script.php 13.2 KB
Newer Older
1 2 3
<?php
/*
 *  Jirafeau, your web file repository
4
 *  Copyright (C) 2015  Jerome Jutteau <j.jutteau@gmail.com>
5 6 7 8 9 10 11 12 13 14 15 16
 *
 *  This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU Affero General Public License as
 *  published by the Free Software Foundation, either version 3 of the
 *  License, or (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Affero General Public License for more details.
 *
 *  You should have received a copy of the GNU Affero General Public License
17
 *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
18 19 20 21 22 23 24
 */

/*
 * This file permits to easyly script file sending, receiving, deleting, ...
 * If you don't want this feature, you can simply delete this file from your
 * web directory.
 */
Dan Untenzu's avatar
Dan Untenzu committed
25
define('JIRAFEAU_ROOT', dirname(__FILE__) . '/');
26

Dan Untenzu's avatar
Dan Untenzu committed
27 28 29
require(JIRAFEAU_ROOT . 'lib/settings.php');
require(JIRAFEAU_ROOT . 'lib/functions.php');
require(JIRAFEAU_ROOT . 'lib/lang.php');
30 31

 global $script_langages;
Dan Untenzu's avatar
Dan Untenzu committed
32
 $script_langages = array('bash' => 'Bash');
33 34 35 36 37 38 39 40

/* Operations may take a long time.
 * Be sure PHP's safe mode is off.
 */
@set_time_limit(0);
/* Remove errors. */
@error_reporting(0);

Dan Untenzu's avatar
Dan Untenzu committed
41 42 43 44 45 46
if ($_SERVER['REQUEST_METHOD'] == "GET" && count($_GET) == 0) {
    require(JIRAFEAU_ROOT . 'lib/template/header.php');
    check_errors($cfg);
    if (has_error()) {
        show_errors();
        require(JIRAFEAU_ROOT . 'lib/template/footer.php');
47
        exit;
Dan Untenzu's avatar
Dan Untenzu committed
48
    } ?>
49
    <div class="info">
Jérôme Jutteau's avatar
Jérôme Jutteau committed
50
    <h2>Scripting interface</h2>
51
    <p>This interface permits to script your uploads and downloads.</p>
Jérôme Jutteau's avatar
Jérôme Jutteau committed
52
    <p>See <a href="https://gitlab.com/mojo42/Jirafeau/blob/master/script.php">source code</a> of this interface to get available calls :)</p>
53
    <p>You may download a preconfigured <a href="script.php?lang=bash">Bash Script</a> to easily send to and get files from the API via command line.</p>
54 55 56
    </div>
    <br />
    <?php
Dan Untenzu's avatar
Dan Untenzu committed
57
    require(JIRAFEAU_ROOT . 'lib/template/footer.php');
58 59 60 61
    exit;
}

/* Lets use interface now. */
62
header('Content-Type: text/plain; charset=utf-8');
63

Dan Untenzu's avatar
Dan Untenzu committed
64 65
check_errors($cfg);
if (has_error()) {
66
    echo 'Error 1';
67 68 69 70
    exit;
}

/* Upload file */
Dan Untenzu's avatar
Dan Untenzu committed
71 72
if (isset($_FILES['file']) && is_writable(VAR_FILES)
    && is_writable(VAR_LINKS)) {
73 74 75 76 77 78 79 80 81 82
    if (isset ($_POST['upload_password'])) {
        if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
            echo 'Error 3: Invalid password';
            exit;
        }
    } else {
        if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), null)) {
            echo 'Error 2: No password nor allowed IP';
            exit;
        }
83
    }
84
    
85
    $key = '';
Dan Untenzu's avatar
Dan Untenzu committed
86
    if (isset($_POST['key'])) {
87
        $key = $_POST['key'];
Dan Untenzu's avatar
Dan Untenzu committed
88
    }
89

Dan Untenzu's avatar
Dan Untenzu committed
90 91
    $time = time();
    if (!isset($_POST['time']) || !$cfg['availabilities'][$_POST['time']]) {
92
        echo 'Error 4: The parameter time is invalid.';
93
        exit;
Dan Untenzu's avatar
Dan Untenzu committed
94 95
    } else {
        switch ($_POST['time']) {
96 97 98 99 100 101 102 103 104 105 106 107 108 109 110
            case 'minute':
                $time += JIRAFEAU_MINUTE;
                break;
            case 'hour':
                $time += JIRAFEAU_HOUR;
                break;
            case 'day':
                $time += JIRAFEAU_DAY;
                break;
            case 'week':
                $time += JIRAFEAU_WEEK;
                break;
            case 'month':
                $time += JIRAFEAU_MONTH;
                break;
111 112 113
            case 'quarter':
                $time += JIRAFEAU_QUARTER;
                break;
114 115 116 117
            case 'year':
                $time += JIRAFEAU_YEAR;
                break;
           default:
118 119 120
                $time = JIRAFEAU_INFINITY;
                break;
        }
Dan Untenzu's avatar
Dan Untenzu committed
121
    }
122 123 124

    // Check file size
    if ($cfg['maximal_upload_size'] > 0 &&
Dan Untenzu's avatar
Dan Untenzu committed
125
        $_FILES['file']['size'] > $cfg['maximal_upload_size'] * 1024 * 1024) {
126
        echo 'Error 5: Your file exceeds the maximum authorized file size.';
127 128 129
        exit;
    }

Dan Untenzu's avatar
Dan Untenzu committed
130 131
    $res = jirafeau_upload($_FILES['file'],
                            isset($_POST['one_time_download']),
132
                            $key, $time, get_ip_address($cfg),
Julien Malik's avatar
Julien Malik committed
133
                            $cfg['enable_crypt'], $cfg['link_name_length']);
134

Dan Untenzu's avatar
Dan Untenzu committed
135
    if (empty($res) || $res['error']['has_error']) {
136
        echo 'Error 6 ' . $res['error']['why'];
137 138 139 140 141 142 143 144 145 146
        exit;
    }
    /* Print direct link. */
    echo $res['link'];
    /* Print delete link. */
    echo NL;
    echo $res['delete_link'];
    /* Print decrypt key. */
    echo NL;
    echo urlencode($res['crypt_key']);
Dan Untenzu's avatar
Dan Untenzu committed
147
} elseif (isset($_GET['h'])) {
148 149
    $link_name = $_GET['h'];
    $key = '';
Dan Untenzu's avatar
Dan Untenzu committed
150
    if (isset($_POST['key'])) {
151
        $key = $_POST['key'];
Dan Untenzu's avatar
Dan Untenzu committed
152
    }
153
    $d = '';
Dan Untenzu's avatar
Dan Untenzu committed
154
    if (isset($_GET['d'])) {
155
        $d = $_GET['d'];
Dan Untenzu's avatar
Dan Untenzu committed
156
    }
157

Dan Untenzu's avatar
Dan Untenzu committed
158
    if (!preg_match('/[0-9a-zA-Z_-]+$/', $link_name)) {
159
        echo 'Error 7';
160 161
        exit;
    }
162

Dan Untenzu's avatar
Dan Untenzu committed
163 164
    $link = jirafeau_get_link($link_name);
    if (count($link) == 0) {
165
        echo 'Error 8';
166 167
        exit;
    }
Dan Untenzu's avatar
Dan Untenzu committed
168 169
    if (strlen($d) > 0 && $d == $link['link_code']) {
        jirafeau_delete_link($link_name);
170 171 172
        echo "Ok";
        exit;
    }
Dan Untenzu's avatar
Dan Untenzu committed
173 174
    if ($link['time'] != JIRAFEAU_INFINITY && time() > $link['time']) {
        jirafeau_delete_link($link_name);
175
        echo 'Error 9';
176 177
        exit;
    }
Dan Untenzu's avatar
Dan Untenzu committed
178 179
    if (strlen($link['key']) > 0 && md5($key) != $link['key']) {
        sleep(2);
180
        echo 'Error 10';
181 182
        exit;
    }
Dan Untenzu's avatar
Dan Untenzu committed
183 184
    $p = s2p($link['md5']);
    if (!file_exists(VAR_FILES . $p . $link['md5'])) {
185
        echo 'Error 11';
186 187 188 189
        exit;
    }

    /* Read file. */
Dan Untenzu's avatar
Dan Untenzu committed
190 191 192
    header('Content-Length: ' . $link['file_size']);
    header('Content-Type: ' . $link['mime_type']);
    header('Content-Disposition: attachment; filename="' .
193 194
            $link['file_name'] . '"');

Dan Untenzu's avatar
Dan Untenzu committed
195 196 197
    $r = fopen(VAR_FILES . $p . $link['md5'], 'r');
    while (!feof($r)) {
        print fread($r, 1024);
198 199
        ob_flush();
    }
Dan Untenzu's avatar
Dan Untenzu committed
200
    fclose($r);
201

Dan Untenzu's avatar
Dan Untenzu committed
202 203 204
    if ($link['onetime'] == 'O') {
        jirafeau_delete_link($link_name);
    }
205
    exit;
Dan Untenzu's avatar
Dan Untenzu committed
206 207 208 209
} elseif (isset($_GET['get_capacity'])) {
    echo min(jirafeau_ini_to_bytes(ini_get('post_max_size')),
              jirafeau_ini_to_bytes(ini_get('upload_max_filesize')));
} elseif (isset($_GET['get_maximal_upload_size'])) {
210
    echo $cfg['maximal_upload_size'];
Dan Untenzu's avatar
Dan Untenzu committed
211
} elseif (isset($_GET['get_version'])) {
212
    echo JIRAFEAU_VERSION;
Dan Untenzu's avatar
Dan Untenzu committed
213
} elseif (isset($_GET['lang'])) {
214
    $l=$_GET['lang'];
Dan Untenzu's avatar
Dan Untenzu committed
215 216
    if ($l == "bash") {
        ?>
217 218
#!/bin/bash

219
# This script has been auto-generated by Jirafeau but you can still edit options below.
220

221 222
# Config begin
proxy='' # Or set JIRAFEAU_PROXY.
223
url='<?php echo $cfg['web_root']; ?>' # Or set JIRAFEAU_URL.
224 225 226 227
time='<?php echo $cfg['availability_default']; ?>' # Or set JIRAFEAU_TIME.
one_time='' # Or set JIRAFEAU_ONE_TIME.
curl='' # Or set JIRAFEAU_CURL_PATH.
# Config end
228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266

if [ -n "$JIRAFEAU_PROXY" ]; then
    proxy="$JIRAFEAU_PROXY"
fi

if [ -n "$JIRAFEAU_URL" ]; then
    url="$JIRAFEAU_URL"
fi

if [ -z "$url" ]; then
    echo "Please set url in script parameters or export JIRAFEAU_URL"
fi

if [ -n "$JIRAFEAU_TIME" ]; then
    time="$JIRAFEAU_TIME"
fi

if [ -n "$JIRAFEAU_ONE_TIME" ]; then
    one_time='1'
fi

if [ -z "$curl" ]; then
    curl="$JIRAFEAU_CURL_PATH"
fi

if [ -z "$curl" ] && [ -e "/usr/bin/curl" ]; then
    curl="/usr/bin/curl"
fi

if [ -z "$curl" ] && [ -e "/bin/curl.exe" ]; then
    curl="/bin/curl.exe"
fi

if [ -z "$curl" ]; then
    echo "Please set your curl binary path (by editing this script or export JIRAFEAU_CURL_PATH global variable)."
    exit
fi

if [ -z "$2" ]; then
267 268 269 270 271 272 273
    echo "Jirafeau Bash Script <?php echo JIRAFEAU_VERSION; ?>"
    echo "--------------------------"
    echo "Usage:"
    echo "    $0 OPTIONS"
    echo
    echo "Options:"
    echo "    $0 send FILE [PASSWORD]"
274 275
    echo "    $0 get URL [PASSWORD]"
    echo "    $0 delete URL"
276
    echo
277
    echo "Global variables to export:"
278
    echo "    JIRAFEAU_PROXY: Domain and port of proxy server, eg. »proxysever.example.com:3128«"
279
    echo "    JIRAFEAU_URL : URI to Jirafeau installation with trailing slash, eg. »https://example.com/jirafeau/«"
280 281 282
    echo "    JIRAFEAU_TIME : expiration time, eg. »minute«, »hour«, »day«, »week«, »month«, »quarter«, »year« or »none«"
    echo "    JIRAFEAU_ONE_TIME : self-destroy after first download, eg. »1« to enable or »« (empty) to disable"
    echo "    JIRAFEAU_CURL : alternative path to curl binary"
283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301

    exit 0
fi

if [ -n "$proxy" ]; then
    proxy="-x $proxy"
fi

options=''
if [ -n "$one_time" ]; then
    options="$options -F one_time_download=1"
fi

password=''
if [ -n "$3" ]; then
    password="$3"
    options="$options -F key=$password"
fi

302 303 304
apipage='script.php'
downloadpage='f.php'

305 306 307 308 309 310 311 312 313 314
if [ "$1" == "send" ]; then
    if [ ! -f "$2" ]; then
        echo "File \"$2\" does not exists."
        exit
    fi

    # Ret result
    res=$($curl -X POST --http1.0 $proxy $options \
                  -F "time=$time" \
                  -F "file=@$2" \
315
                  $url$apipage)
316

317
    if [[ "$res" == Error* ]]; then
318
        echo "Error while uploading."
319
        echo $res
320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335
        exit
    fi

    # Not using head or tail to minimise command dependencies
    code=$(cnt=0; echo "$res" | while read l; do
        if [[ "$cnt" == "0" ]]; then
            echo "$l"
        fi
        cnt=$(( cnt + 1 ))
        done)
    del_code=$(cnt=0; echo "$res" | while read l; do
        if [[ "$cnt" == "1" ]]; then
            echo "$l"
        fi
        cnt=$(( cnt + 1 ))
        done)
336 337 338 339 340 341
    key_code=$(cnt=0; echo "$res" | while read l; do
        if [[ "$cnt" == "2" ]]; then
            echo "$l"
        fi
        cnt=$(( cnt + 1 ))
        done)
342 343 344

    echo
    echo "Download page:"
345 346 347 348 349
    if [[ $key_code ]]; then
        echo "    ${url}${downloadpage}?h=$code&k=$key_code"
    else
        echo "    ${url}${downloadpage}?h=$code"
    fi
350
    echo "Direct download:"
351 352 353 354 355
    if [[ $key_code ]]; then
        echo "    ${url}${downloadpage}?h=$code&k=$key_code&d=1"
    else
        echo "    ${url}${downloadpage}?h=$code&d=1"
    fi
356
    echo "Delete link:"
357 358 359
    echo "    ${url}${downloadpage}?h=$code&d=$del_code"
    echo
    echo "Download via API:"
360 361 362 363 364
    if [[ $key_code ]]; then
        echo "    ${0} get ${url}${apipage}?h=$code&k=$key_code [PASSWORD}"
    else
        echo "    ${0} get ${url}${apipage}?h=$code [PASSWORD}"
    fi
365 366 367
    echo "Delete via API:"
    echo "    ${0} delete ${url}${downloadpage}?h=$code&d=$del_code"

368 369 370 371 372 373 374 375 376 377
elif [ "$1" == "get" ]; then
    if [ -z "$password" ]; then
        $curl $proxy -OJ "$2"
    else
        $curl $proxy -OJ -X POST -F key=$password "$2"
    fi
elif [ "$1" == "delete" ]; then
    $curl $proxy "$2"
fi
<?php
Dan Untenzu's avatar
Dan Untenzu committed
378 379

    } else {
380
        echo 'Error 12';
381 382 383 384
        exit;
    }
}
/* Initialize an asynchronous upload. */
Dan Untenzu's avatar
Dan Untenzu committed
385
elseif (isset($_GET['init_async'])) {
386 387 388 389 390 391 392 393 394 395
    if (isset($_POST['upload_password'])){
        if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
            echo 'Error 20: Invalid password';
            exit;
        }
    } else {
        if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), null)) {
            echo 'Error 19: No password nor allowed IP';
            exit;
        }
396 397
    }

Dan Untenzu's avatar
Dan Untenzu committed
398
    if (!isset($_POST['filename'])) {
399
        echo 'Error 21';
400 401 402 403
        exit;
    }

    $type = '';
Dan Untenzu's avatar
Dan Untenzu committed
404
    if (isset($_POST['type'])) {
405
        $type = $_POST['type'];
Dan Untenzu's avatar
Dan Untenzu committed
406
    }
407

408
    $key = '';
Dan Untenzu's avatar
Dan Untenzu committed
409
    if (isset($_POST['key'])) {
410
        $key = $_POST['key'];
Dan Untenzu's avatar
Dan Untenzu committed
411
    }
412

Dan Untenzu's avatar
Dan Untenzu committed
413 414
    $time = time();
    if (!isset($_POST['time']) || !$cfg['availabilities'][$_POST['time']]) {
415
        echo 'Error 22';
416
        exit;
Dan Untenzu's avatar
Dan Untenzu committed
417 418
    } else {
        switch ($_POST['time']) {
419 420 421 422 423 424 425 426 427 428 429 430 431 432 433
            case 'minute':
                $time += JIRAFEAU_MINUTE;
                break;
            case 'hour':
                $time += JIRAFEAU_HOUR;
                break;
            case 'day':
                $time += JIRAFEAU_DAY;
                break;
            case 'week':
                $time += JIRAFEAU_WEEK;
                break;
            case 'month':
                $time += JIRAFEAU_MONTH;
                break;
434 435 436
            case 'quarter':
                $time += JIRAFEAU_QUARTER;
                break;
437 438 439
            case 'year':
                $time += JIRAFEAU_YEAR;
                break;
440 441 442 443
            default:
                $time = JIRAFEAU_INFINITY;
                break;
        }
Dan Untenzu's avatar
Dan Untenzu committed
444 445
    }
    echo jirafeau_async_init($_POST['filename'],
446
                              $type,
Dan Untenzu's avatar
Dan Untenzu committed
447
                              isset($_POST['one_time_download']),
448 449
                              $key,
                              $time,
450
                              get_ip_address($cfg));
451 452
}
/* Continue an asynchronous upload. */
Dan Untenzu's avatar
Dan Untenzu committed
453 454 455 456
elseif (isset($_GET['push_async'])) {
    if ((!isset($_POST['ref']))
        || (!isset($_FILES['data']))
        || (!isset($_POST['code']))) {
457
        echo 'Error 23';
Dan Untenzu's avatar
Dan Untenzu committed
458 459
    } else {
        echo jirafeau_async_push($_POST['ref'],
460 461 462 463
                                  $_FILES['data'],
                                  $_POST['code'],
                                  $cfg['maximal_upload_size']);
    }
464 465
}
/* Finalize an asynchronous upload. */
Dan Untenzu's avatar
Dan Untenzu committed
466 467 468
elseif (isset($_GET['end_async'])) {
    if (!isset($_POST['ref'])
        || !isset($_POST['code'])) {
469
        echo 'Error 24';
Dan Untenzu's avatar
Dan Untenzu committed
470 471 472 473
    } else {
        echo jirafeau_async_end($_POST['ref'], $_POST['code'], $cfg['enable_crypt'], $cfg['link_name_length']);
    }
} else {
474
    echo 'Error 25';
Dan Untenzu's avatar
Dan Untenzu committed
475
}
476 477
exit;
?>