X-Git-Url: https://git.p6c8.net/jirafeau_project.git/blobdiff_plain/bb49c0bb63facbc4771e507423e01a35ced17615..48c710744cbabd2ddc812fc50b6944328461747c:/script.php?lang=bash
diff --git a/script.php b/script.php
index 0d4aeab..95888b5 100644
--- a/script.php
+++ b/script.php
@@ -25,8 +25,8 @@ require(JIRAFEAU_ROOT . 'lib/settings.php');
require(JIRAFEAU_ROOT . 'lib/functions.php');
require(JIRAFEAU_ROOT . 'lib/lang.php');
- global $script_langages;
- $script_langages = array('bash' => 'Bash');
+global $script_langages;
+$script_langages = array('bash' => 'Bash');
/* Operations may take a long time.
* Be sure PHP's safe mode is off.
@@ -44,7 +44,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET" && count($_GET) == 0) {
Scripting interface
This interface permits to script your uploads and downloads.
-
See source code of this interface to get available calls :)
+
See source code of this interface to get available calls :)
You may download a preconfigured Bash Script to easily send to and get files from the API via command line.
@@ -62,59 +62,41 @@ if (has_error()) {
exit;
}
+session_start();
+
/* Upload file */
if (isset($_FILES['file']) && is_writable(VAR_FILES)
&& is_writable(VAR_LINKS)) {
- if (isset($_POST['upload_password'])) {
- if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
+ if (!jirafeau_user_session_logged()) {
+ if (isset($_POST['upload_password']) &&
+ !jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
echo 'Error 3: Invalid password';
exit;
- }
- } else {
- if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), null)) {
+ } elseif (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), null)) {
echo 'Error 2: No password nor allowed IP';
exit;
}
}
+
$key = '';
if (isset($_POST['key'])) {
$key = $_POST['key'];
+ if ($cfg['download_password_requirement'] !== 'generated' && $cfg['download_password_policy'] === 'regex'){
+ if (!preg_match($cfg['download_password_policy_regex'], $key)){
+ echo 'Error 14: The download password is not complying to the security standards.';
+ exit;
+ }
+ }
+ }elseif ($cfg['download_password_requirement'] !== 'optional'){
+ echo 'Error 13: The parameter password is required.';
+ exit;
}
- $time = time();
if (!isset($_POST['time']) || !$cfg['availabilities'][$_POST['time']]) {
echo 'Error 4: The parameter time is invalid.';
exit;
} else {
- switch ($_POST['time']) {
- case 'minute':
- $time += JIRAFEAU_MINUTE;
- break;
- case 'hour':
- $time += JIRAFEAU_HOUR;
- break;
- case 'day':
- $time += JIRAFEAU_DAY;
- break;
- case 'week':
- $time += JIRAFEAU_WEEK;
- break;
- case 'fortnight':
- $time += JIRAFEAU_FORTNIGHT;
- break;
- case 'month':
- $time += JIRAFEAU_MONTH;
- break;
- case 'quarter':
- $time += JIRAFEAU_QUARTER;
- break;
- case 'year':
- $time += JIRAFEAU_YEAR;
- break;
- default:
- $time = JIRAFEAU_INFINITY;
- break;
- }
+ $time = jirafeau_datestr_to_int($_POST['time']);
}
// Check file size
@@ -135,7 +117,7 @@ if (isset($_FILES['file']) && is_writable(VAR_FILES)
} else {
$ip = "";
}
-
+
$res = jirafeau_upload(
$_FILES['file'],
isset($_POST['one_time_download']),
@@ -164,6 +146,15 @@ if (isset($_FILES['file']) && is_writable(VAR_FILES)
$key = '';
if (isset($_POST['key'])) {
$key = $_POST['key'];
+ if ($cfg['download_password_requirement'] !== 'generated' && $cfg['download_password_policy'] === 'regex'){
+ if (!preg_match($cfg['download_password_policy_regex'], $key)){
+ echo 'Error 14: The download password is not complying to the security standards.';
+ exit;
+ }
+ }
+ }elseif ($cfg['download_password_requirement'] !== 'optional'){
+ echo 'Error 13: The parameter password is required.';
+ exit;
}
$d = '';
if (isset($_GET['d'])) {
@@ -405,7 +396,8 @@ fi
}
/* Initialize an asynchronous upload. */
elseif (isset($_GET['init_async'])) {
- if (isset($_POST['upload_password'])) {
+ if (jirafeau_user_session_logged()) {
+ } elseif (isset($_POST['upload_password'])) {
if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
echo 'Error 20: Invalid password';
exit;
@@ -430,6 +422,15 @@ elseif (isset($_GET['init_async'])) {
$key = '';
if (isset($_POST['key'])) {
$key = $_POST['key'];
+ if ($cfg['download_password_requirement'] !== 'generated' && $cfg['download_password_policy'] === 'regex'){
+ if (!preg_match($cfg['download_password_policy_regex'], $key)){
+ echo 'Error 14: The download password is not complying to the security standards.';
+ exit;
+ }
+ }
+ }elseif ($cfg['download_password_requirement'] !== 'optional'){
+ echo 'Error 13: The parameter password is required.';
+ exit;
}
// Check if one time download is enabled
@@ -438,40 +439,11 @@ elseif (isset($_GET['init_async'])) {
exit;
}
- $time = time();
if (!isset($_POST['time']) || !$cfg['availabilities'][$_POST['time']]) {
echo 'Error 22';
exit;
} else {
- switch ($_POST['time']) {
- case 'minute':
- $time += JIRAFEAU_MINUTE;
- break;
- case 'hour':
- $time += JIRAFEAU_HOUR;
- break;
- case 'day':
- $time += JIRAFEAU_DAY;
- break;
- case 'week':
- $time += JIRAFEAU_WEEK;
- break;
- case 'fortnight':
- $time += JIRAFEAU_FORTNIGHT;
- break;
- case 'month':
- $time += JIRAFEAU_MONTH;
- break;
- case 'quarter':
- $time += JIRAFEAU_QUARTER;
- break;
- case 'year':
- $time += JIRAFEAU_YEAR;
- break;
- default:
- $time = JIRAFEAU_INFINITY;
- break;
- }
+ $time = jirafeau_datestr_to_int($_POST['time']);
}
if ($cfg['store_uploader_ip']) {
@@ -479,7 +451,7 @@ elseif (isset($_GET['init_async'])) {
} else {
$ip = "";
}
-
+
echo jirafeau_async_init(
$_POST['filename'],
$type,