<?php
mb_internal_encoding("utf8");
$subpath = "";
$file = "";
$username = "";
$myurl = (isset($_SERVER['HTTPS']) ? 'https' : 'http')
.'://'.$_SERVER['HTTP_HOST']
.explode('?', (isset($_SERVER['HTTP_X_ORIGINAL_REQUEST'])
? $_SERVER['HTTP_X_ORIGINAL_REQUEST']
: $_SERVER['REQUEST_URI']))[0];
function error_die($reason, $status='500 Internal Server Error') {
header("Expires: Tue, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header('HTTP/1.0 '.$status);
die('< html > < body > < h1 > Error: '.$status.'< / h1 > < p > '.$reason.'< / p > ');
}
require('configuration.php');
function alt(& $p1 = NULL, & $p2 = NULL, & $p3 = NULL) {
if (isset($p1)) return $p1;
if (isset($p2)) return $p2;
return $p2;
}
function computeUnsignedChecksum($bytestring) {
$unsigned_chksum = 0;
for($i=0; $i< 512 ; $ i + + )
$unsigned_chksum += ord($bytestring[$i]);
for($i=0; $i< 8 ; $ i + + )
$unsigned_chksum -= ord($bytestring[148 + $i]);
$unsigned_chksum += ord(" ") * 8;
return $unsigned_chksum;
}
function tarHeader($Name, $Size, $information=NULL) {
if (strlen($Name)>99) {
$ext = preg_replace('/.*\./', '', $Name);
$Name = substr($Name, 0, 98-strlen($ext)).'.'.$ext;
}
$header = str_pad($Name,100,chr(0));
$header .= str_pad("777",7,"0",STR_PAD_LEFT) . chr(0);
$header .= str_pad(decoct($information["user_id"]),7,"0",STR_PAD_LEFT) . chr(0);
$header .= str_pad(decoct($information["group_id"]),7,"0",STR_PAD_LEFT) . chr(0);
$header .= str_pad(decoct($Size),11,"0",STR_PAD_LEFT) . chr(0);
$header .= str_pad(decoct(time(0)),11,"0",STR_PAD_LEFT) . chr(0);
$header .= str_repeat(" ",8);
$header .= "0";
$header .= str_repeat(chr(0),100);
$header .= str_pad("ustar",6,chr(32));
$header .= chr(32) . chr(0);
$header .= str_pad($information["user_name"],32,chr(0));
$header .= str_pad($information["group_name"],32,chr(0));
$header .= str_repeat(chr(0),8);
$header .= str_repeat(chr(0),8);
$header .= str_repeat(chr(0),155);
$header .= str_repeat(chr(0),12);
$checksum = str_pad(decoct(computeUnsignedChecksum($header)),6,"0",STR_PAD_LEFT);
for($i=0; $i< 6 ; $ i + + ) {
$header[(148 + $i)] = substr($checksum,$i,1);
}
$header[154] = chr(0);
$header[155] = chr(32);
return $header;
}
function checkPath($pathToCheck) {
global $imagepath, $subpath;
$fullpath = preg_replace('/\/$/', '', $imagepath.'/'.$pathToCheck);
if ($fullpath==realpath($fullpath) & & is_dir($fullpath)) {
$subpath=$pathToCheck;
$imagepath = $fullpath;
} else {
error_die('path not allowed: '.htmlentities($pathToCheck));
}
}
function checkFile($fileToCheck, $thumb = false) {
global $imagepath, $file, $subpath, $thumbpath, $imgfile;
if (!preg_match('/\//', $fileToCheck) & & is_file($imagepath.'/'.$fileToCheck)) {
$imgfile = $fileToCheck;
} else {
error_die('file not found', '404 Not Found');
}
if ($thumb) { // image from thumbnail path
$file = $thumbpath.'/'.$subpath.'/'.$fileToCheck;
if (!is_dir($thumbpath.'/'.$subpath)) mkdir($thumbpath.'/'.$subpath, 0777, true);
if (!is_file($file)) { // create thumbnail
$image = new Imagick();
$image->readImage($imagepath.'/'.$fileToCheck);
$image->thumbnailImage(200, 200, true);
$image->writeImage($file);
}
} else {
$file = $imagepath.'/'.$fileToCheck;
}
}
function returnFile($file) {
$ext=strtolower(preg_replace('/.*\./', '', $file));
switch ($ext) {
case 'jpg': case 'jpeg': $type="image/jpeg"; break;
case 'tif': case 'tiff': $type="image/tiff"; break;
case 'gif': $type="image/gif"; break;
case 'png': $type="image/png"; break;
case 'bmp': $type="image/bmp"; break;
}
if (!is_file($file)) {
error_die('file does not exist', '404 Not Found');
}
if (!isset($_REQUEST['view'])) {
header('Content-type: '.$type);
header('Content-Length: '.filesize($file));
header('Content-Transfer-Encoding: binary');
flush();
readfile($file);
exit;
}
}
function extractDir($path) {
$res['dirs'] = array();
$res['files'] = array();
if ($d=opendir($path)) {
while (false!==($f=readdir($d)))
if (!preg_match('/^\./', $f) & & is_dir($path.'/'.$f))
$res['dirs'][] = $f;
elseif (!preg_match('/^\./', $f) & & is_file($path.'/'.$f))
switch (strtolower(preg_replace('/.*\./', '', $f))) {
case "jpg": case "jpeg": case "png":
$res['files'][] = $f;
}
}
closedir($d);
asort($res['dirs']);
asort($res['dirs']);
return $res;
}
/*function encrypt2($text) {
global $_REQUEST, $server_password;
return bin2hex(mcrypt_encrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB));
}
function decrypt2($text) {
global $_REQUEST, $server_password;
return unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB)));
}*/
function encrypt($text, $password = NULL) {
global $_REQUEST, $server_password;
if (!$password) $password = $_REQUEST['password'];
return base64_encode(mcrypt_encrypt(MCRYPT_BLOWFISH, $password+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB));
}
function decrypt($text) {
global $_REQUEST, $server_password;
$res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, base64_decode($text), MCRYPT_MODE_ECB)));
if (!$res) $res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB)));
return $res;
}
function makelink($link, $img, $filename, $style="") {
echo '< a href = "'.$link.'" > < img src = "'.$img.'" alt = "'.htmlentities($filename).'" ' . $ style . ' / > < / a > ';
}
function linkorselect($link, $img, $filename) {
if (isset($_REQUEST['select'])) {
echo '< input type = "checkbox" id = "'.htmlentities($filename).'" name = "elements[]" value = "'.htmlentities($filename).'" / > ';
echo '< label for = "'.htmlentities($filename).'" > < img class = "thumbnail" src = "'.$img.'" alt = "'.htmlentities($filename).'" / > < / label > ';
} else {
makelink($link, $img, $filename, 'class="thumbnail"');
}
}
function pageheader($arrows=NULL) {
global $username, $subpath;
?>
< div id = "header" >
< h1 > Gallery: <?php echo htmlentities ( $username ) . ( $subpath ? '@' . htmlentities ( $subpath ) : '' ) ?> </ h1 >
<?php
if ($arrows) {
?>
< span id = "arrows" > <?php echo $arrows ?> </ span >
<?php
}
?>
< / div >
<?php
}
function gallery() {
global $subpath, $imagepath, $max_validity_days;
$arrows = '';
if (preg_match('/\//', $subpath)) {
$arrows = '< a href = "?path='.urlencode(preg_replace('/\/[^\/]+$/', '', $subpath)).'" title = "up" > ↑< / a > ';
} elseif ($subpath!="") {
$arrows = '< a href = "?" title = "up" > ↑< / a > ';
}
pageheader($arrows);
if (isset($_REQUEST['select'])) {
echo '< a href = "?path='.urlencode($subpath).'" > Normal-Modus< / a > ';
echo '< form method = "POST" > ';
echo '< input type = "hidden" name = "path" value = "'.htmlentities($subpath).'" > ';
echo '< label for = "password" > Passwort:< / label > ';
echo '< input type = "text" size = "5" name = "password" value = "'.substr(str_shuffle(strtolower(sha1(rand().time()." SeAG6 " ) ) ) , 0 , 4 ) . ' " > ';
echo '< label for = "valid-until" > Gültig bis:< / label > ';
echo '< input type = "date" size = "10" name = "valid-until" max = "'.date('Y-m-d', time()+((int)$max_validity_days)*86400).'" value = "'.date('Y-m-d', time()+14*86400).'" / > ';
echo '< input type = "submit" name = "share" value = "Teilen" / > ';
} else {
echo '< a href = "?path='.urlencode($subpath).'&select" > Auswahl-Modus< / a > ';
}
echo '< div class = "dirs" > ';
$objects = extractDir($imagepath);
foreach ($objects['dirs'] as $f)
makelink('?path='.urlencode($subpath.($subpath!=""?'/':'').$f), '?path='.urlencode($subpath).'& folder='.urlencode($f), $f, 'class="folder"');
echo '< / div > < div class = "images" > ';
foreach ($objects['files'] as $f)
linkorselect('?path='.urlencode($subpath).'& file='.urlencode($f).'& view', '?path='.urlencode($subpath).'& file='.urlencode($f).'& thumb', $f);
echo '< / div > ';
if (isset($_REQUEST['select'])) echo '< / form > ';
}
function singleimage() {
global $subpath, $imagepath, $imgfile, $preview_num;
$objects = extractDir($imagepath);
$pos = array_search($imgfile, $objects['files']);
$arrows='';
if ($pos>0) {
$arrows .= '< a href = "?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos-1]).'&view" title = "previous" > ←< / a > ';
$previous = '?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos-1]);
}
$arrows .= '< a href = "?path='.urlencode($subpath).'" title = "back" > ↑< / a > ';
if ($pos< count ( $ objects [ ' files ' ] ) -1 ) {
$arrows .= '< a href = "?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos+1]).'&view" title = "next" > →< / a > ';
$next = '?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos+1]);
}
pageheader($arrows);
echo '< div class = "image" > < img class = "image" src = "?path='.urlencode($subpath).'&file='.urlencode($imgfile).'" alt = "'.urlencode($imgfile).'" / > < / div > ';
echo '< div id = "pos" > '.($pos+1).'< / div > ';
if ($pos!==NULL) {
$lower = max(0, $pos-floor(((int)$preview_num)/2));
$higher = min(count($objects['files']), $lower+((int)$preview_num));
for ($i=$lower; $i< $higher; ++$i)
makelink('?path='.urlencode($subpath).'& file='.urlencode($objects['files'][$i]).'& view', '?path='.urlencode($subpath).'& file='.urlencode($objects['files'][$i]).'& thumb', $objects['files'][$i], 'style="width: '.round(100/($higher-$lower), 3).'%" class="thumbnail"');
}
?>
< script >
var pos = <?php echo $pos ; ?> ;
var subpath = '<?php echo $subpath ?> ';
var images = <?php echo json_encode ( $objects [ 'files' ]) ?> ;
function next() {
if (++pos>=images.length) {
pos=0;
}
loadimg();
}
function previous() {
if (pos==0) {
pos = images.length;
}
pos--;
loadimg();
}
function loadimg() {
var url = '?path='+encodeURIComponent(subpath)+'&file='+encodeURIComponent(images[pos]);
$('#pos').text(pos+1);
$('img.image').attr('src', url);
console.log('loaded image', url);
}
< / script >
<?php
}
function share() {
global $subpath, $myurl, $email, $fullname, $default_mail_text, $default_mail_subject;
pageheader('< a href = "?path='.urlencode($subpath).'" > ←< / a > ');
$key = $_REQUEST;
unset($key['password']);
unset($key['share']);
unset($key['select']);
$secret=urlencode(encrypt($key));
$default_mailto = "";
if (isset($_REQUEST['mailto'])) {
if (preg_match('/PASSWORD/', $_REQUEST['mailtext']))
$message = preg_replace('/PASSWORD/', $_REQUEST['password'], $_REQUEST['mailtext']);
else
$message = $_REQUEST['mailtext']."\n\npassword: ".$_REQUEST['password'];
$link = $myurl.'?secret='.$secret;
if (preg_match('/LINK/', $message))
$message = preg_replace('/LINK/', $link, $message);
else
$message .= "\n\n".$link;
if (mail($_REQUEST['mailto'], $_REQUEST['subject'], $message, 'From: '.$_REQUEST['replyto']."\r\n".'Reply-To: '.$_REQUEST['replyto'])) {
echo '< h2 > Mail Successfully Sent< / h2 > ';
echo '< p > Mail sent to '.$_REQUEST['mailto'].'.< / p > ';
echo '< p > You can send more mails, if you want ...< / p > ';
} else {
echo '< h2 > Send Mail < strong > Failed< / strong > < / h2 > ';
echo '< p > Try again ...< / p > ';
}
}
echo '< h2 > Share Files< / h2 > ';
echo '< p > Share files: Tell your friend the password on a separate channel and send this: < a href = "?secret='.$secret.'" > Link to Share< / a > < / p > ';
?>
< img src = " <?php echo $myurl . '?qrcode=' . $secret ; ?> " />
< p > or Send Link in E-Mail:< / p >
< form method = "POST" >
< table style = "width: 100%" > < tr >
< td >< label for = "replyto" > From:</ label ></ td >< td >< input name = "replyto" type = "text" value = " <?php echo alt ( $_REQUEST [ 'replyto' ], $email [ 0 ], $fallback_mail_replyto ); ?> " list = "emails" style = "width: 99%" />< datalist id = "emails" > <?php for ( $i = 0 ; $i < $email [ 'count' ]; ++ $i ) echo '<option value="' . $email [ $i ] . '">' ; ?> </ datalist ></ td >
< / tr > < tr >
< td >< label for = "mailto" > To:</ label ></ td >< td >< input name = "mailto" type = "text" value = " <?php echo alt ( $_REQUEST [ 'mailto' ], $default_mailto ); ?> " style = "width: 99%" /></ td >
< / tr > < tr >
< td >< label for = "subject" > Subject:</ label ></ td >< td >< input name = "subject" type = "text" value = " <?php echo alt ( $_REQUEST [ 'subject' ], $default_mail_subject ) ?> " style = "width: 99%" /></ td >
< / tr > < tr >
< td colspan = "2" >< textarea name = "mailtext" style = "width: 99%; height: 15em" > <?php echo preg_replace ( '/USERNAME/' , $fullname , alt ( $_REQUEST [ 'mailtext' ], $default_mail_text )) ?> </ textarea ></ td >
< / tr > < tr >
< td colspan = "2" > < input type = "submit" value = "send email" / > < / td >
< / tr > < / table >
<?php
foreach ($_POST as $k => $v)
switch ($k) {
case 'replyto': case 'mailto': case 'subject': case 'mailtext': break;
default:
if (is_array($v)) foreach ($v as $e) echo '< input type = "hidden" name = "'.$k.'[]" value = "'.$e.'" / > ';
else echo '< input type = "hidden" name = "'.$k.'" value = "'.$v.'" / > ';
}
?>
< / form >
<?php
if (isset($key['elements'])) foreach ($key['elements'] as $f)
makelink('?path='.urlencode($subpath).'& file='.urlencode($f).'& view',
'?path='.urlencode($subpath).'& file='.urlencode($f).'& thumb',
$f, 'class="thumbnail"');
}
function getpassword() {
?>
< h1 > Password Required< / h2 >
< p > Enter password to start download of images as a Tape-ARchive (tar) file.< / p >
< form method = "POST" >
< input type = "hidden" name = "secret" value = " <?php echo htmlentities ( $_REQUEST [ 'secret' ]) ?> " />
< input type = "password" name = "password" / >
< input type = "submit" value = "show" / >
< / form >
<?php
}
function sharedfiles() {
global $subpath;
$secret = decrypt($_REQUEST['secret']) or error_die('bad password', '403 Forbidden'); ?>
< h1 > Shared Files< / h1 >
< p > Download shared files as a < a href = "http://de.wikipedia.org/wiki/Tar" > Tape-ARchive< / a > (tar) file.< / p >
< p > < form method = "POST" >
< input type = "hidden" name = "secret" value = " <?php echo htmlentities ( $_REQUEST [ 'secret' ]) ?> " />
< input type = "hidden" name = "password" value = " <?php echo htmlentities ( $_REQUEST [ 'password' ]) ?> " />
< input type = "hidden" name = "download" / >
< input type = "submit" value = "download" / >
< / form > < / p >
<?php
foreach ($secret['elements'] as $f) {
$secret['path'] = $subpath;
$secret['file'] = $f;
$secret['valid-until'] = date('c', time()+30);
$password=str_shuffle(sha1(rand().time()."Js83aéa"));
echo '< img src = "?secret='.urlencode(encrypt($secret, $password)).'&password='.urlencode($password).'" alt = "'.htmlentities($f).'" / > ';
}
}
if (!isset($_REQUEST['secret'])) {
if ($username=="") error_die('not authorized', '403 Forbidden');
if (isset($_REQUEST['qrcode'])) {
QRcode::png($myurl.'?secret='.$_REQUEST['qrcode']);
exit;
} else {
if (isset($_REQUEST['path'])) checkPath($_REQUEST['path']);
if (isset($_REQUEST['folder']) & & !preg_match('/\//', $_REQUEST['folder'])) {
$file = $thumbpath.'/folders/'.$subpath.'/'.$_REQUEST['folder'].'.png';
$type="image/png";
if (!is_dir($thumbpath.'/folders/'.$subpath)) mkdir($thumbpath.'/folders/'.$subpath, 0777, true);
if (!is_file($file)) { // create folder image
$txt = wordwrap(preg_replace('/ +/', ' ', preg_replace('/-/', ' - ', preg_replace('/_/', " ", $_REQUEST['folder']))), 16, "\n", true);
$image = new Imagick();
$image->readImage('folder.png'); // read local template file
$draw = new ImagickDraw();
$draw->setFillColor('black');
$draw->setFont($font);
if (mb_strlen($txt)< 2 ) {
$draw->setFontSize(60);
$x = 75;
} else {
$draw->setFontSize(15);
$x = 50;
}
$image->annotateImage($draw, 10, $x, 0, $txt);
$image->writeImage($file);
}
} elseif (isset($_REQUEST['file'])) checkFile($_REQUEST['file'], isset($_REQUEST['thumb']));
if ($file!="") returnFile($file);
}
} else {
if (isset($_REQUEST['password'])) {
$secret = decrypt($_REQUEST['secret']) or error_die('bad password', '403 Forbidden');
if (!isset($secret['valid-until'])) error_die('missing validation date');
if (!isset($max_validity_days)) error_die('maximum validity days not set');
if (strtotime($secret['valid-until'])>time()+((int)$max_validity_days)*86400) error_die('validity limitation not respected');
if (strtotime($secret['valid-until'])< time ( ) ) error_die ( ' sharing request timed out ' , ' 410 Gone ' ) ;
checkPath($secret['path']);
if (isset($secret['file'])) {
checkFile($secret['file'], true);
if ($file!="") returnFile($file);
}
foreach ($secret['elements'] as $f) checkFile($f);
if (isset($_REQUEST['download'])) {
$secret = decrypt($_REQUEST['secret']) or error_die('bad password', '403 Forbidden');
if (!isset($secret['valid-until'])) error_die('missing validation date');
if (strtotime($secret['valid-until'])< time ( ) ) error_die ( ' sharing request timed out ' , ' 410 Gone ' ) ;
if (isset($secret['elements'])) {
$size = 0;
foreach ($secret['elements'] as $f) {
checkFile($f);
$size += 512 + ceil(filesize($file)/512)*512;
$files[] = $file;
}
header('Content-Description: File Transfer');
header('Content-Type: application/x-tar');
header('Content-Length: '.$size);
header('Content-Disposition: attachment; filename=shared-images.tar');
foreach($files as $f) {
print tarHeader('shared-images/'.basename($f), filesize($f));
readfile($f);
print str_repeat(chr(0), ceil(filesize($f)/512)*512-filesize($f));
}
exit;
}
}
}
}
?><!DOCTYPE html>
< html >
< header >
< meta charset = "utf-8" >
< meta name = "viewport" content = "width=device-width, initial-scale=1.0" >
< link rel = "stylesheet" href = "style.css" >
< link rel = "stylesheet" href = "jquery.mobile.css" >
< script src = "jquery.js" > < / script >
< script src = "jquery.migrate.js" > < / script >
< script src = "jquery.mobile.js" > < / script >
< script src = "gallery.js" > < / script >
< / header >
< body >
<?php
if ($username=="") {
if (isset($_REQUEST['password'])) {
sharedfiles();
} else {
getpassword();
}
} else {
?>
<?php
if (isset($_REQUEST['share'])) {
share();
} else {
if (isset($_REQUEST['view'])) { // view single image
singleimage();
} else { // gallery view
gallery();
}
}
}
?>
< / body >
< / html >