From 3b8fba5d45ccdb01784f117f91e38b6c97b85cf3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc=20W=C3=A4ckerlin?= <marc@mrw.sh>
Date: Wed, 1 Mar 2017 14:36:08 +0000
Subject: [PATCH] fixed qr code

---
 ChangeLog              |  91 ++++++
 etc/authentication.php |   8 +-
 etc/settings.php       |   6 +-
 html/index.php         | 715 +++++++++++++++++++++--------------------
 4 files changed, 459 insertions(+), 361 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index e69de29..bcf4889 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -0,0 +1,91 @@
+2017-02-17 11:04  
+
+	* [r13] debian/control.in:
+	  backup
+
+2017-01-14 10:26  
+
+	* [r12] debian/control.in:
+	  build system updated
+
+2017-01-12 13:22  
+
+	* [r11] ChangeLog, autogen.sh, ax_init_standard_project.m4,
+	  bootstrap.sh, build-in-docker.conf, build-in-docker.sh,
+	  debian/changelog.in, debian/control.in, resolve-debbuilddeps.sh,
+	  resolve-rpmbuilddeps.sh:
+	  update build system
+
+2016-09-30 21:55  
+
+	* [r10] ChangeLog[ADD], autogen.sh[ADD],
+	  ax_cxx_compile_stdcxx_11.m4, ax_init_standard_project.m4,
+	  bootstrap.sh, build-in-docker.conf[ADD], build-in-docker.sh,
+	  doc/footer.html.in[ADD], doc/header.html.in[ADD],
+	  doc/plantuml.jar[ADD], doc/style.css[ADD],
+	  mac-create-app-bundle.sh, makefile_test.inc.am[ADD],
+	  resolve-debbuilddeps.sh, resolve-rpmbuilddeps.sh,
+	  sharing-gallery.desktop.in[ADD], sql-to-dot.sed:
+	  build fixed
+
+2016-04-04 09:47  
+
+	* [r9] COPYING[DEL], ChangeLog[DEL], INSTALL[DEL]:
+	  after migration to new svn server
+
+2015-11-16 12:38  marc
+
+	* [r8] doc/doxyfile.in:
+	  SVG must not be interactive for embedding in redmine
+
+2015-11-09 22:52  marc
+
+	* [r7] COPYING[ADD], ChangeLog[ADD], INSTALL[ADD],
+	  ax_init_standard_project.m4, bootstrap.sh,
+	  resolve-debbuilddeps.sh, sql-to-dot.sed[ADD]:
+	  build system updated
+
+2015-11-07 10:47  marc
+
+	* [r6] bootstrap.sh, debian/control.in:
+	  there is no qt4-default
+
+2015-11-07 09:23  marc
+
+	* [r5] bootstrap.sh:
+	  there is no qt4-default
+
+2015-11-07 00:25  marc
+
+	* [r4] debian/control.in:
+	  set Section
+
+2015-11-05 12:54  marc
+
+	* [r3] bootstrap.sh, debian, debian/changelog.in[ADD],
+	  debian/compat[ADD], debian/control.in[ADD], debian/docs[ADD],
+	  debian/rules[ADD]:
+	  updated build system
+
+2015-11-05 10:23  marc
+
+	* [r2] .htaccess[DEL], AUTHORS[ADD], NEWS[ADD], README[ADD],
+	  ax_check_qt.m4[ADD], ax_cxx_compile_stdcxx_11.m4[ADD],
+	  ax_init_standard_project.m4[ADD], bootstrap.sh[ADD],
+	  build-in-docker.sh[ADD], build-resource-file.sh[ADD],
+	  configure.ac[ADD], debian[ADD], debian/changelog.in[ADD],
+	  debian/compat[ADD], debian/control.in[ADD], debian/docs[ADD],
+	  debian/rules[ADD], doc[ADD], doc/doxyfile.in[ADD],
+	  doc/makefile.am[ADD], folder.png[DEL], html[ADD],
+	  html/.htaccess[CPY], html/folder.png[CPY], html/index.php[CPY],
+	  html/makefile.am[ADD], index.php[DEL],
+	  mac-create-app-bundle.sh[ADD], makefile.am[ADD],
+	  resolve-debbuilddeps.sh[ADD], resolve-rpmbuilddeps.sh[ADD],
+	  sharing-gallery.spec.in[ADD]:
+	  updated build system
+
+2015-03-29 15:24  marc
+
+	* [r1] .[ADD], .htaccess[ADD], folder.png[ADD], index.php[ADD]:
+	  initial files
+
diff --git a/etc/authentication.php b/etc/authentication.php
index f6ce2cc..fe4a7d5 100644
--- a/etc/authentication.php
+++ b/etc/authentication.php
@@ -23,12 +23,11 @@ if (!isset($_SERVER['PHP_AUTH_USER'])) {
         ldap_start_tls($ldapconn)
             or error_die($ldapconn, "cannot start LDAP TLS");
     if ($ldapbind = @ldap_bind($ldapconn, $checkuser.'='.$tstusername.','.$ldapbase, $password)) {
-        $search = ldap_search($ldapconn, $ldapbase, $checkuser.'='.$tstusername, array('mail\
-', 'cn'));
+        $search = ldap_search($ldapconn, $ldapbase, $checkuser.'='.$tstusername, array('mail', 'cn'));
         $data = ldap_get_entries($ldapconn, $search);
         ldap_close($ldapconn);
         $username = $tstusername;
-        $email = array('count' => 1, 0 => $username.'@'.$_SERVER[HTTP_HOST]);
+        $email = array('count' => 1, 0 => $username.'@'.$_SERVER['HTTP_HOST']);
         $fullname = $username;
         if ($data['count']==1) {
             if (isset($data[0]['mail']))
@@ -36,6 +35,7 @@ if (!isset($_SERVER['PHP_AUTH_USER'])) {
             if (isset($data[0]['cn'][0]))
                 $fullname = $data[0]['cn'][0];
         }
+      error_log(print_r($data, true));
     } else {
         error_log("user login failed: ".$checkuser.'='.$tstusername.','.$ldapbase);
         error_log(ldap_error($ldapconn));
@@ -43,4 +43,4 @@ if (!isset($_SERVER['PHP_AUTH_USER'])) {
         basicAuth();
     }
 }
-?>
\ No newline at end of file
+?>
diff --git a/etc/settings.php b/etc/settings.php
index 82dc755..de34274 100644
--- a/etc/settings.php
+++ b/etc/settings.php
@@ -1,12 +1,12 @@
 <?php
-require_once('/usr/share/phpqrcode/qrlib.php'); // configure path to phpqrcode
+require_once('/usr/share/phpqrcode/phpqrcode.php'); // configure path to phpqrcode
 $imagepath = "/path/to/your/files";
 $thumbpath = "/var/tmp/sharing-gallery/thumbnails/";
 $max_validity_days = "30";
 $font = "DejaVu-Sans";
 $preview_num = "5";
 $default_mail_subject = "Sharing Gallery: See my Fotos";
-$default_mail_text = "Fotos from my gallery:\n\npassword = PASSWORD\n\nlink: LINK\n\nRegards\nUSERNAME";
+$default_mail_text = "Fotos from my gallery, please follow the link:\n\npassword: PASSWORD\n\nlink:\nLINK\n\nRegards\nUSERNAME";
 $default_mailto = "";
 $fallback_mail_replyto = "";
-?>
\ No newline at end of file
+?>
diff --git a/html/index.php b/html/index.php
index e88f8a9..a6570fe 100644
--- a/html/index.php
+++ b/html/index.php
@@ -1,229 +1,231 @@
 <?php
-   mb_internal_encoding("utf8");
-   $subpath="";
-   $file="";
-   $username="";
-   function error_die($reason, $status='500 Internal Server Error') {
-     header("Expires: Tue, 01 Jan 2000 00:00:00 GMT");
-     header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
-     header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
-     header("Cache-Control: post-check=0, pre-check=0", false);
-     header("Pragma: no-cache");
-     header('HTTP/1.0 '.$status);
-     die('<html><body><h1>Error: '.$status.'</h1><p>'.$reason.'</p>');
-   }
-   require('configuration.php');
-   function alt(&$p1 = NULL, &$p2 = NULL, &$p3 = NULL) {
-     if (isset($p1)) return $p1;
-     if (isset($p2)) return $p2;
-     return $p2;
-   }
-   function computeUnsignedChecksum($bytestring) {
-     $unsigned_chksum = 0;
-     for($i=0; $i<512; $i++)
-       $unsigned_chksum += ord($bytestring[$i]);
-     for($i=0; $i<8; $i++)
-       $unsigned_chksum -= ord($bytestring[148 + $i]);
-     $unsigned_chksum += ord(" ") * 8;
-     return $unsigned_chksum;
-   }
-   function tarHeader($Name, $Size, $information=NULL) {
-     if (strlen($Name)>99) {
-       $ext = preg_replace('/.*\./', '', $Name);
-       $Name = substr($Name, 0, 98-strlen($ext)).'.'.$ext;
-     }
-     $header = str_pad($Name,100,chr(0));
-     $header .= str_pad("777",7,"0",STR_PAD_LEFT) . chr(0);
-     $header .= str_pad(decoct($information["user_id"]),7,"0",STR_PAD_LEFT) . chr(0);
-     $header .= str_pad(decoct($information["group_id"]),7,"0",STR_PAD_LEFT) . chr(0);
-     $header .= str_pad(decoct($Size),11,"0",STR_PAD_LEFT) . chr(0);
-     $header .= str_pad(decoct(time(0)),11,"0",STR_PAD_LEFT) . chr(0);
-     $header .= str_repeat(" ",8);
-     $header .= "0";
-     $header .= str_repeat(chr(0),100);
-     $header .= str_pad("ustar",6,chr(32));
-     $header .= chr(32) . chr(0);
-     $header .= str_pad($information["user_name"],32,chr(0));
-     $header .= str_pad($information["group_name"],32,chr(0));
-     $header .= str_repeat(chr(0),8);
-     $header .= str_repeat(chr(0),8);
-     $header .= str_repeat(chr(0),155);
-     $header .= str_repeat(chr(0),12);
-     $checksum = str_pad(decoct(computeUnsignedChecksum($header)),6,"0",STR_PAD_LEFT);
-     for($i=0; $i<6; $i++) {
-       $header[(148 + $i)] = substr($checksum,$i,1);
-     }
-     $header[154] = chr(0);
-     $header[155] = chr(32);
-     return $header;
-   }
-   function checkPath($pathToCheck) {
-     global $imagepath, $subpath;
-     $fullpath = $imagepath.'/'.$pathToCheck;
-     if ($fullpath==realpath($fullpath) && is_dir($fullpath)) {
-       $subpath=$pathToCheck;
-       $imagepath = $fullpath;
-     } else {
-      error_die('path not allowed: '.htmlentities($pathToCheck));
-     }
-   }
-   function checkFile($fileToCheck, $thumb = false) {
-     global $imagepath, $file, $subpath, $thumbpath, $imgfile;
-     if (!preg_match('/\//', $fileToCheck) && is_file($imagepath.'/'.$fileToCheck)) {
-       $imgfile = $fileToCheck;
-     } else {
-       error_die('file not found', '404 Not Found');
-     }
-     if ($thumb) { // image from thumbnail path
-       $file = $thumbpath.'/'.$subpath.'/'.$fileToCheck;
-       if (!is_dir($thumbpath.'/'.$subpath)) mkdir($thumbpath.'/'.$subpath, 0777, true);
-       if (!is_file($file)) { // create thumbnail
-         $image = new Imagick();
-         $image->readImage($imagepath.'/'.$fileToCheck);
-         $image->thumbnailImage(200, 200, true);
-         $image->writeImage($file);
-       }
-     } else {
-       $file = $imagepath.'/'.$fileToCheck;
-     }
-   }
-   function returnFile($file) {
-      $ext=strtolower(preg_replace('/.*\./', '', $file));
-      switch ($ext) {
-        case 'jpg': case 'jpeg': $type="image/jpeg"; break;
-        case 'tif': case 'tiff': $type="image/tiff"; break;
-        case 'gif': $type="image/gif"; break;
-        case 'png': $type="image/png"; break;
-        case 'bmp': $type="image/bmp"; break;
-     }
-     if (!is_file($file)) {
-       error_die('file does not exist', '404 Not Found');
-     }
-     if (!isset($_REQUEST['view'])) {
-       header('Content-type: '.$type);
-       header('Content-Length: '.filesize($file));
-       header('Content-Transfer-Encoding: binary');
-       flush();
-       readfile($file);
-       exit;
-     }
-   }
-   function extractDir($path) {
-     $res['dirs'] = array();
-     $res['files'] = array();
-     if ($d=opendir($path)) {
-       while (false!==($f=readdir($d)))
-         if (!preg_match('/^\./', $f) && is_dir($path.'/'.$f))
-           $res['dirs'][] = $f;
-         elseif (!preg_match('/^\./', $f) && is_file($path.'/'.$f))
-           switch (strtolower(preg_replace('/.*\./', '', $f))) {
-             case "jpg": case "jpeg": case "png":
-               $res['files'][] = $f;
-           }
-     }
-     closedir($d);
-     asort($res['dirs']);
-     asort($res['dirs']);
-     return $res;
-   }
-   /*function encrypt2($text) {
-     global $_REQUEST, $server_password;
-     return bin2hex(mcrypt_encrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB));
+mb_internal_encoding("utf8");
+$subpath="";
+$file="";
+$username="";
+function error_die($reason, $status='500 Internal Server Error') {
+  header("Expires: Tue, 01 Jan 2000 00:00:00 GMT");
+  header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+  header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
+  header("Cache-Control: post-check=0, pre-check=0", false);
+  header("Pragma: no-cache");
+  header('HTTP/1.0 '.$status);
+  die('<html><body><h1>Error: '.$status.'</h1><p>'.$reason.'</p>');
+}
+require('configuration.php');
+function alt(&$p1 = NULL, &$p2 = NULL, &$p3 = NULL) {
+  if (isset($p1)) return $p1;
+  if (isset($p2)) return $p2;
+  return $p2;
+}
+function computeUnsignedChecksum($bytestring) {
+  $unsigned_chksum = 0;
+  for($i=0; $i<512; $i++)
+    $unsigned_chksum += ord($bytestring[$i]);
+  for($i=0; $i<8; $i++)
+    $unsigned_chksum -= ord($bytestring[148 + $i]);
+  $unsigned_chksum += ord(" ") * 8;
+  return $unsigned_chksum;
+}
+function tarHeader($Name, $Size, $information=NULL) {
+  if (strlen($Name)>99) {
+    $ext = preg_replace('/.*\./', '', $Name);
+    $Name = substr($Name, 0, 98-strlen($ext)).'.'.$ext;
+  }
+  $header = str_pad($Name,100,chr(0));
+  $header .= str_pad("777",7,"0",STR_PAD_LEFT) . chr(0);
+  $header .= str_pad(decoct($information["user_id"]),7,"0",STR_PAD_LEFT) . chr(0);
+  $header .= str_pad(decoct($information["group_id"]),7,"0",STR_PAD_LEFT) . chr(0);
+  $header .= str_pad(decoct($Size),11,"0",STR_PAD_LEFT) . chr(0);
+  $header .= str_pad(decoct(time(0)),11,"0",STR_PAD_LEFT) . chr(0);
+  $header .= str_repeat(" ",8);
+  $header .= "0";
+  $header .= str_repeat(chr(0),100);
+  $header .= str_pad("ustar",6,chr(32));
+  $header .= chr(32) . chr(0);
+  $header .= str_pad($information["user_name"],32,chr(0));
+  $header .= str_pad($information["group_name"],32,chr(0));
+  $header .= str_repeat(chr(0),8);
+  $header .= str_repeat(chr(0),8);
+  $header .= str_repeat(chr(0),155);
+  $header .= str_repeat(chr(0),12);
+  $checksum = str_pad(decoct(computeUnsignedChecksum($header)),6,"0",STR_PAD_LEFT);
+  for($i=0; $i<6; $i++) {
+    $header[(148 + $i)] = substr($checksum,$i,1);
+  }
+  $header[154] = chr(0);
+  $header[155] = chr(32);
+  return $header;
+}
+function checkPath($pathToCheck) {
+  global $imagepath, $subpath;
+  $fullpath = $imagepath.'/'.$pathToCheck;
+  if ($fullpath==realpath($fullpath) && is_dir($fullpath)) {
+    $subpath=$pathToCheck;
+    $imagepath = $fullpath;
+  } else {
+    error_die('path not allowed: '.htmlentities($pathToCheck));
+  }
+}
+function checkFile($fileToCheck, $thumb = false) {
+  global $imagepath, $file, $subpath, $thumbpath, $imgfile;
+  if (!preg_match('/\//', $fileToCheck) && is_file($imagepath.'/'.$fileToCheck)) {
+    $imgfile = $fileToCheck;
+  } else {
+    error_die('file not found', '404 Not Found');
+  }
+  if ($thumb) { // image from thumbnail path
+    $file = $thumbpath.'/'.$subpath.'/'.$fileToCheck;
+    if (!is_dir($thumbpath.'/'.$subpath)) mkdir($thumbpath.'/'.$subpath, 0777, true);
+    if (!is_file($file)) { // create thumbnail
+      $image = new Imagick();
+      $image->readImage($imagepath.'/'.$fileToCheck);
+      $image->thumbnailImage(200, 200, true);
+      $image->writeImage($file);
+    }
+  } else {
+    $file = $imagepath.'/'.$fileToCheck;
+  }
+}
+function returnFile($file) {
+  $ext=strtolower(preg_replace('/.*\./', '', $file));
+  switch ($ext) {
+    case 'jpg': case 'jpeg': $type="image/jpeg"; break;
+    case 'tif': case 'tiff': $type="image/tiff"; break;
+    case 'gif': $type="image/gif"; break;
+    case 'png': $type="image/png"; break;
+    case 'bmp': $type="image/bmp"; break;
+  }
+  if (!is_file($file)) {
+    error_die('file does not exist', '404 Not Found');
+  }
+  if (!isset($_REQUEST['view'])) {
+    header('Content-type: '.$type);
+    header('Content-Length: '.filesize($file));
+    header('Content-Transfer-Encoding: binary');
+    flush();
+    readfile($file);
+    exit;
+  }
+}
+function extractDir($path) {
+  $res['dirs'] = array();
+  $res['files'] = array();
+  if ($d=opendir($path)) {
+    while (false!==($f=readdir($d)))
+      if (!preg_match('/^\./', $f) && is_dir($path.'/'.$f))
+        $res['dirs'][] = $f;
+    elseif (!preg_match('/^\./', $f) && is_file($path.'/'.$f))
+    switch (strtolower(preg_replace('/.*\./', '', $f))) {
+      case "jpg": case "jpeg": case "png":
+        $res['files'][] = $f;
+    }
+  }
+  closedir($d);
+  asort($res['dirs']);
+  asort($res['dirs']);
+  return $res;
+}
+/*function encrypt2($text) {
+   global $_REQUEST, $server_password;
+   return bin2hex(mcrypt_encrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB));
    }
    function decrypt2($text) {
-     global $_REQUEST, $server_password;
-     return unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB)));
+   global $_REQUEST, $server_password;
+   return unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB)));
    }*/
-   function encrypt($text, $password = NULL) {
-     global $_REQUEST, $server_password;
-     if (!$password) $password = $_REQUEST['password'];
-     return base64_encode(mcrypt_encrypt(MCRYPT_BLOWFISH, $password+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB));
-   }
-   function decrypt($text) {
-     global $_REQUEST, $server_password;
-     $res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, base64_decode($text), MCRYPT_MODE_ECB)));
-     if (!$res) $res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB)));
-     return $res;
-   }
-   function makelink($link, $img, $filename, $style="") {
-     echo '<a href="'.$link.'"><img src="'.$img.'" alt="'.htmlentities($filename).'" '.$style.'/></a>';
-   }
-   function linkorselect($link, $img, $filename) {
-     if (isset($_REQUEST['select'])) {
-       echo '<input type="checkbox" id="'.htmlentities($filename).'" name="elements[]" value="'.htmlentities($filename).'" />';
-       echo '<label for="'.htmlentities($filename).'"><img src="'.$img.'" alt="'.htmlentities($filename).'"/></label>';
-     } else {
-       makelink($link, $img, $filename);
-     }
-   }
-   if (!isset($_REQUEST['secret'])) {
-     if ($username=="") error_die('not authorized', '403 Forbidden');
-     if (isset($_REQUEST['path'])) checkPath($_REQUEST['path']);
-     if (isset($_REQUEST['folder']) && !preg_match('/\//', $_REQUEST['folder'])) {
-       $file = $thumbpath.'/folders/'.$subpath.'/'.$_REQUEST['folder'].'.png';
-       $type="image/png";
-       if (!is_dir($thumbpath.'/folders/'.$subpath)) mkdir($thumbpath.'/folders/'.$subpath, 0777, true);
-       if (!is_file($file)) { // create folder image
-         $txt = wordwrap(preg_replace('/ +/', ' ', preg_replace('/-/', ' - ', preg_replace('/_/', " ", $_REQUEST['folder']))), 16, "\n", true);
-         $image = new Imagick();
-         $image->readImage('folder.png'); // read local template file
-         $draw = new ImagickDraw();
-         $draw->setFillColor('black');
-         $draw->setFont($font);
-         if (mb_strlen($txt)<2) {
-           $draw->setFontSize(60);
-           $x = 75;
-         } else {
-           $draw->setFontSize(15);
-           $x = 50;
-         }
-         $image->annotateImage($draw, 10, $x, 0, $txt);
-         $image->writeImage($file);
-       }
-     } elseif (isset($_REQUEST['file'])) checkFile($_REQUEST['file'], isset($_REQUEST['thumb']));
-     if ($file!="") returnFile($file);
-   } else {
-     if (isset($_REQUEST['password'])) {
-       $secret = decrypt($_REQUEST['secret']) or error_die('bad password', '403 Forbidden');
-       if (!isset($secret['valid-until'])) error_die('missing validation date');
-       if (!isset($max_validity_days)) error_die('maximum validity days not set');
-       if (strtotime($secret['valid-until'])>time()+((int)$max_validity_days)*86400) error_die('validity limitation not respected');
-       if (strtotime($secret['valid-until'])<time()) error_die('sharing request timed out', '410 Gone');
-       checkPath($secret['path']);
-       if (isset($secret['file'])) {
-         checkFile($secret['file'], true);
-         if ($file!="") returnFile($file);	 
-       }
-       foreach ($secret['elements'] as $f) checkFile($f);
-       if (isset($_REQUEST['download'])) {
-         $secret = decrypt($_REQUEST['secret']) or error_die('bad password', '403 Forbidden');
-         if (!isset($secret['valid-until'])) error_die('missing validation date');
-         if (strtotime($secret['valid-until'])<time()) error_die('sharing request timed out', '410 Gone');
-         if (isset($secret['elements'])) {
-           $size = 0;
-           foreach ($secret['elements'] as $f) {
-             checkFile($f);
-             $size += 512 + ceil(filesize($file)/512)*512;
-             $files[] = $file;
-           }
-           header('Content-Description: File Transfer');
-           header('Content-Type: application/x-tar');
-           header('Content-Length: '.$size);
-           header('Content-Disposition: attachment; filename=shared-images.tar');
-           foreach($files as $f) {
-               print tarHeader('shared-images/'.basename($f), filesize($f));
-               readfile($f);
-               print str_repeat(chr(0), ceil(filesize($f)/512)*512-filesize($f));
-           }
-           exit;
-         }
-       }
-     } elseif (isset($_REQUEST['qrcode'])) {
-         QRcode::png((isset($_SERVER['HTTPS']) ? 'https' : 'http')
-         .'://'.$_SERVER[HTTP_HOST].$_SERVER[REQUEST_URI].'?secret='.$_REQUEST['secret']);
-         exit;
-     }
-   }
+function encrypt($text, $password = NULL) {
+  global $_REQUEST, $server_password;
+  if (!$password) $password = $_REQUEST['password'];
+  return base64_encode(mcrypt_encrypt(MCRYPT_BLOWFISH, $password+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB));
+}
+function decrypt($text) {
+  global $_REQUEST, $server_password;
+  $res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, base64_decode($text), MCRYPT_MODE_ECB)));
+  if (!$res) $res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB)));
+  return $res;
+}
+function makelink($link, $img, $filename, $style="") {
+  echo '<a href="'.$link.'"><img src="'.$img.'" alt="'.htmlentities($filename).'" '.$style.'/></a>';
+}
+function linkorselect($link, $img, $filename) {
+  if (isset($_REQUEST['select'])) {
+    echo '<input type="checkbox" id="'.htmlentities($filename).'" name="elements[]" value="'.htmlentities($filename).'" />';
+    echo '<label for="'.htmlentities($filename).'"><img src="'.$img.'" alt="'.htmlentities($filename).'"/></label>';
+  } else {
+    makelink($link, $img, $filename);
+  }
+}
+if (!isset($_REQUEST['secret'])) {
+  if ($username=="") error_die('not authorized', '403 Forbidden');
+  if (isset($_REQUEST['qrcode'])) {
+    QRcode::png((isset($_SERVER['HTTPS']) ? 'https' : 'http')
+               .'://'.$_SERVER['HTTP_HOST'].explode('?', $_SERVER['REQUEST_URI'])[0].'?secret='.$_REQUEST['qrcode']);
+    exit;
+  } else {
+    if (isset($_REQUEST['path'])) checkPath($_REQUEST['path']);
+    if (isset($_REQUEST['folder']) && !preg_match('/\//', $_REQUEST['folder'])) {
+      $file = $thumbpath.'/folders/'.$subpath.'/'.$_REQUEST['folder'].'.png';
+      $type="image/png";
+      if (!is_dir($thumbpath.'/folders/'.$subpath)) mkdir($thumbpath.'/folders/'.$subpath, 0777, true);
+      if (!is_file($file)) { // create folder image
+        $txt = wordwrap(preg_replace('/ +/', ' ', preg_replace('/-/', ' - ', preg_replace('/_/', " ", $_REQUEST['folder']))), 16, "\n", true);
+        $image = new Imagick();
+        $image->readImage('folder.png'); // read local template file
+        $draw = new ImagickDraw();
+        $draw->setFillColor('black');
+        $draw->setFont($font);
+        if (mb_strlen($txt)<2) {
+          $draw->setFontSize(60);
+          $x = 75;
+        } else {
+          $draw->setFontSize(15);
+          $x = 50;
+        }
+        $image->annotateImage($draw, 10, $x, 0, $txt);
+        $image->writeImage($file);
+      }
+    } elseif (isset($_REQUEST['file'])) checkFile($_REQUEST['file'], isset($_REQUEST['thumb']));
+    if ($file!="") returnFile($file);
+  }
+} else {
+  if (isset($_REQUEST['password'])) {
+    $secret = decrypt($_REQUEST['secret']) or error_die('bad password', '403 Forbidden');
+    if (!isset($secret['valid-until'])) error_die('missing validation date');
+    if (!isset($max_validity_days)) error_die('maximum validity days not set');
+    if (strtotime($secret['valid-until'])>time()+((int)$max_validity_days)*86400) error_die('validity limitation not respected');
+    if (strtotime($secret['valid-until'])<time()) error_die('sharing request timed out', '410 Gone');
+    checkPath($secret['path']);
+    if (isset($secret['file'])) {
+      checkFile($secret['file'], true);
+      if ($file!="") returnFile($file);	 
+    }
+    foreach ($secret['elements'] as $f) checkFile($f);
+    if (isset($_REQUEST['download'])) {
+      $secret = decrypt($_REQUEST['secret']) or error_die('bad password', '403 Forbidden');
+      if (!isset($secret['valid-until'])) error_die('missing validation date');
+      if (strtotime($secret['valid-until'])<time()) error_die('sharing request timed out', '410 Gone');
+      if (isset($secret['elements'])) {
+        $size = 0;
+        foreach ($secret['elements'] as $f) {
+          checkFile($f);
+          $size += 512 + ceil(filesize($file)/512)*512;
+          $files[] = $file;
+        }
+        header('Content-Description: File Transfer');
+        header('Content-Type: application/x-tar');
+        header('Content-Length: '.$size);
+        header('Content-Disposition: attachment; filename=shared-images.tar');
+        foreach($files as $f) {
+          print tarHeader('shared-images/'.basename($f), filesize($f));
+          readfile($f);
+          print str_repeat(chr(0), ceil(filesize($f)/512)*512-filesize($f));
+        }
+        exit;
+      }
+    }
+  }
+}
 ?><!DOCTYPE html>
 <html>
   <header>
@@ -231,140 +233,145 @@
   </header>
   <body>
     <?php 
-      if ($username=="") {
-        if (isset($_REQUEST['password'])) {
-          ?>
-            <h1>Shared Files</h1>
-            <p>Download shared files as a <a href="http://de.wikipedia.org/wiki/Tar">Tape-ARchive</a> (tar) file.</p>
-            <p><form method="POST">
-              <input type="hidden" name="secret" value="<?php echo htmlentities($_REQUEST['secret']) ?>"/>
-              <input type="hidden" name="password" value="<?php echo htmlentities($_REQUEST['password']) ?>"/>
-              <input type="hidden" name="download"/>
-              <input type="submit" value="download"/>
-            </form></p>
-          <?php
-	  foreach ($secret['elements'] as $f) {
-            $secret['path'] = $subpath;
-	    $secret['file'] = $f;
-            $secret['valid-until'] = date('c', time()+30);
-            $password=str_shuffle(sha1(rand().time()."Js83aéa"));
-	    echo '<img src="?secret='.urlencode(encrypt($secret, $password)).'&password='.urlencode($password).'" alt="'.htmlentities($f).'"/>';
-          }
-        } else {
-	  ?>
-            <h1>Password Required</h2>
-	    <p>Enter password to start download of images as a Tape-ARchive (tar) file.</p>
-            <form method="POST">
-              <input type="hidden" name="secret" value="<?php echo htmlentities($_REQUEST['secret']) ?>"/>
-              <input type="password" name="password"/>
-              <input type="submit" value="show"/>
-            </form>
-          <?php
+    if ($username=="") {
+      if (isset($_REQUEST['password'])) {
+    ?>
+        <h1>Shared Files</h1>
+        <p>Download shared files as a <a href="http://de.wikipedia.org/wiki/Tar">Tape-ARchive</a> (tar) file.</p>
+        <p><form method="POST">
+          <input type="hidden" name="secret" value="<?php echo htmlentities($_REQUEST['secret']) ?>"/>
+          <input type="hidden" name="password" value="<?php echo htmlentities($_REQUEST['password']) ?>"/>
+          <input type="hidden" name="download"/>
+          <input type="submit" value="download"/>
+        </form></p>
+        <?php
+        foreach ($secret['elements'] as $f) {
+          $secret['path'] = $subpath;
+          $secret['file'] = $f;
+          $secret['valid-until'] = date('c', time()+30);
+          $password=str_shuffle(sha1(rand().time()."Js83aéa"));
+          echo '<img src="?secret='.urlencode(encrypt($secret, $password)).'&password='.urlencode($password).'" alt="'.htmlentities($f).'"/>';
         }
       } else {
-    ?>
-    <h1>Gallery: <?php echo htmlentities($username).' @ '.htmlentities($subpath) ?></h1>
-    <?php
-       if (isset($_REQUEST['share'])) {
-         echo '<a href="?path='.urlencode($subpath).'"><img src="?folder=←" alt="←"/></a><br/>';
-         $key = $_REQUEST;
-         unset($key['password']);
-         unset($key['share']);
-	 unset($key['select']);
-         $secret=urlencode(encrypt($key));
-	 $default_mailto = "";
-	 if (isset($_REQUEST['mailto'])) {
-           $message = preg_replace('/PASSWORD/', $_REQUEST['password'], $_REQUEST['mailtext']);
-           $link = (isset($_SERVER['HTTPS'])?'https://':'http://').$_SERVER['HTTP_HOST'].explode('?', $_SERVER['REQUEST_URI'])[0].'?secret='.$secret;
-           if (preg_match('/LINK/', $message)) $message = preg_replace('/LINK/', $link, $message);
-   	   else $message .= "\n\n".$link;
-           if (mail($_REQUEST['mailto'], $_REQUEST['subject'], $message, 'From: '.$_REQUEST['replyto']."\r\n".'Reply-To: '.$_REQUEST['replyto'])) {
-             echo '<h2>Mail Successfully Sent</h2>';
-             echo '<p>Mail sent to '.$_REQUEST['mailto'].'.</p>';
-             echo '<p>You can send more mails, if you want ...</p>';
-	   } else {
-             echo '<h2>Send Mail <strong>Failed</strong></h2>';
-	     echo '<p>Try again ...</p>';
-	   }
- 	 }
-         echo '<h2>Share Files</h2>';
-         echo '<p>Share files: Tell your friend the password on a separate channel and send this: <a href="?secret
-='.$secret.'">Link to Share</a></p>';
-           ?>
-         <img src="<?php echo (isset($_SERVER['HTTPS']) ? 'https' : 'http')
-             .'://'.$_SERVER[HTTP_HOST].$_SERVER[REQUEST_URI].'?secret='.$secret.'&qrcode=1'; ?>" />
-	     <p>or Send Link in E-Mail:</p>
-             <form method="POST">
-               <table style="width: 100%"><tr>
-                 <td><label for="replyto">From:</label></td><td><input name="replyto" type="text" value="<?php echo alt($_REQUEST['replyto'], $email, $fallback_mail_replyto) ?>" style="width: 99%"/></td>
-		 </tr><tr>
-                 <td><label for="mailto">To:</label></td><td><input name="mailto" type="text" value="<?php echo alt($_REQUEST['mailto'], $default_mailto) ?>" style="width: 99%"/></td>
-                 </tr><tr>
-                 <td><label for="subject">Subject:</label></td><td><input name="subject" type="text" value="<?php echo alt($_REQUEST['subject'], $default_mail_subject) ?>" style="width: 99%"/></td>
-                 </tr><tr>
-                 <td colspan="2"><textarea name="mailtext" style="width: 99%; height: 15em"><?php echo alt($_REQUEST['mailtext'], $default_mail_text) ?></textarea></td>
-                 </tr><tr>
-	         <td colspan="2"><input type="submit" value="send email"/></td>
-               </tr></table>
-               <?php 
-                 foreach ($_POST as $k => $v)
-                   switch ($k) {
-                     case 'replyto': case 'mailto': case 'subject': case 'mailtext': break;
-                     default: 
-                       if (is_array($v)) foreach ($v as $e) echo '<input type="hidden" name="'.$k.'[]" value="'.$e.'"/>';
-                       else echo '<input type="hidden" name="'.$k.'" value="'.$v.'"/>';
-                   }
-               ?>
-             </form>
-           <?php
-         foreach ($key['elements'] as $f)
-           makelink('?path='.urlencode($subpath).'&file='.urlencode($f).'&view', '?path='.urlencode($subpath).'&file='.urlencode($f).'&thumb', $f);
-       } else {
-         if (isset($_REQUEST['view'])) { // view single image
-           $objects = extractDir($imagepath);
-           $pos = array_search($imgfile, $objects['files']);
-           if ($pos>0) 
-             echo '<a href="?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos-1]).'&view"><img src="?folder=←" alt="previous"/></a>';
-           echo '<a href="?path='.urlencode($subpath).'"><img src="?folder=↑" alt="↑"/></a>';
-           if ($pos<count($objects['files'])-1) 
-             echo '<a href="?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos+1]).'&view"><img src="?folder=→" alt="next"/></a>';
-           echo '<div class="image"><img style="width: 100%" src="?path='.urlencode($subpath).'&file='.urlencode($imgfile).'" alt="'.urlencode($imgfile).'"/></div>';
-	   if ($pos!==NULL) {
-           $lower = max(0, $pos-floor(((int)$preview_num)/2));
-           $higher = min(count($objects['files']), $lower+((int)$preview_num));
-	     for ($i=$lower; $i<$higher; ++$i)
-	       makelink('?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&view', '?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&thumb', $objects['files'][$i], 'style="width: '.round(100/($higher-$lower), 3).'%"');
- 	   }
-         } else { // gallery view
-           if (isset($_REQUEST['select'])) {
-             echo '<a href="?path='.urlencode($subpath).'">Normal-Modus</a>';
-             echo '<form method="POST">';
-             echo '<input type="hidden" name="path" value="'.htmlentities($subpath).'">';
-             echo '<label for="password">Passwort:</label>';
-             echo '<input type="text" size="5" name="password" value="'.substr(str_shuffle(strtolower(sha1(rand().time()."SeAG6"))),0,4).'">';
-             echo '<label for="valid-until">Gültig bis:</label>';
-             echo '<input type="date" size="10" name="valid-until" max="'.date('Y-m-d', time()+((int)$max_validity_days)*86400).'" value="'.date('Y-m-d', time()+14*86400).'"/>';
-             echo '<input type="submit" name="share" value="Teilen"/>';
-           } else {
-             echo '<a href="?path='.urlencode($subpath).'&select">Auswahl-Modus</a>';
-           }
-           echo '<div class="dirs">';
-           if (preg_match('/\//', $subpath)) {
-             echo '<a href="?path='.urlencode(preg_replace('/\/[^\/]+$/', '', $subpath)).'"><img src="?folder=↑" alt="↑"/></a>';
-           } elseif ($subpath!="") {
-             echo '<a href="?"><img src="?folder=↑" alt="↑"/></a>';
-           }
-           $objects = extractDir($imagepath);
-           foreach ($objects['dirs'] as $f)
-             makelink('?path='.urlencode($subpath.($subpath!=""?'/':'').$f), '?path='.urlencode($subpath).'&folder='.urlencode($f), $f);
-           echo '</div><div class="images">';
-	   foreach ($objects['files'] as $f)
-             linkorselect('?path='.urlencode($subpath).'&file='.urlencode($f).'&view', '?path='.urlencode($subpath).'&file='.urlencode($f).'&thumb', $f);
-           echo '</div>';
-           if (isset($_REQUEST['select'])) echo '</form>';
-         }
-       }
+        ?>
+        <h1>Password Required</h2>
+          <p>Enter password to start download of images as a Tape-ARchive (tar) file.</p>
+          <form method="POST">
+            <input type="hidden" name="secret" value="<?php echo htmlentities($_REQUEST['secret']) ?>"/>
+            <input type="password" name="password"/>
+            <input type="submit" value="show"/>
+          </form>
+      <?php
       }
-    ?>
+    } else {
+      ?>
+        <h1>Gallery: <?php echo htmlentities($username).' @ '.htmlentities($subpath) ?></h1>
+        <?php
+        if (isset($_REQUEST['share'])) {
+          echo '<a href="?path='.urlencode($subpath).'"><img src="?folder=←" alt="←"/></a><br/>';
+          $key = $_REQUEST;
+          unset($key['password']);
+          unset($key['share']);
+          unset($key['select']);
+          $secret=urlencode(encrypt($key));
+          $default_mailto = "";
+          if (isset($_REQUEST['mailto'])) {
+            if (preg_match('/LINK/', $message))
+              $message = preg_replace('/PASSWORD/', $_REQUEST['password'], $_REQUEST['mailtext']);
+            else
+              $message = $_REQUEST['mailtext']."\n\npassword: ".$REQUEST['password'];
+            $link = (isset($_SERVER['HTTPS'])?'https://':'http://').$_SERVER['HTTP_HOST'].explode('?', $_SERVER['REQUEST_URI'])[0].'?secret='.$secret;
+            if (preg_match('/LINK/', $message))
+              $message = preg_replace('/LINK/', $link, $message);
+            else
+              $message .= "\n\n".$link;
+            if (mail($_REQUEST['mailto'], $_REQUEST['subject'], $message, 'From: '.$_REQUEST['replyto']."\r\n".'Reply-To: '.$_REQUEST['replyto'])) {
+              echo '<h2>Mail Successfully Sent</h2>';
+              echo '<p>Mail sent to '.$_REQUEST['mailto'].'.</p>';
+              echo '<p>You can send more mails, if you want ...</p>';
+            } else {
+              echo '<h2>Send Mail <strong>Failed</strong></h2>';
+              echo '<p>Try again ...</p>';
+            }
+          }
+          echo '<h2>Share Files</h2>';
+          echo '<p>Share files: Tell your friend the password on a separate channel and send this: <a href="?secret
+='.$secret.'">Link to Share</a></p>';
+        ?>
+          <img src="<?php echo (isset($_SERVER['HTTPS']) ? 'https' : 'http')
+                             .'://'.$_SERVER['HTTP_HOST'].explode('?', $_SERVER['REQUEST_URI'])[0].'?qrcode='.$secret; ?>" />
+          <p>or Send Link in E-Mail:</p>
+          <form method="POST">
+            <table style="width: 100%"><tr>
+              <td><label for="replyto">From:</label></td><td><input name="replyto" type="text" value="<?php echo alt($_REQUEST['replyto'], $email[0], $fallback_mail_replyto); ?>" list="emails" style="width: 99%"/><datalist id="emails"><?php for ($i=0; $i<$email['count']; ++$i) echo '<option value="'.$email[$i].'">'; ?></datalist></td>
+            </tr><tr>
+              <td><label for="mailto">To:</label></td><td><input name="mailto" type="text" value="<?php echo alt($_REQUEST['mailto'], $default_mailto); ?>" style="width: 99%"/></td>
+            </tr><tr>
+              <td><label for="subject">Subject:</label></td><td><input name="subject" type="text" value="<?php echo alt($_REQUEST['subject'], $default_mail_subject) ?>" style="width: 99%"/></td>
+            </tr><tr>
+              <td colspan="2"><textarea name="mailtext" style="width: 99%; height: 15em"><?php echo preg_replace('/USERNAME/', $fullname, alt($_REQUEST['mailtext'], $default_mail_text)) ?></textarea></td>
+            </tr><tr>
+              <td colspan="2"><input type="submit" value="send email"/></td>
+            </tr></table>
+            <?php 
+            foreach ($_POST as $k => $v)
+            switch ($k) {
+              case 'replyto': case 'mailto': case 'subject': case 'mailtext': break;
+              default: 
+                if (is_array($v)) foreach ($v as $e) echo '<input type="hidden" name="'.$k.'[]" value="'.$e.'"/>';
+                else echo '<input type="hidden" name="'.$k.'" value="'.$v.'"/>';
+            }
+            ?>
+          </form>
+          <?php
+            foreach ($key['elements'] as $f)
+              makelink('?path='.urlencode($subpath).'&file='.urlencode($f).'&view', '?path='.urlencode($subpath).'&file='.urlencode($f).'&thumb', $f);
+        } else {
+          if (isset($_REQUEST['view'])) { // view single image
+            $objects = extractDir($imagepath);
+            $pos = array_search($imgfile, $objects['files']);
+            if ($pos>0) 
+              echo '<a href="?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos-1]).'&view"><img src="?folder=←" alt="previous"/></a>';
+            echo '<a href="?path='.urlencode($subpath).'"><img src="?folder=↑" alt="↑"/></a>';
+            if ($pos<count($objects['files'])-1) 
+              echo '<a href="?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos+1]).'&view"><img src="?folder=→" alt="next"/></a>';
+            echo '<div class="image"><img style="width: 100%" src="?path='.urlencode($subpath).'&file='.urlencode($imgfile).'" alt="'.urlencode($imgfile).'"/></div>';
+            if ($pos!==NULL) {
+              $lower = max(0, $pos-floor(((int)$preview_num)/2));
+              $higher = min(count($objects['files']), $lower+((int)$preview_num));
+              for ($i=$lower; $i<$higher; ++$i)
+                makelink('?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&view', '?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&thumb', $objects['files'][$i], 'style="width: '.round(100/($higher-$lower), 3).'%"');
+            }
+          } else { // gallery view
+            if (isset($_REQUEST['select'])) {
+              echo '<a href="?path='.urlencode($subpath).'">Normal-Modus</a>';
+              echo '<form method="POST">';
+              echo '<input type="hidden" name="path" value="'.htmlentities($subpath).'">';
+              echo '<label for="password">Passwort:</label>';
+              echo '<input type="text" size="5" name="password" value="'.substr(str_shuffle(strtolower(sha1(rand().time()."SeAG6"))),0,4).'">';
+              echo '<label for="valid-until">Gültig bis:</label>';
+              echo '<input type="date" size="10" name="valid-until" max="'.date('Y-m-d', time()+((int)$max_validity_days)*86400).'" value="'.date('Y-m-d', time()+14*86400).'"/>';
+              echo '<input type="submit" name="share" value="Teilen"/>';
+            } else {
+              echo '<a href="?path='.urlencode($subpath).'&select">Auswahl-Modus</a>';
+            }
+            echo '<div class="dirs">';
+            if (preg_match('/\//', $subpath)) {
+              echo '<a href="?path='.urlencode(preg_replace('/\/[^\/]+$/', '', $subpath)).'"><img src="?folder=↑" alt="↑"/></a>';
+            } elseif ($subpath!="") {
+              echo '<a href="?"><img src="?folder=↑" alt="↑"/></a>';
+            }
+            $objects = extractDir($imagepath);
+            foreach ($objects['dirs'] as $f)
+              makelink('?path='.urlencode($subpath.($subpath!=""?'/':'').$f), '?path='.urlencode($subpath).'&folder='.urlencode($f), $f);
+            echo '</div><div class="images">';
+            foreach ($objects['files'] as $f)
+              linkorselect('?path='.urlencode($subpath).'&file='.urlencode($f).'&view', '?path='.urlencode($subpath).'&file='.urlencode($f).'&thumb', $f);
+            echo '</div>';
+            if (isset($_REQUEST['select'])) echo '</form>';
+          }
+        }
+    }
+?>
   </body>
 </html>