webservices
/
sharing-gallery
1
0
Fork 0
Code Issues Pull Requests Releases Activity

fixed qr code

Browse Source
master
Marc Wäckerlin 7 years ago
parent 51eec30759
commit 3b8fba5d45
4 changed files with 459 additions and 361 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 91
      ChangeLog
  2. 8
      etc/authentication.php
  3. 6
      etc/settings.php
  4. 715
      html/index.php

91
ChangeLog
Unescape View File

@ -0,0 +1,91 @@
2017-02-17 11:04
* [r13] debian/control.in:
backup
2017-01-14 10:26
* [r12] debian/control.in:
build system updated
2017-01-12 13:22
* [r11] ChangeLog, autogen.sh, ax_init_standard_project.m4,
bootstrap.sh, build-in-docker.conf, build-in-docker.sh,
debian/changelog.in, debian/control.in, resolve-debbuilddeps.sh,
resolve-rpmbuilddeps.sh:
update build system
2016-09-30 21:55
* [r10] ChangeLog[ADD], autogen.sh[ADD],
ax_cxx_compile_stdcxx_11.m4, ax_init_standard_project.m4,
bootstrap.sh, build-in-docker.conf[ADD], build-in-docker.sh,
doc/footer.html.in[ADD], doc/header.html.in[ADD],
doc/plantuml.jar[ADD], doc/style.css[ADD],
mac-create-app-bundle.sh, makefile_test.inc.am[ADD],
resolve-debbuilddeps.sh, resolve-rpmbuilddeps.sh,
sharing-gallery.desktop.in[ADD], sql-to-dot.sed:
build fixed
2016-04-04 09:47
* [r9] COPYING[DEL], ChangeLog[DEL], INSTALL[DEL]:
after migration to new svn server
2015-11-16 12:38 marc
* [r8] doc/doxyfile.in:
SVG must not be interactive for embedding in redmine
2015-11-09 22:52 marc
* [r7] COPYING[ADD], ChangeLog[ADD], INSTALL[ADD],
ax_init_standard_project.m4, bootstrap.sh,
resolve-debbuilddeps.sh, sql-to-dot.sed[ADD]:
build system updated
2015-11-07 10:47 marc
* [r6] bootstrap.sh, debian/control.in:
there is no qt4-default
2015-11-07 09:23 marc
* [r5] bootstrap.sh:
there is no qt4-default
2015-11-07 00:25 marc
* [r4] debian/control.in:
set Section
2015-11-05 12:54 marc
* [r3] bootstrap.sh, debian, debian/changelog.in[ADD],
debian/compat[ADD], debian/control.in[ADD], debian/docs[ADD],
debian/rules[ADD]:
updated build system
2015-11-05 10:23 marc
* [r2] .htaccess[DEL], AUTHORS[ADD], NEWS[ADD], README[ADD],
ax_check_qt.m4[ADD], ax_cxx_compile_stdcxx_11.m4[ADD],
ax_init_standard_project.m4[ADD], bootstrap.sh[ADD],
build-in-docker.sh[ADD], build-resource-file.sh[ADD],
configure.ac[ADD], debian[ADD], debian/changelog.in[ADD],
debian/compat[ADD], debian/control.in[ADD], debian/docs[ADD],
debian/rules[ADD], doc[ADD], doc/doxyfile.in[ADD],
doc/makefile.am[ADD], folder.png[DEL], html[ADD],
html/.htaccess[CPY], html/folder.png[CPY], html/index.php[CPY],
html/makefile.am[ADD], index.php[DEL],
mac-create-app-bundle.sh[ADD], makefile.am[ADD],
resolve-debbuilddeps.sh[ADD], resolve-rpmbuilddeps.sh[ADD],
sharing-gallery.spec.in[ADD]:
updated build system
2015-03-29 15:24 marc
* [r1] .[ADD], .htaccess[ADD], folder.png[ADD], index.php[ADD]:
initial files

8
etc/authentication.php
Unescape View File

@ -23,12 +23,11 @@ if (!isset($_SERVER['PHP_AUTH_USER'])) {
ldap_start_tls($ldapconn)
or error_die($ldapconn, "cannot start LDAP TLS");
if ($ldapbind = @ldap_bind($ldapconn, $checkuser.'='.$tstusername.','.$ldapbase, $password)) {
$search = ldap_search($ldapconn, $ldapbase, $checkuser.'='.$tstusername, array('mail\
', 'cn'));
$search = ldap_search($ldapconn, $ldapbase, $checkuser.'='.$tstusername, array('mail', 'cn'));
$data = ldap_get_entries($ldapconn, $search);
ldap_close($ldapconn);
$username = $tstusername;
$email = array('count' => 1, 0 => $username.'@'.$_SERVER[HTTP_HOST]);
$email = array('count' => 1, 0 => $username.'@'.$_SERVER['HTTP_HOST']);
$fullname = $username;
if ($data['count']==1) {
if (isset($data[0]['mail']))
@ -36,6 +35,7 @@ if (!isset($_SERVER['PHP_AUTH_USER'])) {
if (isset($data[0]['cn'][0]))
$fullname = $data[0]['cn'][0];
}
error_log(print_r($data, true));
} else {
error_log("user login failed: ".$checkuser.'='.$tstusername.','.$ldapbase);
error_log(ldap_error($ldapconn));
@ -43,4 +43,4 @@ if (!isset($_SERVER['PHP_AUTH_USER'])) {
basicAuth();
}
}
?>
?>

6
etc/settings.php
Unescape View File

@ -1,12 +1,12 @@
<?php
require_once('/usr/share/phpqrcode/qrlib.php'); // configure path to phpqrcode
require_once('/usr/share/phpqrcode/phpqrcode.php'); // configure path to phpqrcode
$imagepath = "/path/to/your/files";
$thumbpath = "/var/tmp/sharing-gallery/thumbnails/";
$max_validity_days = "30";
$font = "DejaVu-Sans";
$preview_num = "5";
$default_mail_subject = "Sharing Gallery: See my Fotos";
$default_mail_text = "Fotos from my gallery:\n\npassword = PASSWORD\n\nlink: LINK\n\nRegards\nUSERNAME";
$default_mail_text = "Fotos from my gallery, please follow the link:\n\npassword: PASSWORD\n\nlink:\nLINK\n\nRegards\nUSERNAME";
$default_mailto = "";
$fallback_mail_replyto = "";
?>
?>

715
html/index.php
Unescape View File

@ -1,229 +1,231 @@
<?php
mb_internal_encoding("utf8");
$subpath="";
$file="";
$username="";
function error_die($reason, $status='500 Internal Server Error') {
header("Expires: Tue, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header('HTTP/1.0 '.$status);
die('<html><body><h1>Error: '.$status.'</h1><p>'.$reason.'</p>');
}
require('configuration.php');
function alt(&$p1 = NULL, &$p2 = NULL, &$p3 = NULL) {
if (isset($p1)) return $p1;
if (isset($p2)) return $p2;
return $p2;
}
function computeUnsignedChecksum($bytestring) {
$unsigned_chksum = 0;
for($i=0; $i<512; $i++)
$unsigned_chksum += ord($bytestring[$i]);
for($i=0; $i<8; $i++)
$unsigned_chksum -= ord($bytestring[148 + $i]);
$unsigned_chksum += ord(" ") * 8;
return $unsigned_chksum;
}
function tarHeader($Name, $Size, $information=NULL) {
if (strlen($Name)>99) {
$ext = preg_replace('/.*\./', '', $Name);
$Name = substr($Name, 0, 98-strlen($ext)).'.'.$ext;
}
$header = str_pad($Name,100,chr(0));
$header .= str_pad("777",7,"0",STR_PAD_LEFT) . chr(0);
$header .= str_pad(decoct($information["user_id"]),7,"0",STR_PAD_LEFT) . chr(0);
$header .= str_pad(decoct($information["group_id"]),7,"0",STR_PAD_LEFT) . chr(0);
$header .= str_pad(decoct($Size),11,"0",STR_PAD_LEFT) . chr(0);
$header .= str_pad(decoct(time(0)),11,"0",STR_PAD_LEFT) . chr(0);
$header .= str_repeat(" ",8);
$header .= "0";
$header .= str_repeat(chr(0),100);
$header .= str_pad("ustar",6,chr(32));
$header .= chr(32) . chr(0);
$header .= str_pad($information["user_name"],32,chr(0));
$header .= str_pad($information["group_name"],32,chr(0));
$header .= str_repeat(chr(0),8);
$header .= str_repeat(chr(0),8);
$header .= str_repeat(chr(0),155);
$header .= str_repeat(chr(0),12);
$checksum = str_pad(decoct(computeUnsignedChecksum($header)),6,"0",STR_PAD_LEFT);
for($i=0; $i<6; $i++) {
$header[(148 + $i)] = substr($checksum,$i,1);
}
$header[154] = chr(0);
$header[155] = chr(32);
return $header;
}
function checkPath($pathToCheck) {
global $imagepath, $subpath;
$fullpath = $imagepath.'/'.$pathToCheck;
if ($fullpath==realpath($fullpath) && is_dir($fullpath)) {
$subpath=$pathToCheck;
$imagepath = $fullpath;
} else {
error_die('path not allowed: '.htmlentities($pathToCheck));
}
}
function checkFile($fileToCheck, $thumb = false) {
global $imagepath, $file, $subpath, $thumbpath, $imgfile;
if (!preg_match('/\//', $fileToCheck) && is_file($imagepath.'/'.$fileToCheck)) {
$imgfile = $fileToCheck;
} else {
error_die('file not found', '404 Not Found');
}
if ($thumb) { // image from thumbnail path
$file = $thumbpath.'/'.$subpath.'/'.$fileToCheck;
if (!is_dir($thumbpath.'/'.$subpath)) mkdir($thumbpath.'/'.$subpath, 0777, true);
if (!is_file($file)) { // create thumbnail
$image = new Imagick();
$image->readImage($imagepath.'/'.$fileToCheck);
$image->thumbnailImage(200, 200, true);
$image->writeImage($file);
}
} else {
$file = $imagepath.'/'.$fileToCheck;
}
}
function returnFile($file) {
$ext=strtolower(preg_replace('/.*\./', '', $file));
switch ($ext) {
case 'jpg': case 'jpeg': $type="image/jpeg"; break;
case 'tif': case 'tiff': $type="image/tiff"; break;
case 'gif': $type="image/gif"; break;
case 'png': $type="image/png"; break;
case 'bmp': $type="image/bmp"; break;
}
if (!is_file($file)) {
error_die('file does not exist', '404 Not Found');
}
if (!isset($_REQUEST['view'])) {
header('Content-type: '.$type);
header('Content-Length: '.filesize($file));
header('Content-Transfer-Encoding: binary');
flush();
readfile($file);
exit;
}
}
function extractDir($path) {
$res['dirs'] = array();
$res['files'] = array();
if ($d=opendir($path)) {
while (false!==($f=readdir($d)))
if (!preg_match('/^\./', $f) && is_dir($path.'/'.$f))
$res['dirs'][] = $f;
elseif (!preg_match('/^\./', $f) && is_file($path.'/'.$f))
switch (strtolower(preg_replace('/.*\./', '', $f))) {
case "jpg": case "jpeg": case "png":
$res['files'][] = $f;
}
}
closedir($d);
asort($res['dirs']);
asort($res['dirs']);
return $res;
}
/*function encrypt2($text) {
global $_REQUEST, $server_password;
return bin2hex(mcrypt_encrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB));
mb_internal_encoding("utf8");
$subpath="";
$file="";
$username="";
function error_die($reason, $status='500 Internal Server Error') {
header("Expires: Tue, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header('HTTP/1.0 '.$status);
die('<html><body><h1>Error: '.$status.'</h1><p>'.$reason.'</p>');
}
require('configuration.php');
function alt(&$p1 = NULL, &$p2 = NULL, &$p3 = NULL) {
if (isset($p1)) return $p1;
if (isset($p2)) return $p2;
return $p2;
}
function computeUnsignedChecksum($bytestring) {
$unsigned_chksum = 0;
for($i=0; $i<512; $i++)
$unsigned_chksum += ord($bytestring[$i]);
for($i=0; $i<8; $i++)
$unsigned_chksum -= ord($bytestring[148 + $i]);
$unsigned_chksum += ord(" ") * 8;
return $unsigned_chksum;
}
function tarHeader($Name, $Size, $information=NULL) {
if (strlen($Name)>99) {
$ext = preg_replace('/.*\./', '', $Name);
$Name = substr($Name, 0, 98-strlen($ext)).'.'.$ext;
}
$header = str_pad($Name,100,chr(0));
$header .= str_pad("777",7,"0",STR_PAD_LEFT) . chr(0);
$header .= str_pad(decoct($information["user_id"]),7,"0",STR_PAD_LEFT) . chr(0);
$header .= str_pad(decoct($information["group_id"]),7,"0",STR_PAD_LEFT) . chr(0);
$header .= str_pad(decoct($Size),11,"0",STR_PAD_LEFT) . chr(0);
$header .= str_pad(decoct(time(0)),11,"0",STR_PAD_LEFT) . chr(0);
$header .= str_repeat(" ",8);
$header .= "0";
$header .= str_repeat(chr(0),100);
$header .= str_pad("ustar",6,chr(32));
$header .= chr(32) . chr(0);
$header .= str_pad($information["user_name"],32,chr(0));
$header .= str_pad($information["group_name"],32,chr(0));
$header .= str_repeat(chr(0),8);
$header .= str_repeat(chr(0),8);
$header .= str_repeat(chr(0),155);
$header .= str_repeat(chr(0),12);
$checksum = str_pad(decoct(computeUnsignedChecksum($header)),6,"0",STR_PAD_LEFT);
for($i=0; $i<6; $i++) {
$header[(148 + $i)] = substr($checksum,$i,1);
}
$header[154] = chr(0);
$header[155] = chr(32);
return $header;
}
function checkPath($pathToCheck) {
global $imagepath, $subpath;
$fullpath = $imagepath.'/'.$pathToCheck;
if ($fullpath==realpath($fullpath) && is_dir($fullpath)) {
$subpath=$pathToCheck;
$imagepath = $fullpath;
} else {
error_die('path not allowed: '.htmlentities($pathToCheck));
}
}
function checkFile($fileToCheck, $thumb = false) {
global $imagepath, $file, $subpath, $thumbpath, $imgfile;
if (!preg_match('/\//', $fileToCheck) && is_file($imagepath.'/'.$fileToCheck)) {
$imgfile = $fileToCheck;
} else {
error_die('file not found', '404 Not Found');
}
if ($thumb) { // image from thumbnail path
$file = $thumbpath.'/'.$subpath.'/'.$fileToCheck;
if (!is_dir($thumbpath.'/'.$subpath)) mkdir($thumbpath.'/'.$subpath, 0777, true);
if (!is_file($file)) { // create thumbnail
$image = new Imagick();
$image->readImage($imagepath.'/'.$fileToCheck);
$image->thumbnailImage(200, 200, true);
$image->writeImage($file);
}
} else {
$file = $imagepath.'/'.$fileToCheck;
}
}
function returnFile($file) {
$ext=strtolower(preg_replace('/.*\./', '', $file));
switch ($ext) {
case 'jpg': case 'jpeg': $type="image/jpeg"; break;
case 'tif': case 'tiff': $type="image/tiff"; break;
case 'gif': $type="image/gif"; break;
case 'png': $type="image/png"; break;
case 'bmp': $type="image/bmp"; break;
}
if (!is_file($file)) {
error_die('file does not exist', '404 Not Found');
}
if (!isset($_REQUEST['view'])) {
header('Content-type: '.$type);
header('Content-Length: '.filesize($file));
header('Content-Transfer-Encoding: binary');
flush();
readfile($file);
exit;
}
}
function extractDir($path) {
$res['dirs'] = array();
$res['files'] = array();
if ($d=opendir($path)) {
while (false!==($f=readdir($d)))
if (!preg_match('/^\./', $f) && is_dir($path.'/'.$f))
$res['dirs'][] = $f;
elseif (!preg_match('/^\./', $f) && is_file($path.'/'.$f))
switch (strtolower(preg_replace('/.*\./', '', $f))) {
case "jpg": case "jpeg": case "png":
$res['files'][] = $f;
}
}
closedir($d);
asort($res['dirs']);
asort($res['dirs']);
return $res;
}
/*function encrypt2($text) {
global $_REQUEST, $server_password;
return bin2hex(mcrypt_encrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB));
}
function decrypt2($text) {
global $_REQUEST, $server_password;
return unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB)));
global $_REQUEST, $server_password;
return unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB)));
}*/
function encrypt($text, $password = NULL) {
global $_REQUEST, $server_password;
if (!$password) $password = $_REQUEST['password'];
return base64_encode(mcrypt_encrypt(MCRYPT_BLOWFISH, $password+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB));
}
function decrypt($text) {
global $_REQUEST, $server_password;
$res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, base64_decode($text), MCRYPT_MODE_ECB)));
if (!$res) $res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB)));
return $res;
}
function makelink($link, $img, $filename, $style="") {
echo '<a href="'.$link.'"><img src="'.$img.'" alt="'.htmlentities($filename).'" '.$style.'/></a>';
}
function linkorselect($link, $img, $filename) {
if (isset($_REQUEST['select'])) {
echo '<input type="checkbox" id="'.htmlentities($filename).'" name="elements[]" value="'.htmlentities($filename).'" />';
echo '<label for="'.htmlentities($filename).'"><img src="'.$img.'" alt="'.htmlentities($filename).'"/></label>';
} else {
makelink($link, $img, $filename);
}
}
if (!isset($_REQUEST['secret'])) {
if ($username=="") error_die('not authorized', '403 Forbidden');
if (isset($_REQUEST['path'])) checkPath($_REQUEST['path']);
if (isset($_REQUEST['folder']) && !preg_match('/\//', $_REQUEST['folder'])) {
$file = $thumbpath.'/folders/'.$subpath.'/'.$_REQUEST['folder'].'.png';
$type="image/png";
if (!is_dir($thumbpath.'/folders/'.$subpath)) mkdir($thumbpath.'/folders/'.$subpath, 0777, true);
if (!is_file($file)) { // create folder image
$txt = wordwrap(preg_replace('/ +/', ' ', preg_replace('/-/', ' - ', preg_replace('/_/', " ", $_REQUEST['folder']))), 16, "\n", true);
$image = new Imagick();
$image->readImage('folder.png'); // read local template file
$draw = new ImagickDraw();
$draw->setFillColor('black');
$draw->setFont($font);
if (mb_strlen($txt)<2) {
$draw->setFontSize(60);
$x = 75;
} else {
$draw->setFontSize(15);
$x = 50;
}
$image->annotateImage($draw, 10, $x, 0, $txt);
$image->writeImage($file);
}
} elseif (isset($_REQUEST['file'])) checkFile($_REQUEST['file'], isset($_REQUEST['thumb']));
if ($file!="") returnFile($file);
} else {
if (isset($_REQUEST['password'])) {
$secret = decrypt($_REQUEST['secret']) or error_die('bad password', '403 Forbidden');
if (!isset($secret['valid-until'])) error_die('missing validation date');
if (!isset($max_validity_days)) error_die('maximum validity days not set');
if (strtotime($secret['valid-until'])>time()+((int)$max_validity_days)*86400) error_die('validity limitation not respected');
if (strtotime($secret['valid-until'])<time()) error_die('sharing request timed out', '410 Gone');
checkPath($secret['path']);
if (isset($secret['file'])) {
checkFile($secret['file'], true);
if ($file!="") returnFile($file);
}
foreach ($secret['elements'] as $f) checkFile($f);
if (isset($_REQUEST['download'])) {
$secret = decrypt($_REQUEST['secret']) or error_die('bad password', '403 Forbidden');
if (!isset($secret['valid-until'])) error_die('missing validation date');
if (strtotime($secret['valid-until'])<time()) error_die('sharing request timed out', '410 Gone');
if (isset($secret['elements'])) {
$size = 0;
foreach ($secret['elements'] as $f) {
checkFile($f);
$size += 512 + ceil(filesize($file)/512)*512;
$files[] = $file;
}
header('Content-Description: File Transfer');
header('Content-Type: application/x-tar');
header('Content-Length: '.$size);
header('Content-Disposition: attachment; filename=shared-images.tar');
foreach($files as $f) {
print tarHeader('shared-images/'.basename($f), filesize($f));
readfile($f);
print str_repeat(chr(0), ceil(filesize($f)/512)*512-filesize($f));
}
exit;
}
}
} elseif (isset($_REQUEST['qrcode'])) {
QRcode::png((isset($_SERVER['HTTPS']) ? 'https' : 'http')
.'://'.$_SERVER[HTTP_HOST].$_SERVER[REQUEST_URI].'?secret='.$_REQUEST['secret']);
exit;
}
}
function encrypt($text, $password = NULL) {
global $_REQUEST, $server_password;
if (!$password) $password = $_REQUEST['password'];
return base64_encode(mcrypt_encrypt(MCRYPT_BLOWFISH, $password+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB));
}
function decrypt($text) {
global $_REQUEST, $server_password;
$res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, base64_decode($text), MCRYPT_MODE_ECB)));
if (!$res) $res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB)));
return $res;
}
function makelink($link, $img, $filename, $style="") {
echo '<a href="'.$link.'"><img src="'.$img.'" alt="'.htmlentities($filename).'" '.$style.'/></a>';
}
function linkorselect($link, $img, $filename) {
if (isset($_REQUEST['select'])) {
echo '<input type="checkbox" id="'.htmlentities($filename).'" name="elements[]" value="'.htmlentities($filename).'" />';
echo '<label for="'.htmlentities($filename).'"><img src="'.$img.'" alt="'.htmlentities($filename).'"/></label>';
} else {
makelink($link, $img, $filename);
}
}
if (!isset($_REQUEST['secret'])) {
if ($username=="") error_die('not authorized', '403 Forbidden');
if (isset($_REQUEST['qrcode'])) {
QRcode::png((isset($_SERVER['HTTPS']) ? 'https' : 'http')
.'://'.$_SERVER['HTTP_HOST'].explode('?', $_SERVER['REQUEST_URI'])[0].'?secret='.$_REQUEST['qrcode']);
exit;
} else {
if (isset($_REQUEST['path'])) checkPath($_REQUEST['path']);
if (isset($_REQUEST['folder']) && !preg_match('/\//', $_REQUEST['folder'])) {
$file = $thumbpath.'/folders/'.$subpath.'/'.$_REQUEST['folder'].'.png';
$type="image/png";
if (!is_dir($thumbpath.'/folders/'.$subpath)) mkdir($thumbpath.'/folders/'.$subpath, 0777, true);
if (!is_file($file)) { // create folder image
$txt = wordwrap(preg_replace('/ +/', ' ', preg_replace('/-/', ' - ', preg_replace('/_/', " ", $_REQUEST['folder']))), 16, "\n", true);
$image = new Imagick();
$image->readImage('folder.png'); // read local template file
$draw = new ImagickDraw();
$draw->setFillColor('black');
$draw->setFont($font);
if (mb_strlen($txt)<2) {
$draw->setFontSize(60);
$x = 75;
} else {
$draw->setFontSize(15);
$x = 50;
}
$image->annotateImage($draw, 10, $x, 0, $txt);
$image->writeImage($file);
}
} elseif (isset($_REQUEST['file'])) checkFile($_REQUEST['file'], isset($_REQUEST['thumb']));
if ($file!="") returnFile($file);
}
} else {
if (isset($_REQUEST['password'])) {
$secret = decrypt($_REQUEST['secret']) or error_die('bad password', '403 Forbidden');
if (!isset($secret['valid-until'])) error_die('missing validation date');
if (!isset($max_validity_days)) error_die('maximum validity days not set');
if (strtotime($secret['valid-until'])>time()+((int)$max_validity_days)*86400) error_die('validity limitation not respected');
if (strtotime($secret['valid-until'])<time()) error_die('sharing request timed out', '410 Gone');
checkPath($secret['path']);
if (isset($secret['file'])) {
checkFile($secret['file'], true);
if ($file!="") returnFile($file);
}
foreach ($secret['elements'] as $f) checkFile($f);
if (isset($_REQUEST['download'])) {
$secret = decrypt($_REQUEST['secret']) or error_die('bad password', '403 Forbidden');
if (!isset($secret['valid-until'])) error_die('missing validation date');
if (strtotime($secret['valid-until'])<time()) error_die('sharing request timed out', '410 Gone');
if (isset($secret['elements'])) {
$size = 0;
foreach ($secret['elements'] as $f) {
checkFile($f);
$size += 512 + ceil(filesize($file)/512)*512;
$files[] = $file;
}
header('Content-Description: File Transfer');
header('Content-Type: application/x-tar');
header('Content-Length: '.$size);
header('Content-Disposition: attachment; filename=shared-images.tar');
foreach($files as $f) {
print tarHeader('shared-images/'.basename($f), filesize($f));
readfile($f);
print str_repeat(chr(0), ceil(filesize($f)/512)*512-filesize($f));
}
exit;
}
}
}
}
?><!DOCTYPE html>
<html>
<header>
@ -231,140 +233,145 @@
</header>
<body>
<?php
if ($username=="") {
if (isset($_REQUEST['password'])) {
?>
<h1>Shared Files</h1>
<p>Download shared files as a <a href="http://de.wikipedia.org/wiki/Tar">Tape-ARchive</a> (tar) file.</p>
<p><form method="POST">
<input type="hidden" name="secret" value="<?php echo htmlentities($_REQUEST['secret']) ?>"/>
<input type="hidden" name="password" value="<?php echo htmlentities($_REQUEST['password']) ?>"/>
<input type="hidden" name="download"/>
<input type="submit" value="download"/>
</form></p>
<?php
foreach ($secret['elements'] as $f) {
$secret['path'] = $subpath;
$secret['file'] = $f;
$secret['valid-until'] = date('c', time()+30);
$password=str_shuffle(sha1(rand().time()."Js83aéa"));
echo '<img src="?secret='.urlencode(encrypt($secret, $password)).'&password='.urlencode($password).'" alt="'.htmlentities($f).'"/>';
}
} else {
?>
<h1>Password Required</h2>
<p>Enter password to start download of images as a Tape-ARchive (tar) file.</p>
<form method="POST">
<input type="hidden" name="secret" value="<?php echo htmlentities($_REQUEST['secret']) ?>"/>
<input type="password" name="password"/>
<input type="submit" value="show"/>
</form>
<?php
if ($username=="") {
if (isset($_REQUEST['password'])) {
?>
<h1>Shared Files</h1>
<p>Download shared files as a <a href="http://de.wikipedia.org/wiki/Tar">Tape-ARchive</a> (tar) file.</p>
<p><form method="POST">
<input type="hidden" name="secret" value="<?php echo htmlentities($_REQUEST['secret']) ?>"/>
<input type="hidden" name="password" value="<?php echo htmlentities($_REQUEST['password']) ?>"/>
<input type="hidden" name="download"/>
<input type="submit" value="download"/>
</form></p>
<?php
foreach ($secret['elements'] as $f) {
$secret['path'] = $subpath;
$secret['file'] = $f;
$secret['valid-until'] = date('c', time()+30);
$password=str_shuffle(sha1(rand().time()."Js83aéa"));
echo '<img src="?secret='.urlencode(encrypt($secret, $password)).'&password='.urlencode($password).'" alt="'.htmlentities($f).'"/>';
}
} else {
?>
<h1>Gallery: <?php echo htmlentities($username).' @ '.htmlentities($subpath) ?></h1>
<?php
if (isset($_REQUEST['share'])) {
echo '<a href="?path='.urlencode($subpath).'"><img src="?folder=←" alt="←"/></a><br/>';
$key = $_REQUEST;
unset($key['password']);
unset($key['share']);
unset($key['select']);
$secret=urlencode(encrypt($key));
$default_mailto = "";
if (isset($_REQUEST['mailto'])) {
$message = preg_replace('/PASSWORD/', $_REQUEST['password'], $_REQUEST['mailtext']);
$link = (isset($_SERVER['HTTPS'])?'https://':'http://').$_SERVER['HTTP_HOST'].explode('?', $_SERVER['REQUEST_URI'])[0].'?secret='.$secret;
if (preg_match('/LINK/', $message)) $message = preg_replace('/LINK/', $link, $message);
else $message .= "\n\n".$link;
if (mail($_REQUEST['mailto'], $_REQUEST['subject'], $message, 'From: '.$_REQUEST['replyto']."\r\n".'Reply-To: '.$_REQUEST['replyto'])) {
echo '<h2>Mail Successfully Sent</h2>';
echo '<p>Mail sent to '.$_REQUEST['mailto'].'.</p>';
echo '<p>You can send more mails, if you want ...</p>';
} else {
echo '<h2>Send Mail <strong>Failed</strong></h2>';
echo '<p>Try again ...</p>';
}
}
echo '<h2>Share Files</h2>';
echo '<p>Share files: Tell your friend the password on a separate channel and send this: <a href="?secret
='.$secret.'">Link to Share</a></p>';
?>
<img src="<?php echo (isset($_SERVER['HTTPS']) ? 'https' : 'http')
.'://'.$_SERVER[HTTP_HOST].$_SERVER[REQUEST_URI].'?secret='.$secret.'&qrcode=1'; ?>" />
<p>or Send Link in E-Mail:</p>
<form method="POST">
<table style="width: 100%"><tr>
<td><label for="replyto">From:</label></td><td><input name="replyto" type="text" value="<?php echo alt($_REQUEST['replyto'], $email, $fallback_mail_replyto) ?>" style="width: 99%"/></td>
</tr><tr>
<td><label for="mailto">To:</label></td><td><input name="mailto" type="text" value="<?php echo alt($_REQUEST['mailto'], $default_mailto) ?>" style="width: 99%"/></td>
</tr><tr>
<td><label for="subject">Subject:</label></td><td><input name="subject" type="text" value="<?php echo alt($_REQUEST['subject'], $default_mail_subject) ?>" style="width: 99%"/></td>
</tr><tr>
<td colspan="2"><textarea name="mailtext" style="width: 99%; height: 15em"><?php echo alt($_REQUEST['mailtext'], $default_mail_text) ?></textarea></td>
</tr><tr>
<td colspan="2"><input type="submit" value="send email"/></td>
</tr></table>
<?php
foreach ($_POST as $k => $v)
switch ($k) {
case 'replyto': case 'mailto': case 'subject': case 'mailtext': break;
default:
if (is_array($v)) foreach ($v as $e) echo '<input type="hidden" name="'.$k.'[]" value="'.$e.'"/>';
else echo '<input type="hidden" name="'.$k.'" value="'.$v.'"/>';
}
?>
</form>
<?php
foreach ($key['elements'] as $f)
makelink('?path='.urlencode($subpath).'&file='.urlencode($f).'&view', '?path='.urlencode($subpath).'&file='.urlencode($f).'&thumb', $f);
} else {
if (isset($_REQUEST['view'])) { // view single image
$objects = extractDir($imagepath);
$pos = array_search($imgfile, $objects['files']);
if ($pos>0)
echo '<a href="?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos-1]).'&view"><img src="?folder=←" alt="previous"/></a>';
echo '<a href="?path='.urlencode($subpath).'"><img src="?folder=↑" alt="↑"/></a>';
if ($pos<count($objects['files'])-1)
echo '<a href="?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos+1]).'&view"><img src="?folder=→" alt="next"/></a>';
echo '<div class="image"><img style="width: 100%" src="?path='.urlencode($subpath).'&file='.urlencode($imgfile).'" alt="'.urlencode($imgfile).'"/></div>';
if ($pos!==NULL) {
$lower = max(0, $pos-floor(((int)$preview_num)/2));
$higher = min(count($objects['files']), $lower+((int)$preview_num));
for ($i=$lower; $i<$higher; ++$i)
makelink('?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&view', '?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&thumb', $objects['files'][$i], 'style="width: '.round(100/($higher-$lower), 3).'%"');
}
} else { // gallery view
if (isset($_REQUEST['select'])) {
echo '<a href="?path='.urlencode($subpath).'">Normal-Modus</a>';
echo '<form method="POST">';
echo '<input type="hidden" name="path" value="'.htmlentities($subpath).'">';
echo '<label for="password">Passwort:</label>';
echo '<input type="text" size="5" name="password" value="'.substr(str_shuffle(strtolower(sha1(rand().time()."SeAG6"))),0,4).'">';
echo '<label for="valid-until">Gültig bis:</label>';
echo '<input type="date" size="10" name="valid-until" max="'.date('Y-m-d', time()+((int)$max_validity_days)*86400).'" value="'.date('Y-m-d', time()+14*86400).'"/>';
echo '<input type="submit" name="share" value="Teilen"/>';
} else {
echo '<a href="?path='.urlencode($subpath).'&select">Auswahl-Modus</a>';
}
echo '<div class="dirs">';
if (preg_match('/\//', $subpath)) {
echo '<a href="?path='.urlencode(preg_replace('/\/[^\/]+$/', '', $subpath)).'"><img src="?folder=↑" alt="↑"/></a>';
} elseif ($subpath!="") {
echo '<a href="?"><img src="?folder=↑" alt="↑"/></a>';
}
$objects = extractDir($imagepath);
foreach ($objects['dirs'] as $f)
makelink('?path='.urlencode($subpath.($subpath!=""?'/':'').$f), '?path='.urlencode($subpath).'&folder='.urlencode($f), $f);
echo '</div><div class="images">';
foreach ($objects['files'] as $f)
linkorselect('?path='.urlencode($subpath).'&file='.urlencode($f).'&view', '?path='.urlencode($subpath).'&file='.urlencode($f).'&thumb', $f);
echo '</div>';
if (isset($_REQUEST['select'])) echo '</form>';
}
}
?>
<h1>Password Required</h2>
<p>Enter password to start download of images as a Tape-ARchive (tar) file.</p>
<form method="POST">
<input type="hidden" name="secret" value="<?php echo htmlentities($_REQUEST['secret']) ?>"/>
<input type="password" name="password"/>
<input type="submit" value="show"/>
</form>
<?php
}
?>
} else {
?>
<h1>Gallery: <?php echo htmlentities($username).' @ '.htmlentities($subpath) ?></h1>
<?php
if (isset($_REQUEST['share'])) {
echo '<a href="?path='.urlencode($subpath).'"><img src="?folder=←" alt="←"/></a><br/>';
$key = $_REQUEST;
unset($key['password']);
unset($key['share']);
unset($key['select']);
$secret=urlencode(encrypt($key));
$default_mailto = "";
if (isset($_REQUEST['mailto'])) {
if (preg_match('/LINK/', $message))
$message = preg_replace('/PASSWORD/', $_REQUEST['password'], $_REQUEST['mailtext']);
else
$message = $_REQUEST['mailtext']."\n\npassword: ".$REQUEST['password'];
$link = (isset($_SERVER['HTTPS'])?'https://':'http://').$_SERVER['HTTP_HOST'].explode('?', $_SERVER['REQUEST_URI'])[0].'?secret='.$secret;
if (preg_match('/LINK/', $message))
$message = preg_replace('/LINK/', $link, $message);
else
$message .= "\n\n".$link;
if (mail($_REQUEST['mailto'], $_REQUEST['subject'], $message, 'From: '.$_REQUEST['replyto']."\r\n".'Reply-To: '.$_REQUEST['replyto'])) {
echo '<h2>Mail Successfully Sent</h2>';
echo '<p>Mail sent to '.$_REQUEST['mailto'].'.</p>';
echo '<p>You can send more mails, if you want ...</p>';
} else {
echo '<h2>Send Mail <strong>Failed</strong></h2>';
echo '<p>Try again ...</p>';
}
}
echo '<h2>Share Files</h2>';
echo '<p>Share files: Tell your friend the password on a separate channel and send this: <a href="?secret
='.$secret.'">Link to Share</a></p>';
?>
<img src="<?php echo (isset($_SERVER['HTTPS']) ? 'https' : 'http')
.'://'.$_SERVER['HTTP_HOST'].explode('?', $_SERVER['REQUEST_URI'])[0].'?qrcode='.$secret; ?>" />
<p>or Send Link in E-Mail:</p>
<form method="POST">
<table style="width: 100%"><tr>
<td><label for="replyto">From:</label></td><td><input name="replyto" type="text" value="<?php echo alt($_REQUEST['replyto'], $email[0], $fallback_mail_replyto); ?>" list="emails" style="width: 99%"/><datalist id="emails"><?php for ($i=0; $i<$email['count']; ++$i) echo '<option value="'.$email[$i].'">'; ?></datalist></td>
</tr><tr>
<td><label for="mailto">To:</label></td><td><input name="mailto" type="text" value="<?php echo alt($_REQUEST['mailto'], $default_mailto); ?>" style="width: 99%"/></td>
</tr><tr>
<td><label for="subject">Subject:</label></td><td><input name="subject" type="text" value="<?php echo alt($_REQUEST['subject'], $default_mail_subject) ?>" style="width: 99%"/></td>
</tr><tr>
<td colspan="2"><textarea name="mailtext" style="width: 99%; height: 15em"><?php echo preg_replace('/USERNAME/', $fullname, alt($_REQUEST['mailtext'], $default_mail_text)) ?></textarea></td>
</tr><tr>
<td colspan="2"><input type="submit" value="send email"/></td>
</tr></table>
<?php
foreach ($_POST as $k => $v)
switch ($k) {
case 'replyto': case 'mailto': case 'subject': case 'mailtext': break;
default:
if (is_array($v)) foreach ($v as $e) echo '<input type="hidden" name="'.$k.'[]" value="'.$e.'"/>';
else echo '<input type="hidden" name="'.$k.'" value="'.$v.'"/>';
}
?>
</form>
<?php
foreach ($key['elements'] as $f)
makelink('?path='.urlencode($subpath).'&file='.urlencode($f).'&view', '?path='.urlencode($subpath).'&file='.urlencode($f).'&thumb', $f);
} else {
if (isset($_REQUEST['view'])) { // view single image
$objects = extractDir($imagepath);
$pos = array_search($imgfile, $objects['files']);
if ($pos>0)
echo '<a href="?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos-1]).'&view"><img src="?folder=←" alt="previous"/></a>';
echo '<a href="?path='.urlencode($subpath).'"><img src="?folder=↑" alt="↑"/></a>';
if ($pos<count($objects['files'])-1)
echo '<a href="?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos+1]).'&view"><img src="?folder=→" alt="next"/></a>';
echo '<div class="image"><img style="width: 100%" src="?path='.urlencode($subpath).'&file='.urlencode($imgfile).'" alt="'.urlencode($imgfile).'"/></div>';
if ($pos!==NULL) {
$lower = max(0, $pos-floor(((int)$preview_num)/2));
$higher = min(count($objects['files']), $lower+((int)$preview_num));
for ($i=$lower; $i<$higher; ++$i)
makelink('?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&view', '?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&thumb', $objects['files'][$i], 'style="width: '.round(100/($higher-$lower), 3).'%"');
}
} else { // gallery view
if (isset($_REQUEST['select'])) {
echo '<a href="?path='.urlencode($subpath).'">Normal-Modus</a>';
echo '<form method="POST">';
echo '<input type="hidden" name="path" value="'.htmlentities($subpath).'">';
echo '<label for="password">Passwort:</label>';
echo '<input type="text" size="5" name="password" value="'.substr(str_shuffle(strtolower(sha1(rand().time()."SeAG6"))),0,4).'">';
echo '<label for="valid-until">Gültig bis:</label>';
echo '<input type="date" size="10" name="valid-until" max="'.date('Y-m-d', time()+((int)$max_validity_days)*86400).'" value="'.date('Y-m-d', time()+14*86400).'"/>';
echo '<input type="submit" name="share" value="Teilen"/>';
} else {
echo '<a href="?path='.urlencode($subpath).'&select">Auswahl-Modus</a>';
}
echo '<div class="dirs">';
if (preg_match('/\//', $subpath)) {
echo '<a href="?path='.urlencode(preg_replace('/\/[^\/]+$/', '', $subpath)).'"><img src="?folder=↑" alt="↑"/></a>';
} elseif ($subpath!="") {
echo '<a href="?"><img src="?folder=↑" alt="↑"/></a>';
}
$objects = extractDir($imagepath);
foreach ($objects['dirs'] as $f)
makelink('?path='.urlencode($subpath.($subpath!=""?'/':'').$f), '?path='.urlencode($subpath).'&folder='.urlencode($f), $f);
echo '</div><div class="images">';
foreach ($objects['files'] as $f)
linkorselect('?path='.urlencode($subpath).'&file='.urlencode($f).'&view', '?path='.urlencode($subpath).'&file='.urlencode($f).'&thumb', $f);
echo '</div>';
if (isset($_REQUEST['select'])) echo '</form>';
}
}
}
?>
</body>
</html>

Write Preview
Loading…
Cancel
Save