webservices
/
sharing-gallery
1
0
Fork 0
Code Issues Pull Requests Releases Activity

fixed qr code

Browse Source
master
Marc Wäckerlin 8 years ago
parent 51eec30759
commit 3b8fba5d45
4 changed files with 459 additions and 361 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 91
      ChangeLog
  2. 6
      etc/authentication.php
  3. 4
      etc/settings.php
  4. 95
      html/index.php

91
ChangeLog
Unescape View File

@ -0,0 +1,91 @@
2017-02-17 11:04
* [r13] debian/control.in:
backup
2017-01-14 10:26
* [r12] debian/control.in:
build system updated
2017-01-12 13:22
* [r11] ChangeLog, autogen.sh, ax_init_standard_project.m4,
bootstrap.sh, build-in-docker.conf, build-in-docker.sh,
debian/changelog.in, debian/control.in, resolve-debbuilddeps.sh,
resolve-rpmbuilddeps.sh:
update build system
2016-09-30 21:55
* [r10] ChangeLog[ADD], autogen.sh[ADD],
ax_cxx_compile_stdcxx_11.m4, ax_init_standard_project.m4,
bootstrap.sh, build-in-docker.conf[ADD], build-in-docker.sh,
doc/footer.html.in[ADD], doc/header.html.in[ADD],
doc/plantuml.jar[ADD], doc/style.css[ADD],
mac-create-app-bundle.sh, makefile_test.inc.am[ADD],
resolve-debbuilddeps.sh, resolve-rpmbuilddeps.sh,
sharing-gallery.desktop.in[ADD], sql-to-dot.sed:
build fixed
2016-04-04 09:47
* [r9] COPYING[DEL], ChangeLog[DEL], INSTALL[DEL]:
after migration to new svn server
2015-11-16 12:38 marc
* [r8] doc/doxyfile.in:
SVG must not be interactive for embedding in redmine
2015-11-09 22:52 marc
* [r7] COPYING[ADD], ChangeLog[ADD], INSTALL[ADD],
ax_init_standard_project.m4, bootstrap.sh,
resolve-debbuilddeps.sh, sql-to-dot.sed[ADD]:
build system updated
2015-11-07 10:47 marc
* [r6] bootstrap.sh, debian/control.in:
there is no qt4-default
2015-11-07 09:23 marc
* [r5] bootstrap.sh:
there is no qt4-default
2015-11-07 00:25 marc
* [r4] debian/control.in:
set Section
2015-11-05 12:54 marc
* [r3] bootstrap.sh, debian, debian/changelog.in[ADD],
debian/compat[ADD], debian/control.in[ADD], debian/docs[ADD],
debian/rules[ADD]:
updated build system
2015-11-05 10:23 marc
* [r2] .htaccess[DEL], AUTHORS[ADD], NEWS[ADD], README[ADD],
ax_check_qt.m4[ADD], ax_cxx_compile_stdcxx_11.m4[ADD],
ax_init_standard_project.m4[ADD], bootstrap.sh[ADD],
build-in-docker.sh[ADD], build-resource-file.sh[ADD],
configure.ac[ADD], debian[ADD], debian/changelog.in[ADD],
debian/compat[ADD], debian/control.in[ADD], debian/docs[ADD],
debian/rules[ADD], doc[ADD], doc/doxyfile.in[ADD],
doc/makefile.am[ADD], folder.png[DEL], html[ADD],
html/.htaccess[CPY], html/folder.png[CPY], html/index.php[CPY],
html/makefile.am[ADD], index.php[DEL],
mac-create-app-bundle.sh[ADD], makefile.am[ADD],
resolve-debbuilddeps.sh[ADD], resolve-rpmbuilddeps.sh[ADD],
sharing-gallery.spec.in[ADD]:
updated build system
2015-03-29 15:24 marc
* [r1] .[ADD], .htaccess[ADD], folder.png[ADD], index.php[ADD]:
initial files

6
etc/authentication.php
Unescape View File

@ -23,12 +23,11 @@ if (!isset($_SERVER['PHP_AUTH_USER'])) {
ldap_start_tls($ldapconn) ldap_start_tls($ldapconn)
or error_die($ldapconn, "cannot start LDAP TLS"); or error_die($ldapconn, "cannot start LDAP TLS");
if ($ldapbind = @ldap_bind($ldapconn, $checkuser.'='.$tstusername.','.$ldapbase, $password)) { if ($ldapbind = @ldap_bind($ldapconn, $checkuser.'='.$tstusername.','.$ldapbase, $password)) {
$search = ldap_search($ldapconn, $ldapbase, $checkuser.'='.$tstusername, array('mail\ $search = ldap_search($ldapconn, $ldapbase, $checkuser.'='.$tstusername, array('mail', 'cn'));
', 'cn'));
$data = ldap_get_entries($ldapconn, $search); $data = ldap_get_entries($ldapconn, $search);
ldap_close($ldapconn); ldap_close($ldapconn);
$username = $tstusername; $username = $tstusername;
$email = array('count' => 1, 0 => $username.'@'.$_SERVER[HTTP_HOST]); $email = array('count' => 1, 0 => $username.'@'.$_SERVER['HTTP_HOST']);
$fullname = $username; $fullname = $username;
if ($data['count']==1) { if ($data['count']==1) {
if (isset($data[0]['mail'])) if (isset($data[0]['mail']))
@ -36,6 +35,7 @@ if (!isset($_SERVER['PHP_AUTH_USER'])) {
if (isset($data[0]['cn'][0])) if (isset($data[0]['cn'][0]))
$fullname = $data[0]['cn'][0]; $fullname = $data[0]['cn'][0];
} }
error_log(print_r($data, true));
} else { } else {
error_log("user login failed: ".$checkuser.'='.$tstusername.','.$ldapbase); error_log("user login failed: ".$checkuser.'='.$tstusername.','.$ldapbase);
error_log(ldap_error($ldapconn)); error_log(ldap_error($ldapconn));

4
etc/settings.php
Unescape View File

@ -1,12 +1,12 @@
<?php <?php
require_once('/usr/share/phpqrcode/qrlib.php'); // configure path to phpqrcode require_once('/usr/share/phpqrcode/phpqrcode.php'); // configure path to phpqrcode
$imagepath = "/path/to/your/files"; $imagepath = "/path/to/your/files";
$thumbpath = "/var/tmp/sharing-gallery/thumbnails/"; $thumbpath = "/var/tmp/sharing-gallery/thumbnails/";
$max_validity_days = "30"; $max_validity_days = "30";
$font = "DejaVu-Sans"; $font = "DejaVu-Sans";
$preview_num = "5"; $preview_num = "5";
$default_mail_subject = "Sharing Gallery: See my Fotos"; $default_mail_subject = "Sharing Gallery: See my Fotos";
$default_mail_text = "Fotos from my gallery:\n\npassword = PASSWORD\n\nlink: LINK\n\nRegards\nUSERNAME"; $default_mail_text = "Fotos from my gallery, please follow the link:\n\npassword: PASSWORD\n\nlink:\nLINK\n\nRegards\nUSERNAME";
$default_mailto = ""; $default_mailto = "";
$fallback_mail_replyto = ""; $fallback_mail_replyto = "";
?> ?>

95
html/index.php
Unescape View File

@ -1,9 +1,9 @@
<?php <?php
mb_internal_encoding("utf8"); mb_internal_encoding("utf8");
$subpath=""; $subpath="";
$file=""; $file="";
$username=""; $username="";
function error_die($reason, $status='500 Internal Server Error') { function error_die($reason, $status='500 Internal Server Error') {
header("Expires: Tue, 01 Jan 2000 00:00:00 GMT"); header("Expires: Tue, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
@ -11,14 +11,14 @@
header("Pragma: no-cache"); header("Pragma: no-cache");
header('HTTP/1.0 '.$status); header('HTTP/1.0 '.$status);
die('<html><body><h1>Error: '.$status.'</h1><p>'.$reason.'</p>'); die('<html><body><h1>Error: '.$status.'</h1><p>'.$reason.'</p>');
} }
require('configuration.php'); require('configuration.php');
function alt(&$p1 = NULL, &$p2 = NULL, &$p3 = NULL) { function alt(&$p1 = NULL, &$p2 = NULL, &$p3 = NULL) {
if (isset($p1)) return $p1; if (isset($p1)) return $p1;
if (isset($p2)) return $p2; if (isset($p2)) return $p2;
return $p2; return $p2;
} }
function computeUnsignedChecksum($bytestring) { function computeUnsignedChecksum($bytestring) {
$unsigned_chksum = 0; $unsigned_chksum = 0;
for($i=0; $i<512; $i++) for($i=0; $i<512; $i++)
$unsigned_chksum += ord($bytestring[$i]); $unsigned_chksum += ord($bytestring[$i]);
@ -26,8 +26,8 @@
$unsigned_chksum -= ord($bytestring[148 + $i]); $unsigned_chksum -= ord($bytestring[148 + $i]);
$unsigned_chksum += ord(" ") * 8; $unsigned_chksum += ord(" ") * 8;
return $unsigned_chksum; return $unsigned_chksum;
} }
function tarHeader($Name, $Size, $information=NULL) { function tarHeader($Name, $Size, $information=NULL) {
if (strlen($Name)>99) { if (strlen($Name)>99) {
$ext = preg_replace('/.*\./', '', $Name); $ext = preg_replace('/.*\./', '', $Name);
$Name = substr($Name, 0, 98-strlen($ext)).'.'.$ext; $Name = substr($Name, 0, 98-strlen($ext)).'.'.$ext;
@ -56,8 +56,8 @@
$header[154] = chr(0); $header[154] = chr(0);
$header[155] = chr(32); $header[155] = chr(32);
return $header; return $header;
} }
function checkPath($pathToCheck) { function checkPath($pathToCheck) {
global $imagepath, $subpath; global $imagepath, $subpath;
$fullpath = $imagepath.'/'.$pathToCheck; $fullpath = $imagepath.'/'.$pathToCheck;
if ($fullpath==realpath($fullpath) && is_dir($fullpath)) { if ($fullpath==realpath($fullpath) && is_dir($fullpath)) {
@ -66,8 +66,8 @@
} else { } else {
error_die('path not allowed: '.htmlentities($pathToCheck)); error_die('path not allowed: '.htmlentities($pathToCheck));
} }
} }
function checkFile($fileToCheck, $thumb = false) { function checkFile($fileToCheck, $thumb = false) {
global $imagepath, $file, $subpath, $thumbpath, $imgfile; global $imagepath, $file, $subpath, $thumbpath, $imgfile;
if (!preg_match('/\//', $fileToCheck) && is_file($imagepath.'/'.$fileToCheck)) { if (!preg_match('/\//', $fileToCheck) && is_file($imagepath.'/'.$fileToCheck)) {
$imgfile = $fileToCheck; $imgfile = $fileToCheck;
@ -86,8 +86,8 @@
} else { } else {
$file = $imagepath.'/'.$fileToCheck; $file = $imagepath.'/'.$fileToCheck;
} }
} }
function returnFile($file) { function returnFile($file) {
$ext=strtolower(preg_replace('/.*\./', '', $file)); $ext=strtolower(preg_replace('/.*\./', '', $file));
switch ($ext) { switch ($ext) {
case 'jpg': case 'jpeg': $type="image/jpeg"; break; case 'jpg': case 'jpeg': $type="image/jpeg"; break;
@ -107,8 +107,8 @@
readfile($file); readfile($file);
exit; exit;
} }
} }
function extractDir($path) { function extractDir($path) {
$res['dirs'] = array(); $res['dirs'] = array();
$res['files'] = array(); $res['files'] = array();
if ($d=opendir($path)) { if ($d=opendir($path)) {
@ -125,8 +125,8 @@
asort($res['dirs']); asort($res['dirs']);
asort($res['dirs']); asort($res['dirs']);
return $res; return $res;
} }
/*function encrypt2($text) { /*function encrypt2($text) {
global $_REQUEST, $server_password; global $_REQUEST, $server_password;
return bin2hex(mcrypt_encrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB)); return bin2hex(mcrypt_encrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB));
} }
@ -134,30 +134,35 @@
global $_REQUEST, $server_password; global $_REQUEST, $server_password;
return unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB))); return unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB)));
}*/ }*/
function encrypt($text, $password = NULL) { function encrypt($text, $password = NULL) {
global $_REQUEST, $server_password; global $_REQUEST, $server_password;
if (!$password) $password = $_REQUEST['password']; if (!$password) $password = $_REQUEST['password'];
return base64_encode(mcrypt_encrypt(MCRYPT_BLOWFISH, $password+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB)); return base64_encode(mcrypt_encrypt(MCRYPT_BLOWFISH, $password+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB));
} }
function decrypt($text) { function decrypt($text) {
global $_REQUEST, $server_password; global $_REQUEST, $server_password;
$res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, base64_decode($text), MCRYPT_MODE_ECB))); $res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, base64_decode($text), MCRYPT_MODE_ECB)));
if (!$res) $res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB))); if (!$res) $res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB)));
return $res; return $res;
} }
function makelink($link, $img, $filename, $style="") { function makelink($link, $img, $filename, $style="") {
echo '<a href="'.$link.'"><img src="'.$img.'" alt="'.htmlentities($filename).'" '.$style.'/></a>'; echo '<a href="'.$link.'"><img src="'.$img.'" alt="'.htmlentities($filename).'" '.$style.'/></a>';
} }
function linkorselect($link, $img, $filename) { function linkorselect($link, $img, $filename) {
if (isset($_REQUEST['select'])) { if (isset($_REQUEST['select'])) {
echo '<input type="checkbox" id="'.htmlentities($filename).'" name="elements[]" value="'.htmlentities($filename).'" />'; echo '<input type="checkbox" id="'.htmlentities($filename).'" name="elements[]" value="'.htmlentities($filename).'" />';
echo '<label for="'.htmlentities($filename).'"><img src="'.$img.'" alt="'.htmlentities($filename).'"/></label>'; echo '<label for="'.htmlentities($filename).'"><img src="'.$img.'" alt="'.htmlentities($filename).'"/></label>';
} else { } else {
makelink($link, $img, $filename); makelink($link, $img, $filename);
} }
} }
if (!isset($_REQUEST['secret'])) { if (!isset($_REQUEST['secret'])) {
if ($username=="") error_die('not authorized', '403 Forbidden'); if ($username=="") error_die('not authorized', '403 Forbidden');
if (isset($_REQUEST['qrcode'])) {
QRcode::png((isset($_SERVER['HTTPS']) ? 'https' : 'http')
.'://'.$_SERVER['HTTP_HOST'].explode('?', $_SERVER['REQUEST_URI'])[0].'?secret='.$_REQUEST['qrcode']);
exit;
} else {
if (isset($_REQUEST['path'])) checkPath($_REQUEST['path']); if (isset($_REQUEST['path'])) checkPath($_REQUEST['path']);
if (isset($_REQUEST['folder']) && !preg_match('/\//', $_REQUEST['folder'])) { if (isset($_REQUEST['folder']) && !preg_match('/\//', $_REQUEST['folder'])) {
$file = $thumbpath.'/folders/'.$subpath.'/'.$_REQUEST['folder'].'.png'; $file = $thumbpath.'/folders/'.$subpath.'/'.$_REQUEST['folder'].'.png';
@ -182,7 +187,8 @@
} }
} elseif (isset($_REQUEST['file'])) checkFile($_REQUEST['file'], isset($_REQUEST['thumb'])); } elseif (isset($_REQUEST['file'])) checkFile($_REQUEST['file'], isset($_REQUEST['thumb']));
if ($file!="") returnFile($file); if ($file!="") returnFile($file);
} else { }
} else {
if (isset($_REQUEST['password'])) { if (isset($_REQUEST['password'])) {
$secret = decrypt($_REQUEST['secret']) or error_die('bad password', '403 Forbidden'); $secret = decrypt($_REQUEST['secret']) or error_die('bad password', '403 Forbidden');
if (!isset($secret['valid-until'])) error_die('missing validation date'); if (!isset($secret['valid-until'])) error_die('missing validation date');
@ -218,12 +224,8 @@
exit; exit;
} }
} }
} elseif (isset($_REQUEST['qrcode'])) {
QRcode::png((isset($_SERVER['HTTPS']) ? 'https' : 'http')
.'://'.$_SERVER[HTTP_HOST].$_SERVER[REQUEST_URI].'?secret='.$_REQUEST['secret']);
exit;
}
} }
}
?><!DOCTYPE html> ?><!DOCTYPE html>
<html> <html>
<header> <header>
@ -274,10 +276,15 @@
$secret=urlencode(encrypt($key)); $secret=urlencode(encrypt($key));
$default_mailto = ""; $default_mailto = "";
if (isset($_REQUEST['mailto'])) { if (isset($_REQUEST['mailto'])) {
if (preg_match('/LINK/', $message))
$message = preg_replace('/PASSWORD/', $_REQUEST['password'], $_REQUEST['mailtext']); $message = preg_replace('/PASSWORD/', $_REQUEST['password'], $_REQUEST['mailtext']);
else
$message = $_REQUEST['mailtext']."\n\npassword: ".$REQUEST['password'];
$link = (isset($_SERVER['HTTPS'])?'https://':'http://').$_SERVER['HTTP_HOST'].explode('?', $_SERVER['REQUEST_URI'])[0].'?secret='.$secret; $link = (isset($_SERVER['HTTPS'])?'https://':'http://').$_SERVER['HTTP_HOST'].explode('?', $_SERVER['REQUEST_URI'])[0].'?secret='.$secret;
if (preg_match('/LINK/', $message)) $message = preg_replace('/LINK/', $link, $message); if (preg_match('/LINK/', $message))
else $message .= "\n\n".$link; $message = preg_replace('/LINK/', $link, $message);
else
$message .= "\n\n".$link;
if (mail($_REQUEST['mailto'], $_REQUEST['subject'], $message, 'From: '.$_REQUEST['replyto']."\r\n".'Reply-To: '.$_REQUEST['replyto'])) { if (mail($_REQUEST['mailto'], $_REQUEST['subject'], $message, 'From: '.$_REQUEST['replyto']."\r\n".'Reply-To: '.$_REQUEST['replyto'])) {
echo '<h2>Mail Successfully Sent</h2>'; echo '<h2>Mail Successfully Sent</h2>';
echo '<p>Mail sent to '.$_REQUEST['mailto'].'.</p>'; echo '<p>Mail sent to '.$_REQUEST['mailto'].'.</p>';
@ -292,17 +299,17 @@
='.$secret.'">Link to Share</a></p>'; ='.$secret.'">Link to Share</a></p>';
?> ?>
<img src="<?php echo (isset($_SERVER['HTTPS']) ? 'https' : 'http') <img src="<?php echo (isset($_SERVER['HTTPS']) ? 'https' : 'http')
.'://'.$_SERVER[HTTP_HOST].$_SERVER[REQUEST_URI].'?secret='.$secret.'&qrcode=1'; ?>" /> .'://'.$_SERVER['HTTP_HOST'].explode('?', $_SERVER['REQUEST_URI'])[0].'?qrcode='.$secret; ?>" />
<p>or Send Link in E-Mail:</p> <p>or Send Link in E-Mail:</p>
<form method="POST"> <form method="POST">
<table style="width: 100%"><tr> <table style="width: 100%"><tr>
<td><label for="replyto">From:</label></td><td><input name="replyto" type="text" value="<?php echo alt($_REQUEST['replyto'], $email, $fallback_mail_replyto) ?>" style="width: 99%"/></td> <td><label for="replyto">From:</label></td><td><input name="replyto" type="text" value="<?php echo alt($_REQUEST['replyto'], $email[0], $fallback_mail_replyto); ?>" list="emails" style="width: 99%"/><datalist id="emails"><?php for ($i=0; $i<$email['count']; ++$i) echo '<option value="'.$email[$i].'">'; ?></datalist></td>
</tr><tr> </tr><tr>
<td><label for="mailto">To:</label></td><td><input name="mailto" type="text" value="<?php echo alt($_REQUEST['mailto'], $default_mailto) ?>" style="width: 99%"/></td> <td><label for="mailto">To:</label></td><td><input name="mailto" type="text" value="<?php echo alt($_REQUEST['mailto'], $default_mailto); ?>" style="width: 99%"/></td>
</tr><tr> </tr><tr>
<td><label for="subject">Subject:</label></td><td><input name="subject" type="text" value="<?php echo alt($_REQUEST['subject'], $default_mail_subject) ?>" style="width: 99%"/></td> <td><label for="subject">Subject:</label></td><td><input name="subject" type="text" value="<?php echo alt($_REQUEST['subject'], $default_mail_subject) ?>" style="width: 99%"/></td>
</tr><tr> </tr><tr>
<td colspan="2"><textarea name="mailtext" style="width: 99%; height: 15em"><?php echo alt($_REQUEST['mailtext'], $default_mail_text) ?></textarea></td> <td colspan="2"><textarea name="mailtext" style="width: 99%; height: 15em"><?php echo preg_replace('/USERNAME/', $fullname, alt($_REQUEST['mailtext'], $default_mail_text)) ?></textarea></td>
</tr><tr> </tr><tr>
<td colspan="2"><input type="submit" value="send email"/></td> <td colspan="2"><input type="submit" value="send email"/></td>
</tr></table> </tr></table>
@ -365,6 +372,6 @@
} }
} }
} }
?> ?>
</body> </body>
</html> </html>

Write Preview
Loading…
Cancel
Save