X-Git-Url: https://git.p6c8.net/jirafeau_project.git/blobdiff_plain/96707e02b8b24054e0827eaf169cc88504a1e78c..fa9b63f0cdf8f7874929d1f8b5e8013e3f3f8dd4:/lib/functions.php diff --git a/lib/functions.php b/lib/functions.php index 4d698c2..e4bfbb5 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -120,6 +120,21 @@ function jirafeau_human_size($octets) return round($o, 1) . $u[$p]; } +// Convert UTC timestamp to a datetime field +function jirafeau_get_datetimefield($timestamp) +{ + $content = '' + . strftime('%Y-%m-%d %H:%M', $timestamp) . ' (GMT)'; + return $content; +} + +function jirafeau_fatal_error($errorText, $cfg = array()) +{ + echo '

Error

' . $errorText . '

'; + require(JIRAFEAU_ROOT . 'lib/template/footer.php'); + exit; +} + function jirafeau_clean_rm_link($link) { $p = s2p("$link"); @@ -594,13 +609,12 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) /* Print link informations. */ echo ''; echo '' . - '' . htmlspecialchars($l['file_name']) . ''; echo ''; echo '' . $l['mime_type'] . ''; echo '' . jirafeau_human_size($l['file_size']) . ''; - echo '' . ($l['time'] == -1 ? '' : strftime('%c', $l['time'])) . - ''; + echo '' . ($l['time'] == -1 ? '∞' : jirafeau_get_datetimefield($l['time'])) . ''; echo ''; if ($l['onetime'] == 'O') { echo 'Y'; @@ -608,20 +622,20 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) echo 'N'; } echo ''; - echo '' . strftime('%c', $l['upload_date']) . ''; + echo '' . jirafeau_get_datetimefield($l['upload_date']) . ''; echo '' . $l['ip'] . ''; echo '' . - '
' . + '' . '' . '' . '' . '
' . - '
' . + '' . '' . '' . '' . '
' . - '
' . + '' . '' . '' . '' . @@ -1056,26 +1070,69 @@ function jirafeau_challenge_upload_password($cfg, $password) /** * Test if visitor's IP is authorized to upload. - * @param $ip IP to be challenged + * + * @param $allowedIpList array of allowed IPs + * @param $challengedIp IP to be challenged * @return true if IP is authorized, false otherwise. */ -function jirafeau_challenge_upload_ip($cfg, $ip) +function jirafeau_challenge_upload_ip($allowedIpList, $challengedIp) { - if (count($cfg['upload_ip']) == 0) { + // skip if list is empty = all IPs allowed + if (count($allowedIpList) == 0) { return true; } - foreach ($cfg['upload_ip'] as $i) { - if ($i == $ip) { + // test given IP against each allowed IP + foreach ($allowedIpList as $i) { + if ($i == $challengedIp) { return true; } // CIDR test for IPv4 only. if (strpos($i, '/') !== false) { list($subnet, $mask) = explode('/', $i); - if ((ip2long($ip) & ~((1 << (32 - $mask)) - 1)) == ip2long($subnet)) { + if ((ip2long($challengedIp) & ~((1 << (32 - $mask)) - 1)) == ip2long($subnet)) { + return true; + } + } + } + return false; +} + +/** + * Test if visitor's IP is authorized or password is supplied and authorized + * @param $ip IP to be challenged + * @param $password password to be challenged + * @return true if access is valid, false otherwise. + */ +function jirafeau_challenge_upload ($cfg, $ip, $password) +{ + // Allow if no ip restrictaion and no password restriction + if ((count ($cfg['upload_ip']) == 0) and (count ($cfg['upload_password']) == 0)) { + return true; + } + + // Allow if ip is in array + foreach ($cfg['upload_ip'] as $i) { + if ($i == $ip) { + return true; + } + // CIDR test for IPv4 only. + if (strpos ($i, '/') !== false) + { + list ($subnet, $mask) = explode('/', $i); + if ((ip2long ($ip) & ~((1 << (32 - $mask)) - 1) ) == ip2long ($subnet)) { return true; } } } + if (!jirafeau_has_upload_password($cfg)) { + return false; + } + + foreach ($cfg['upload_password'] as $p) { + if ($password == $p) { + return true; + } + } return false; } @@ -1157,185 +1214,6 @@ function hex_to_base64($hex) return base64_encode($b); } -/** - * Read alias informations - * @return array containing informations. - */ -function jirafeau_get_alias($hash) -{ - $out = array(); - $link = VAR_ALIAS . s2p("$hash") . $hash; - - if (!file_exists($link)) { - return $out; - } - - $c = file($link); - $out['md5_password'] = trim($c[0]); - $out['ip'] = trim($c[1]); - $out['update_date'] = trim($c[2]); - $out['destination'] = trim($c[3], NL); - - return $out; -} - -/** Create an alias to a jirafeau's link. - * @param $alias alias name - * @param $destination reference of the destination - * @param $password password to protect alias - * @param $ip client's IP - * @return a string containing the edit code of the alias or the string "Error" - */ -function jirafeau_alias_create($alias, $destination, $password, $ip) -{ - /* Check that alias and password are long enough. */ - if (strlen($alias) < 8 || - strlen($alias) > 32 || - strlen($password) < 8 || - strlen($password) > 32) { - return 'Error'; - } - - /* Check that destination exists. */ - $l = jirafeau_get_link($destination); - if (!count($l)) { - return 'Error'; - } - - /* Check that alias does not already exists. */ - $alias = md5($alias); - $p = VAR_ALIAS . s2p($alias); - if (file_exists($p)) { - return 'Error'; - } - - /* Create alias folder. */ - @mkdir($p, 0755, true); - if (!file_exists($p)) { - return 'Error'; - } - - /* Generate password. */ - $md5_password = md5($password); - - /* Store informations. */ - $p .= $alias; - $handle = fopen($p, 'w'); - fwrite($handle, - $md5_password . NL . - $ip . NL . - time() . NL . - $destination . NL); - fclose($handle); - - return 'Ok'; -} - -/** Update an alias. - * @param $alias alias to update - * @param $destination reference of the new destination - * @param $password password to protect alias - * @param $new_password optional new password to protect alias - * @param $ip client's IP - * @return "Ok" or "Error" string - */ -function jirafeau_alias_update($alias, $destination, $password, - $new_password, $ip) -{ - $alias = md5($alias); - /* Check that alias exits. */ - $a = jirafeau_get_alias($alias); - if (!count($a)) { - return 'Error'; - } - - /* Check that destination exists. */ - $l = jirafeau_get_link($a["destination"]); - if (!count($l)) { - return 'Error'; - } - - /* Check password. */ - if ($a["md5_password"] != md5($password)) { - return 'Error'; - } - - $p = $a['md5_password']; - if (strlen($new_password) >= 8 && - strlen($new_password) <= 32) { - $p = md5($new_password); - } elseif (strlen($new_password) > 0) { - return 'Error'; - } - - /* Rewrite informations. */ - $p = VAR_ALIAS . s2p($alias) . $alias; - $handle = fopen($p, 'w'); - fwrite($handle, - $p . NL . - $ip . NL . - time() . NL . - $destination . NL); - fclose($handle); - return 'Ok'; -} - -/** Get an alias. - * @param $alias alias to get - * @return alias destination or "Error" string - */ -function jirafeau_alias_get($alias) -{ - $alias = md5($alias); - /* Check that alias exits. */ - $a = jirafeau_get_alias($alias); - if (!count($a)) { - return 'Error'; - } - - return $a['destination']; -} - -function jirafeau_clean_rm_alias($alias) -{ - $p = s2p("$alias"); - if (file_exists(VAR_ALIAS . $p . $alias)) { - unlink(VAR_ALIAS . $p . $alias); - } - $parse = VAR_ALIAS . $p; - $scan = array(); - while (file_exists($parse) - && ($scan = scandir($parse)) - && count($scan) == 2 // '.' and '..' folders => empty. - && basename($parse) != basename(VAR_ALIAS)) { - rmdir($parse); - $parse = substr($parse, 0, strlen($parse) - strlen(basename($parse)) - 1); - } -} - -/** Delete an alias. - * @param $alias alias to delete - * @param $password password to protect alias - * @return "Ok" or "Error" string - */ -function jirafeau_alias_delete($alias, $password) -{ - $alias = md5($alias); - /* Check that alias exits. */ - $a = jirafeau_get_alias($alias); - if (!count($a)) { - return "Error"; - } - - /* Check password. */ - if ($a["md5_password"] != md5($password)) { - return 'Error'; - } - - jirafeau_clean_rm_alias($alias); - return 'Ok'; -} - /** * Replace markers in templates. *