X-Git-Url: https://git.p6c8.net/jirafeau_project.git/blobdiff_plain/ab330a749db8c75b9a38a77536358be60a3e5163..d84c94d93c6b5b446c7bc6e359bb8fc276107dff:/file.php?ds=inline diff --git a/file.php b/file.php index edf0199..0a1554c 100644 --- a/file.php +++ b/file.php @@ -17,124 +17,174 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ +define ('JIRAFEAU_ROOT', dirname (__FILE__) . '/'); -define('JIRAFEAU_ROOT', dirname(__FILE__) . '/'); +require (JIRAFEAU_ROOT . 'lib/lang.php'); +require (JIRAFEAU_ROOT . 'lib/config.php'); +require (JIRAFEAU_ROOT . 'lib/settings.php'); +require (JIRAFEAU_ROOT . 'lib/functions.php'); -require(JIRAFEAU_ROOT . 'lib/config.php'); -require(JIRAFEAU_ROOT . 'lib/settings.php'); -require(JIRAFEAU_ROOT . 'lib/functions.php'); +if (!isset ($_GET['h']) || empty ($_GET['h'])) +{ + header ('Location: ' . $cfg['web_root']); + exit; +} -if(isset($_GET['h']) && !empty($_GET['h'])) { - $link_name = $_GET['h']; +$link_name = $_GET['h']; - $delete_code = ''; - if(isset($_GET['d']) && !empty($_GET['d'])) - $delete_code = $_GET['d']; +if (!preg_match ('/[0-9a-zA-Z_-]{22}$/', $link_name)) +{ + require (JIRAFEAU_ROOT.'lib/template/header.php'); + echo '<div class="error"><p>' . t('Sorry, the requested file is not found') . '</p></div>'; + require (JIRAFEAU_ROOT.'lib/template/footer.php'); + exit; +} + +$link = jirafeau_get_link ($link_name); +if (count ($link) == 0) +{ + require (JIRAFEAU_ROOT.'lib/template/header.php'); + echo '<div class="error"><p>' . t('Sorry, the requested file is not found') . + '</p></div>'; + require (JIRAFEAU_ROOT.'lib/template/footer.php'); + exit; +} - if(!ereg('[0-9a-f]{32}$', $link_name)) { - header("HTTP/1.0 404 Not Found"); +$delete_code = ''; +if (isset ($_GET['d']) && !empty ($_GET['d'])) + $delete_code = $_GET['d']; - require(JIRAFEAU_ROOT . 'lib/template/header.php'); - echo '<div class="error"><p>Error 404: Not Found</p></div>'; - require(JIRAFEAU_ROOT . 'lib/template/footer.php'); +$button_download = false; +if (isset ($_GET['bd']) && !empty ($_GET['bd'])) + $button_download = true; + +$button_preview = false; +if (isset ($_GET['bp']) && !empty ($_GET['bp'])) + $button_preview = true; + +$p = s2p ($link['md5']); +if (!file_exists (VAR_FILES . $p . $link['md5'])) +{ + jirafeau_delete_link ($link_name); + require (JIRAFEAU_ROOT.'lib/template/header.php'); + echo '<div class="error"><p>'.t('File not available.'). + '</p></div>'; + require (JIRAFEAU_ROOT.'lib/template/footer.php'); exit; - } - - $link_file = VAR_LINKS . $link_name; - if(file_exists($link_file)) { - $content = file($link_file); - $file_name = trim($content[0]); - $mime_type = trim($content[1]); - $file_size = trim($content[2]); - $key = trim($content[3], NL); - $time = trim($content[4]); - $md5 = trim($content[5]); - $onetime = trim($content[6]); - $link_code = trim($content[9]); - - - - if(!file_exists(VAR_FILES . $md5)) { - jirafeau_delete($link_name); - require(JIRAFEAU_ROOT . 'lib/template/header.php'); - echo '<div class="error"><p>' . _('File not available.') . '</p></div>'; - require(JIRAFEAU_ROOT . 'lib/template/footer.php'); - exit; - } +} - if(!empty($delete_code) && $delete_code == $link_code) { - jirafeau_delete($link_name); - require(JIRAFEAU_ROOT . 'lib/template/header.php'); - echo '<div class="message"><p>' . _('File has been deleted.') . '</p></div>'; - require(JIRAFEAU_ROOT . 'lib/template/footer.php'); - exit; - } +if (!empty ($delete_code) && $delete_code == $link['link_code']) +{ + jirafeau_delete_link ($link_name); + require (JIRAFEAU_ROOT.'lib/template/header.php'); + echo '<div class="message"><p>'.t('File has been deleted.'). + '</p></div>'; + require (JIRAFEAU_ROOT.'lib/template/footer.php'); + exit; +} - if($time != JIRAFEAU_INFINITY && time() > $time) { - jirafeau_delete($link_name); - require(JIRAFEAU_ROOT . 'lib/template/header.php'); - echo '<div class="error"><p>' . _('The time limit of this file has expired. It has been deleted.') . '</p></div>'; - require(JIRAFEAU_ROOT . 'lib/template/footer.php'); - exit; - } +if ($link['time'] != JIRAFEAU_INFINITY && time () > $link['time']) +{ + jirafeau_delete_link ($link_name); + require (JIRAFEAU_ROOT.'lib/template/header.php'); + echo '<div class="error"><p>'. + t('The time limit of this file has expired.') . ' ' . + t('File has been deleted.') . + '</p></div>'; + require (JIRAFEAU_ROOT . 'lib/template/footer.php'); + exit; +} - if(!empty($key)) { - if(!isset($_POST['key'])) { - require(JIRAFEAU_ROOT . 'lib/template/header.php'); -?> -<div id="upload"> -<form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post"> -<input type="hidden" name="jirafeau" value="<?php echo JIRAFEAU_VERSION; ?>" /> -<fieldset> - <legend><?php echo _('Key protection'); ?></legend> - <table> - <tr> - <td><?php echo _('Give the key of this file:'); ?> <input type="password" name="key" /></td> - </tr> - <tr> - <td><input type="submit" value="<?php echo _('I have the right to download this file'); ?>" /></td> - </tr> - </table> -</fieldset> -</form> -</div> -<?php - require(JIRAFEAU_ROOT . 'lib/template/footer.php'); - exit; - } else { - if($key != md5($_POST['key'])) { - header("HTTP/1.0 403 Forbidden"); - - require(JIRAFEAU_ROOT . 'lib/template/header.php'); - echo '<div class="error"><p>Error 403: Forbidden</p></div>'; - require(JIRAFEAU_ROOT . 'lib/template/footer.php'); - exit; +$password_challenged = false; +if (!empty ($link['key'])) +{ + if (!isset ($_POST['key'])) + { + require (JIRAFEAU_ROOT.'lib/template/header.php'); + echo '<div id = "upload">' . + '<form action = "' . $_SERVER['REQUEST_URI'] . '" ' . + 'method = "post" id = "submit">'; ?> + <input type = "hidden" name = "jirafeau" value = "<?php echo JIRAFEAU_VERSION ?>"/><?php + echo '<fieldset>' . + '<legend>' . t('Password protection') . + '</legend><table><tr><td>' . + t('Give the password of this file') . ' : ' . + '<input type = "password" name = "key" />' . + '</td></tr>' . + '<tr><td>' . + t('By using our services, you accept of our'). ' <a href="' . $cfg['web_root'] . '/tos.php' . '">' . t('Term Of Service') . '</a>' . + '</td></tr>' . + '<tr><td>'; + ?><input type="submit" id = "submit_download" value="<?php echo t('Download'); ?>" + onclick="document.getElementById('submit').action='<?php echo $_SERVER['REQUEST_URI'] ?>&bd=1'; + document.getElementById('submit_download').submit ();"/><?php + + if ($cfg['download_page'] && $cfg['preview']) + { + ?><input type="submit" id = "submit_preview" value="<?php echo t('Preview'); ?>" + onclick="document.getElementById('submit').action='<?php echo $_SERVER['REQUEST_URI'] ?>&bp=1'; + document.getElementById('submit_preview').submit ();"/><?php } - } + echo '</td></tr></table></fieldset></form></div>'; + require (JIRAFEAU_ROOT.'lib/template/footer.php'); + exit; } - - header('Content-Length: ' . $file_size); - header('Content-Type: ' . $mime_type); - if(!jirafeau_is_viewable($mime_type)) { - header('Content-Disposition: attachment; filename="' . $file_name . '"'); + else + { + if ($link['key'] != md5 ($_POST['key'])) + { + header ("Access denied"); + require (JIRAFEAU_ROOT.'lib/template/header.php'); + echo '<div class="error"><p>' . t('Access denied') . + '</p></div>'; + require (JIRAFEAU_ROOT.'lib/template/footer.php'); + exit; + } + else + $password_challenged = true; } - readfile(VAR_FILES . $md5); +} - if($onetime == 'O') { - jirafeau_delete($link_name); - } - exit; - } else { - header("HTTP/1.0 404 Not Found"); +if ($cfg['download_page'] && !$password_challenged && !$button_download && !$button_preview) +{ + require (JIRAFEAU_ROOT.'lib/template/header.php'); + echo '<div id = "upload">' . + '<form action = "' . $_SERVER['REQUEST_URI'] . '" ' . + 'method = "post" id = "submit">'; ?> + <input type = "hidden" name = "jirafeau" value = "<?php echo JIRAFEAU_VERSION ?>"/><?php + echo '<fieldset><legend>' . $link['file_name'] . '</legend><table>' . + '<tr><td>' . + t('You are about to download') . ' "' . $link['file_name'] . '" (' . jirafeau_human_size($link['file_size']) . ')' . + '</td></tr>' . + '<tr><td>' . + t('By using our services, you accept of our'). ' <a href="' . $cfg['web_root'] . '/tos.php' . '">' . t('Term Of Service') . '</a>'; + ?><input type="submit" id = "submit_download" value="<?php echo t('Download'); ?>" + onclick="document.getElementById('submit').action='<?php echo $_SERVER['REQUEST_URI'] ?>&bd=1'; + document.getElementById('submit_download').submit ();"/><?php + + if ($cfg['download_page'] && $cfg['preview']) + { + ?><input type="submit" id = "submit_preview" value="<?php echo t('Preview'); ?>" + onclick="document.getElementById('submit').action='<?php echo $_SERVER['REQUEST_URI'] ?>&bp=1'; + document.getElementById('submit_preview').submit ();"/><?php + } + echo '</td></tr>'; + echo '</table></fieldset></form></div>'; + require (JIRAFEAU_ROOT.'lib/template/footer.php'); + exit; +} - require(JIRAFEAU_ROOT . 'lib/template/header.php'); - echo '<div class="error"><p>Error 404: Not Found</p></div>'; - require(JIRAFEAU_ROOT . 'lib/template/footer.php'); - exit; - } -} else { - header('Location: ' . $cfg['web_root']); - exit; +header ('Content-Length: ' . $link['file_size']); +header ('Content-Type: ' . $link['mime_type']); +if (!jirafeau_is_viewable ($link['mime_type']) || !$cfg['preview'] || $button_download) +{ + header ('Content-Disposition: attachment; filename="' . + $link['file_name'] . '"'); } +readfile (VAR_FILES . $p . $link['md5']); + +if ($link['onetime'] == 'O') + jirafeau_delete_link ($link_name); +exit; ?>