, $a['file_name'] . NL . $a['mime_type'] . NL . $size . NL . $a['key'] . NL . $a['time'] . NL . $hash . NL . $a['onetime'] . NL . - time() . NL . $a['ip'] . NL . $delete_link_code . NL . ($crypted ? 'C' : 'O') + time() . NL . $a['ip'] . NL . $delete_link_code . NL . ($crypted ? 'C2' : 'O') ); fclose($handle); $hash_link = substr(base_16_to_64(md5_file($link_tmp_name)), 0, $link_name_length); @@ -1197,54 +1261,96 @@ function jirafeau_crypt_create_iv($base, $size) } /** - * Crypt file and returns decrypt key. + * Crypt file using Sodium and returns decrypt key. * @param $fp_src file path to the file to crypt. - * @param $fp_dst file path to the file to write crypted file (could be the same). - * @return decrypt key composed of the key and the iv separated by a point ('.') + * @param $fp_dst file path to the file to write crypted file (must not be the same). + * @return key used to encrypt the file */ function jirafeau_encrypt_file($fp_src, $fp_dst) { $fs = filesize($fp_src); - if ($fs === false || $fs == 0 || !(extension_loaded('mcrypt') == true)) { + if ($fs === false || $fs == 0 || extension_loaded('sodium') == false || $fp_src == $fp_dst) { return ''; } - /* Prepare module. */ - $m = mcrypt_module_open('rijndael-256', '', 'ofb', ''); /* Generate key. */ - $crypt_key = jirafeau_gen_random(10); - $hash_key = md5($crypt_key); - $iv = jirafeau_crypt_create_iv($hash_key, mcrypt_enc_get_iv_size($m)); + $crypt_key = bin2hex(random_bytes(SODIUM_CRYPTO_STREAM_XCHACHA20_KEYBYTES / 2)); /* Init module. */ - mcrypt_generic_init($m, $hash_key, $iv); + [$crypt_state, $crypt_header] = sodium_crypto_secretstream_xchacha20poly1305_init_push($crypt_key); /* Crypt file. */ - $r = fopen($fp_src, 'r'); - $w = fopen($fp_dst, 'c'); - while (!feof($r)) { - $to_enc = fread($r, 1024); - if (strlen($to_enc) > 0) { - $enc = mcrypt_generic($m, $to_enc); - if (fwrite($w, $enc) === false) { - return ''; - } + $r = fopen($fp_src, 'rb'); + $w = fopen($fp_dst, 'wb'); + fwrite($w, $crypt_header); + + for ($i = 0; $i < $fs; $i += JIRAFEAU_SODIUM_CHUNKSIZE) { + $to_enc = fread($r, JIRAFEAU_SODIUM_CHUNKSIZE); + $enc = sodium_crypto_secretstream_xchacha20poly1305_push($crypt_state, $to_enc); + + if (fwrite($w, $enc) === false) { + return ''; } } + fclose($r); fclose($w); + /* Cleanup. */ - mcrypt_generic_deinit($m); - mcrypt_module_close($m); + sodium_memzero($crypt_state); + return $crypt_key; } /** - * Decrypt file. + * Decrypt file using Sodium. + * @param $fp_src file path to the file to decrypt. + * @param $fp_dst file path to the file to write decrypted file (must not be the same). + * @param $k decryption key + * @return true if decryption succeeded, false otherwise + */ +function jirafeau_decrypt_file($fp_src, $fp_dst, $k) +{ + $fs = filesize($fp_src); + if ($fs === false || $fs == 0 || extension_loaded('sodium') == false || $fp_src == $fp_dst) { + return false; + } + + /* Decrypt file. */ + $r = fopen($fp_src, 'rb'); + $w = fopen($fp_dst, 'wb'); + + $crypt_header = fread($r, SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_HEADERBYTES); + + /* Init module. */ + $crypt_state = sodium_crypto_secretstream_xchacha20poly1305_init_pull($crypt_header, $k); + + /* Decrypt file. */ + + for ($i = SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_HEADERBYTES; $i < $fs; $i += JIRAFEAU_SODIUM_CHUNKSIZE + SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_ABYTES) { + $to_dec = fread($r, JIRAFEAU_SODIUM_CHUNKSIZE + SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_ABYTES); + [$dec, $crypt_tag] = sodium_crypto_secretstream_xchacha20poly1305_pull($crypt_state, $to_dec); + + if (fwrite($w, $dec) === false) { + return false; + } + } + + fclose($r); + fclose($w); + + /* Cleanup. */ + sodium_memzero($crypt_state); + + return true; +} + +/** + * Decrypt file using mcrypt. * @param $fp_src file path to the file to decrypt. * @param $fp_dst file path to the file to write decrypted file (could be the same). * @param $k string composed of the key and the iv separated by a point ('.') - * @return key used to decrypt. a string of length 0 is returned if failed. + * @return true if decryption succeeded, false otherwise */ -function jirafeau_decrypt_file($fp_src, $fp_dst, $k) +function jirafeau_decrypt_file_legacy($fp_src, $fp_dst, $k) { $fs = filesize($fp_src); if ($fs === false || $fs == 0 || extension_loaded('mcrypt') == false) { @@ -1257,6 +1363,8 @@ function jirafeau_decrypt_file($fp_src, $fp_dst, $k) $crypt_key = $k; $hash_key = md5($crypt_key); $iv = jirafeau_crypt_create_iv($hash_key, mcrypt_enc_get_iv_size($m)); + /* Init module. */ + mcrypt_generic_init($m, $hash_key, $iv); /* Decrypt file. */ $r = fopen($fp_src, 'r'); $w = fopen($fp_dst, 'c'); @@ -1375,6 +1483,31 @@ function jirafeau_challenge_upload($cfg, $ip, $password) (jirafeau_challenge_upload_password($cfg, $password) && jirafeau_challenge_upload_ip($cfg, $ip)); } +/** + * Check if Jirafeau has a restriction on the IP address for accessing the admin interface. + * @return true if admin interface is IP restricted, false otherwise. + */ +function jirafeau_admin_has_ip_restriction($cfg) +{ + return count($cfg['admin_ip']) > 0; +} + +/** + * Test if visitor's IP is authorized to access the admin interface. + * + * @param $cfg configuration + * @param $challengedIp IP to be challenged + * @return true if IP is authorized, false otherwise. + */ +function jirafeau_challenge_admin_ip($cfg, $challengedIp) +{ + // If no IP address have been listed, allow upload from any IP + if (!jirafeau_admin_has_ip_restriction($cfg)) { + return true; + } + return jirafeau_challenge_ip($cfg['admin_ip'], $challengedIp); +} + /** Tell if we have some HTTP headers generated by a proxy */ function has_http_forwarded() { @@ -1603,5 +1736,261 @@ function jirafeau_add_ending_slash($path) function jirafeau_default_web_root() { - return $_SERVER['HTTP_HOST'] . str_replace('install.php', '', $_SERVER['REQUEST_URI']); + $url_scheme = (isset($_SERVER['HTTPS'])) ? 'https://' : 'http://'; + return $url_scheme . $_SERVER['HTTP_HOST'] . str_replace('install.php', '', $_SERVER['REQUEST_URI']); +} + +function jirafeau_get_download_stats($hash) +{ + $filename = VAR_LINKS . s2p("$hash") . $hash . '_download'; + + if (!file_exists($filename)) { + return array('count'=>0); + } + + $c = file($filename); + $data['count'] = trim($c[0]); + $data['date'] = trim($c[1]); + $data['ip'] = trim($c[2]); + + return $data; +} + +function jirafeau_write_download_stats($hash, $ip) +{ + $data = jirafeau_get_download_stats($hash); + $count = $data['count']; + $count++; + + $filename = VAR_LINKS . s2p("$hash") . $hash . '_download'; + + $handle = fopen($filename, 'w'); + fwrite($handle, $count . NL . time() . NL . $ip); + fclose($handle); +} + +function jirafeau_create_upload_finished_box($preview = true) { + ?> + +
+

+ +
+

+ + +

+ + +

+
+ + +
+

+ +

+ + +

+
+ + +
+

+ +

+ + +

+
+ +
+

+ +

+ + +

+
+ +
+

:

+

+
+
+ 'minute', + 'label' => '1_MIN' + ), + array( + 'value' => 'hour', + 'label' => '1_H' + ), + array( + 'value' => 'day', + 'label' => '1_D' + ), + array( + 'value' => 'week', + 'label' => '1_W' + ), + array( + 'value' => 'fortnight', + 'label' => '2_W' + ), + array( + 'value' => 'month', + 'label' => '1_M' + ), + array( + 'value' => 'quarter', + 'label' => '1_Q' + ), + array( + 'value' => 'year', + 'label' => '1_Y' + ), + array( + 'value' => 'none', + 'label' => 'NONE' + ) + ); +} + + + + /** + * + * creates the time selection field + * @param mixed $cfg + * @return void + */ + function jirafeau_create_selection_array($cfg) { + echo + ''; + } + + function jirafeau_datestr_to_int ($time_str) { + $time = time(); + switch ($time_str) { + case 'minute': + $time += JIRAFEAU_MINUTE; + break; + case 'hour': + $time += JIRAFEAU_HOUR; + break; + case 'day': + $time += JIRAFEAU_DAY; + break; + case 'week': + $time += JIRAFEAU_WEEK; + break; + case 'fortnight': + $time += JIRAFEAU_FORTNIGHT; + break; + case 'month': + $time += JIRAFEAU_MONTH; + break; + case 'quarter': + $time += JIRAFEAU_QUARTER; + break; + case 'year': + $time += JIRAFEAU_YEAR; + break; + default: + $time = JIRAFEAU_INFINITY; + break; + } + return $time; +} + + + + +/** + * links or copy a local file + * TODO: boolean in config for linking + * @param string $filepath + * @param $one_time_download is the file a one time download ? + * @param $key if not empty, protect the file with this key + * @param $time the time of validity of the file + * @param $ip uploader's ip + * @param $crypt boolean asking to crypt or not + * @param $link_name_length size of the link name + * @returns an array containing some information + * 'error' => information on possible errors + * 'link' => the link name of the uploaded file + * 'delete_link' => the link code to delete file + */ +function jirafeau_copy_local_file($local_file_path, $one_time_download, $key, $time, $ip, $crypt, $link_name_length, $file_hash_method) { + + if (!file_exists($local_file_path)) { + return (array( + 'error' => + array('has_error' => true, + 'why' => t('INTERNAL_ERROR_FILE_NOT_EXIST')), + 'link' =>'', + 'delete_link' => '')); + } + if( + // sanity check if file can be opened + $file = fopen($local_file_path, "r") + ) + { + // close file pointer - it's not needed here + fclose($file); + $time_in_int = jirafeau_datestr_to_int($time); + return jirafeau_add_file( + jirafeau_create_file_array($local_file_path), + $one_time_download, + $key, + $time_in_int, + $ip, + $crypt, + $link_name_length, + $file_hash_method, + false + ); + } + else { + return (array( + 'error' => + array('has_error' => true, + 'why' => t('INTERNAL_ERROR_FP_OPEN_LOCAL')), + 'link' =>'', + 'delete_link' => '')); + } + +} + + +function jirafeau_create_file_array($file_path) { + return + [ + 'type' => mime_content_type($file_path), + 'tmp_name' => $file_path, + 'name' => basename($file_path), + 'size' => filesize($file_path), + ]; }