webservices/sharing-gallery
1
0
Fork 0
Code Issues Pull Requests Releases Activity

fixed qr code

Browse Source
This commit is contained in:
Marc Wäckerlin
2017-03-01 14:36:08 +00:00
parent 51eec30759
commit 3b8fba5d45
4 changed files with 459 additions and 361 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
ChangeLog
View File

@@ -0,0 +1,91 @@
2017-02-17 11:04
* [r13] debian/control.in:
backup
2017-01-14 10:26
* [r12] debian/control.in:
build system updated
2017-01-12 13:22
* [r11] ChangeLog, autogen.sh, ax_init_standard_project.m4,
bootstrap.sh, build-in-docker.conf, build-in-docker.sh,
debian/changelog.in, debian/control.in, resolve-debbuilddeps.sh,
resolve-rpmbuilddeps.sh:
update build system
2016-09-30 21:55
* [r10] ChangeLog[ADD], autogen.sh[ADD],
ax_cxx_compile_stdcxx_11.m4, ax_init_standard_project.m4,
bootstrap.sh, build-in-docker.conf[ADD], build-in-docker.sh,
doc/footer.html.in[ADD], doc/header.html.in[ADD],
doc/plantuml.jar[ADD], doc/style.css[ADD],
mac-create-app-bundle.sh, makefile_test.inc.am[ADD],
resolve-debbuilddeps.sh, resolve-rpmbuilddeps.sh,
sharing-gallery.desktop.in[ADD], sql-to-dot.sed:
build fixed
2016-04-04 09:47
* [r9] COPYING[DEL], ChangeLog[DEL], INSTALL[DEL]:
after migration to new svn server
2015-11-16 12:38 marc
* [r8] doc/doxyfile.in:
SVG must not be interactive for embedding in redmine
2015-11-09 22:52 marc
* [r7] COPYING[ADD], ChangeLog[ADD], INSTALL[ADD],
ax_init_standard_project.m4, bootstrap.sh,
resolve-debbuilddeps.sh, sql-to-dot.sed[ADD]:
build system updated
2015-11-07 10:47 marc
* [r6] bootstrap.sh, debian/control.in:
there is no qt4-default
2015-11-07 09:23 marc
* [r5] bootstrap.sh:
there is no qt4-default
2015-11-07 00:25 marc
* [r4] debian/control.in:
set Section
2015-11-05 12:54 marc
* [r3] bootstrap.sh, debian, debian/changelog.in[ADD],
debian/compat[ADD], debian/control.in[ADD], debian/docs[ADD],
debian/rules[ADD]:
updated build system
2015-11-05 10:23 marc
* [r2] .htaccess[DEL], AUTHORS[ADD], NEWS[ADD], README[ADD],
ax_check_qt.m4[ADD], ax_cxx_compile_stdcxx_11.m4[ADD],
ax_init_standard_project.m4[ADD], bootstrap.sh[ADD],
build-in-docker.sh[ADD], build-resource-file.sh[ADD],
configure.ac[ADD], debian[ADD], debian/changelog.in[ADD],
debian/compat[ADD], debian/control.in[ADD], debian/docs[ADD],
debian/rules[ADD], doc[ADD], doc/doxyfile.in[ADD],
doc/makefile.am[ADD], folder.png[DEL], html[ADD],
html/.htaccess[CPY], html/folder.png[CPY], html/index.php[CPY],
html/makefile.am[ADD], index.php[DEL],
mac-create-app-bundle.sh[ADD], makefile.am[ADD],
resolve-debbuilddeps.sh[ADD], resolve-rpmbuilddeps.sh[ADD],
sharing-gallery.spec.in[ADD]:
updated build system
2015-03-29 15:24 marc
* [r1] .[ADD], .htaccess[ADD], folder.png[ADD], index.php[ADD]:
initial files

6
etc/authentication.php
View File

@@ -23,12 +23,11 @@ if (!isset($_SERVER['PHP_AUTH_USER'])) {
ldap_start_tls($ldapconn) ldap_start_tls($ldapconn)
or error_die($ldapconn, "cannot start LDAP TLS"); or error_die($ldapconn, "cannot start LDAP TLS");
if ($ldapbind = @ldap_bind($ldapconn, $checkuser.'='.$tstusername.','.$ldapbase, $password)) { if ($ldapbind = @ldap_bind($ldapconn, $checkuser.'='.$tstusername.','.$ldapbase, $password)) {
$search = ldap_search($ldapconn, $ldapbase, $checkuser.'='.$tstusername, array('mail\ $search = ldap_search($ldapconn, $ldapbase, $checkuser.'='.$tstusername, array('mail', 'cn'));
', 'cn'));
$data = ldap_get_entries($ldapconn, $search); $data = ldap_get_entries($ldapconn, $search);
ldap_close($ldapconn); ldap_close($ldapconn);
$username = $tstusername; $username = $tstusername;
$email = array('count' => 1, 0 => $username.'@'.$_SERVER[HTTP_HOST]); $email = array('count' => 1, 0 => $username.'@'.$_SERVER['HTTP_HOST']);
$fullname = $username; $fullname = $username;
if ($data['count']==1) { if ($data['count']==1) {
if (isset($data[0]['mail'])) if (isset($data[0]['mail']))
@@ -36,6 +35,7 @@ if (!isset($_SERVER['PHP_AUTH_USER'])) {
if (isset($data[0]['cn'][0])) if (isset($data[0]['cn'][0]))
$fullname = $data[0]['cn'][0]; $fullname = $data[0]['cn'][0];
} }
error_log(print_r($data, true));
} else { } else {
error_log("user login failed: ".$checkuser.'='.$tstusername.','.$ldapbase); error_log("user login failed: ".$checkuser.'='.$tstusername.','.$ldapbase);
error_log(ldap_error($ldapconn)); error_log(ldap_error($ldapconn));

4
etc/settings.php
View File

@@ -1,12 +1,12 @@
<?php <?php
require_once('/usr/share/phpqrcode/qrlib.php'); // configure path to phpqrcode require_once('/usr/share/phpqrcode/phpqrcode.php'); // configure path to phpqrcode
$imagepath = "/path/to/your/files"; $imagepath = "/path/to/your/files";
$thumbpath = "/var/tmp/sharing-gallery/thumbnails/"; $thumbpath = "/var/tmp/sharing-gallery/thumbnails/";
$max_validity_days = "30"; $max_validity_days = "30";
$font = "DejaVu-Sans"; $font = "DejaVu-Sans";
$preview_num = "5"; $preview_num = "5";
$default_mail_subject = "Sharing Gallery: See my Fotos"; $default_mail_subject = "Sharing Gallery: See my Fotos";
$default_mail_text = "Fotos from my gallery:\n\npassword = PASSWORD\n\nlink: LINK\n\nRegards\nUSERNAME"; $default_mail_text = "Fotos from my gallery, please follow the link:\n\npassword: PASSWORD\n\nlink:\nLINK\n\nRegards\nUSERNAME";
$default_mailto = ""; $default_mailto = "";
$fallback_mail_replyto = ""; $fallback_mail_replyto = "";
?> ?>

715
html/index.php
View File

@@ -1,229 +1,231 @@
<?php <?php
mb_internal_encoding("utf8"); mb_internal_encoding("utf8");
$subpath=""; $subpath="";
$file=""; $file="";
$username=""; $username="";
function error_die($reason, $status='500 Internal Server Error') { function error_die($reason, $status='500 Internal Server Error') {
header("Expires: Tue, 01 Jan 2000 00:00:00 GMT"); header("Expires: Tue, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false); header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); header("Pragma: no-cache");
header('HTTP/1.0 '.$status); header('HTTP/1.0 '.$status);
die('<html><body><h1>Error: '.$status.'</h1><p>'.$reason.'</p>'); die('<html><body><h1>Error: '.$status.'</h1><p>'.$reason.'</p>');
} }
require('configuration.php'); require('configuration.php');
function alt(&$p1 = NULL, &$p2 = NULL, &$p3 = NULL) { function alt(&$p1 = NULL, &$p2 = NULL, &$p3 = NULL) {
if (isset($p1)) return $p1; if (isset($p1)) return $p1;
if (isset($p2)) return $p2; if (isset($p2)) return $p2;
return $p2; return $p2;
} }
function computeUnsignedChecksum($bytestring) { function computeUnsignedChecksum($bytestring) {
$unsigned_chksum = 0; $unsigned_chksum = 0;
for($i=0; $i<512; $i++) for($i=0; $i<512; $i++)
$unsigned_chksum += ord($bytestring[$i]); $unsigned_chksum += ord($bytestring[$i]);
for($i=0; $i<8; $i++) for($i=0; $i<8; $i++)
$unsigned_chksum -= ord($bytestring[148 + $i]); $unsigned_chksum -= ord($bytestring[148 + $i]);
$unsigned_chksum += ord(" ") * 8; $unsigned_chksum += ord(" ") * 8;
return $unsigned_chksum; return $unsigned_chksum;
} }
function tarHeader($Name, $Size, $information=NULL) { function tarHeader($Name, $Size, $information=NULL) {
if (strlen($Name)>99) { if (strlen($Name)>99) {
$ext = preg_replace('/.*\./', '', $Name); $ext = preg_replace('/.*\./', '', $Name);
$Name = substr($Name, 0, 98-strlen($ext)).'.'.$ext; $Name = substr($Name, 0, 98-strlen($ext)).'.'.$ext;
} }
$header = str_pad($Name,100,chr(0)); $header = str_pad($Name,100,chr(0));
$header .= str_pad("777",7,"0",STR_PAD_LEFT) . chr(0); $header .= str_pad("777",7,"0",STR_PAD_LEFT) . chr(0);
$header .= str_pad(decoct($information["user_id"]),7,"0",STR_PAD_LEFT) . chr(0); $header .= str_pad(decoct($information["user_id"]),7,"0",STR_PAD_LEFT) . chr(0);
$header .= str_pad(decoct($information["group_id"]),7,"0",STR_PAD_LEFT) . chr(0); $header .= str_pad(decoct($information["group_id"]),7,"0",STR_PAD_LEFT) . chr(0);
$header .= str_pad(decoct($Size),11,"0",STR_PAD_LEFT) . chr(0); $header .= str_pad(decoct($Size),11,"0",STR_PAD_LEFT) . chr(0);
$header .= str_pad(decoct(time(0)),11,"0",STR_PAD_LEFT) . chr(0); $header .= str_pad(decoct(time(0)),11,"0",STR_PAD_LEFT) . chr(0);
$header .= str_repeat(" ",8); $header .= str_repeat(" ",8);
$header .= "0"; $header .= "0";
$header .= str_repeat(chr(0),100); $header .= str_repeat(chr(0),100);
$header .= str_pad("ustar",6,chr(32)); $header .= str_pad("ustar",6,chr(32));
$header .= chr(32) . chr(0); $header .= chr(32) . chr(0);
$header .= str_pad($information["user_name"],32,chr(0)); $header .= str_pad($information["user_name"],32,chr(0));
$header .= str_pad($information["group_name"],32,chr(0)); $header .= str_pad($information["group_name"],32,chr(0));
$header .= str_repeat(chr(0),8); $header .= str_repeat(chr(0),8);
$header .= str_repeat(chr(0),8); $header .= str_repeat(chr(0),8);
$header .= str_repeat(chr(0),155); $header .= str_repeat(chr(0),155);
$header .= str_repeat(chr(0),12); $header .= str_repeat(chr(0),12);
$checksum = str_pad(decoct(computeUnsignedChecksum($header)),6,"0",STR_PAD_LEFT); $checksum = str_pad(decoct(computeUnsignedChecksum($header)),6,"0",STR_PAD_LEFT);
for($i=0; $i<6; $i++) { for($i=0; $i<6; $i++) {
$header[(148 + $i)] = substr($checksum,$i,1); $header[(148 + $i)] = substr($checksum,$i,1);
} }
$header[154] = chr(0); $header[154] = chr(0);
$header[155] = chr(32); $header[155] = chr(32);
return $header; return $header;
} }
function checkPath($pathToCheck) { function checkPath($pathToCheck) {
global $imagepath, $subpath; global $imagepath, $subpath;
$fullpath = $imagepath.'/'.$pathToCheck; $fullpath = $imagepath.'/'.$pathToCheck;
if ($fullpath==realpath($fullpath) && is_dir($fullpath)) { if ($fullpath==realpath($fullpath) && is_dir($fullpath)) {
$subpath=$pathToCheck; $subpath=$pathToCheck;
$imagepath = $fullpath; $imagepath = $fullpath;
} else { } else {
error_die('path not allowed: '.htmlentities($pathToCheck)); error_die('path not allowed: '.htmlentities($pathToCheck));
} }
} }
function checkFile($fileToCheck, $thumb = false) { function checkFile($fileToCheck, $thumb = false) {
global $imagepath, $file, $subpath, $thumbpath, $imgfile; global $imagepath, $file, $subpath, $thumbpath, $imgfile;
if (!preg_match('/\//', $fileToCheck) && is_file($imagepath.'/'.$fileToCheck)) { if (!preg_match('/\//', $fileToCheck) && is_file($imagepath.'/'.$fileToCheck)) {
$imgfile = $fileToCheck; $imgfile = $fileToCheck;
} else { } else {
error_die('file not found', '404 Not Found'); error_die('file not found', '404 Not Found');
} }
if ($thumb) { // image from thumbnail path if ($thumb) { // image from thumbnail path
$file = $thumbpath.'/'.$subpath.'/'.$fileToCheck; $file = $thumbpath.'/'.$subpath.'/'.$fileToCheck;
if (!is_dir($thumbpath.'/'.$subpath)) mkdir($thumbpath.'/'.$subpath, 0777, true); if (!is_dir($thumbpath.'/'.$subpath)) mkdir($thumbpath.'/'.$subpath, 0777, true);
if (!is_file($file)) { // create thumbnail if (!is_file($file)) { // create thumbnail
$image = new Imagick(); $image = new Imagick();
$image->readImage($imagepath.'/'.$fileToCheck); $image->readImage($imagepath.'/'.$fileToCheck);
$image->thumbnailImage(200, 200, true); $image->thumbnailImage(200, 200, true);
$image->writeImage($file); $image->writeImage($file);
} }
} else { } else {
$file = $imagepath.'/'.$fileToCheck; $file = $imagepath.'/'.$fileToCheck;
} }
} }
function returnFile($file) { function returnFile($file) {
$ext=strtolower(preg_replace('/.*\./', '', $file)); $ext=strtolower(preg_replace('/.*\./', '', $file));
switch ($ext) { switch ($ext) {
case 'jpg': case 'jpeg': $type="image/jpeg"; break; case 'jpg': case 'jpeg': $type="image/jpeg"; break;
case 'tif': case 'tiff': $type="image/tiff"; break; case 'tif': case 'tiff': $type="image/tiff"; break;
case 'gif': $type="image/gif"; break; case 'gif': $type="image/gif"; break;
case 'png': $type="image/png"; break; case 'png': $type="image/png"; break;
case 'bmp': $type="image/bmp"; break; case 'bmp': $type="image/bmp"; break;
} }
if (!is_file($file)) { if (!is_file($file)) {
error_die('file does not exist', '404 Not Found'); error_die('file does not exist', '404 Not Found');
} }
if (!isset($_REQUEST['view'])) { if (!isset($_REQUEST['view'])) {
header('Content-type: '.$type); header('Content-type: '.$type);
header('Content-Length: '.filesize($file)); header('Content-Length: '.filesize($file));
header('Content-Transfer-Encoding: binary'); header('Content-Transfer-Encoding: binary');
flush(); flush();
readfile($file); readfile($file);
exit; exit;
} }
} }
function extractDir($path) { function extractDir($path) {
$res['dirs'] = array(); $res['dirs'] = array();
$res['files'] = array(); $res['files'] = array();
if ($d=opendir($path)) { if ($d=opendir($path)) {
while (false!==($f=readdir($d))) while (false!==($f=readdir($d)))
if (!preg_match('/^\./', $f) && is_dir($path.'/'.$f)) if (!preg_match('/^\./', $f) && is_dir($path.'/'.$f))
$res['dirs'][] = $f; $res['dirs'][] = $f;
elseif (!preg_match('/^\./', $f) && is_file($path.'/'.$f)) elseif (!preg_match('/^\./', $f) && is_file($path.'/'.$f))
switch (strtolower(preg_replace('/.*\./', '', $f))) { switch (strtolower(preg_replace('/.*\./', '', $f))) {
case "jpg": case "jpeg": case "png": case "jpg": case "jpeg": case "png":
$res['files'][] = $f; $res['files'][] = $f;
} }
} }
closedir($d); closedir($d);
asort($res['dirs']); asort($res['dirs']);
asort($res['dirs']); asort($res['dirs']);
return $res; return $res;
} }
/*function encrypt2($text) { /*function encrypt2($text) {
global $_REQUEST, $server_password; global $_REQUEST, $server_password;
return bin2hex(mcrypt_encrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB)); return bin2hex(mcrypt_encrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB));
} }
function decrypt2($text) { function decrypt2($text) {
global $_REQUEST, $server_password; global $_REQUEST, $server_password;
return unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB))); return unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB)));
}*/ }*/
function encrypt($text, $password = NULL) { function encrypt($text, $password = NULL) {
global $_REQUEST, $server_password; global $_REQUEST, $server_password;
if (!$password) $password = $_REQUEST['password']; if (!$password) $password = $_REQUEST['password'];
return base64_encode(mcrypt_encrypt(MCRYPT_BLOWFISH, $password+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB)); return base64_encode(mcrypt_encrypt(MCRYPT_BLOWFISH, $password+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB));
} }
function decrypt($text) { function decrypt($text) {
global $_REQUEST, $server_password; global $_REQUEST, $server_password;
$res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, base64_decode($text), MCRYPT_MODE_ECB))); $res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, base64_decode($text), MCRYPT_MODE_ECB)));
if (!$res) $res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB))); if (!$res) $res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB)));
return $res; return $res;
} }
function makelink($link, $img, $filename, $style="") { function makelink($link, $img, $filename, $style="") {
echo '<a href="'.$link.'"><img src="'.$img.'" alt="'.htmlentities($filename).'" '.$style.'/></a>'; echo '<a href="'.$link.'"><img src="'.$img.'" alt="'.htmlentities($filename).'" '.$style.'/></a>';
} }
function linkorselect($link, $img, $filename) { function linkorselect($link, $img, $filename) {
if (isset($_REQUEST['select'])) { if (isset($_REQUEST['select'])) {
echo '<input type="checkbox" id="'.htmlentities($filename).'" name="elements[]" value="'.htmlentities($filename).'" />'; echo '<input type="checkbox" id="'.htmlentities($filename).'" name="elements[]" value="'.htmlentities($filename).'" />';
echo '<label for="'.htmlentities($filename).'"><img src="'.$img.'" alt="'.htmlentities($filename).'"/></label>'; echo '<label for="'.htmlentities($filename).'"><img src="'.$img.'" alt="'.htmlentities($filename).'"/></label>';
} else { } else {
makelink($link, $img, $filename); makelink($link, $img, $filename);
} }
} }
if (!isset($_REQUEST['secret'])) { if (!isset($_REQUEST['secret'])) {
if ($username=="") error_die('not authorized', '403 Forbidden'); if ($username=="") error_die('not authorized', '403 Forbidden');
if (isset($_REQUEST['path'])) checkPath($_REQUEST['path']); if (isset($_REQUEST['qrcode'])) {
if (isset($_REQUEST['folder']) && !preg_match('/\//', $_REQUEST['folder'])) { QRcode::png((isset($_SERVER['HTTPS']) ? 'https' : 'http')
$file = $thumbpath.'/folders/'.$subpath.'/'.$_REQUEST['folder'].'.png'; .'://'.$_SERVER['HTTP_HOST'].explode('?', $_SERVER['REQUEST_URI'])[0].'?secret='.$_REQUEST['qrcode']);
$type="image/png"; exit;
if (!is_dir($thumbpath.'/folders/'.$subpath)) mkdir($thumbpath.'/folders/'.$subpath, 0777, true); } else {
if (!is_file($file)) { // create folder image if (isset($_REQUEST['path'])) checkPath($_REQUEST['path']);
$txt = wordwrap(preg_replace('/ +/', ' ', preg_replace('/-/', ' - ', preg_replace('/_/', " ", $_REQUEST['folder']))), 16, "\n", true); if (isset($_REQUEST['folder']) && !preg_match('/\//', $_REQUEST['folder'])) {
$image = new Imagick(); $file = $thumbpath.'/folders/'.$subpath.'/'.$_REQUEST['folder'].'.png';
$image->readImage('folder.png'); // read local template file $type="image/png";
$draw = new ImagickDraw(); if (!is_dir($thumbpath.'/folders/'.$subpath)) mkdir($thumbpath.'/folders/'.$subpath, 0777, true);
$draw->setFillColor('black'); if (!is_file($file)) { // create folder image
$draw->setFont($font); $txt = wordwrap(preg_replace('/ +/', ' ', preg_replace('/-/', ' - ', preg_replace('/_/', " ", $_REQUEST['folder']))), 16, "\n", true);
if (mb_strlen($txt)<2) { $image = new Imagick();
$draw->setFontSize(60); $image->readImage('folder.png'); // read local template file
$x = 75; $draw = new ImagickDraw();
} else { $draw->setFillColor('black');
$draw->setFontSize(15); $draw->setFont($font);
$x = 50; if (mb_strlen($txt)<2) {
} $draw->setFontSize(60);
$image->annotateImage($draw, 10, $x, 0, $txt); $x = 75;
$image->writeImage($file); } else {
} $draw->setFontSize(15);
} elseif (isset($_REQUEST['file'])) checkFile($_REQUEST['file'], isset($_REQUEST['thumb'])); $x = 50;
if ($file!="") returnFile($file); }
} else { $image->annotateImage($draw, 10, $x, 0, $txt);
if (isset($_REQUEST['password'])) { $image->writeImage($file);
$secret = decrypt($_REQUEST['secret']) or error_die('bad password', '403 Forbidden'); }
if (!isset($secret['valid-until'])) error_die('missing validation date'); } elseif (isset($_REQUEST['file'])) checkFile($_REQUEST['file'], isset($_REQUEST['thumb']));
if (!isset($max_validity_days)) error_die('maximum validity days not set'); if ($file!="") returnFile($file);
if (strtotime($secret['valid-until'])>time()+((int)$max_validity_days)*86400) error_die('validity limitation not respected'); }
if (strtotime($secret['valid-until'])<time()) error_die('sharing request timed out', '410 Gone'); } else {
checkPath($secret['path']); if (isset($_REQUEST['password'])) {
if (isset($secret['file'])) { $secret = decrypt($_REQUEST['secret']) or error_die('bad password', '403 Forbidden');
checkFile($secret['file'], true); if (!isset($secret['valid-until'])) error_die('missing validation date');
if ($file!="") returnFile($file); if (!isset($max_validity_days)) error_die('maximum validity days not set');
} if (strtotime($secret['valid-until'])>time()+((int)$max_validity_days)*86400) error_die('validity limitation not respected');
foreach ($secret['elements'] as $f) checkFile($f); if (strtotime($secret['valid-until'])<time()) error_die('sharing request timed out', '410 Gone');
if (isset($_REQUEST['download'])) { checkPath($secret['path']);
$secret = decrypt($_REQUEST['secret']) or error_die('bad password', '403 Forbidden'); if (isset($secret['file'])) {
if (!isset($secret['valid-until'])) error_die('missing validation date'); checkFile($secret['file'], true);
if (strtotime($secret['valid-until'])<time()) error_die('sharing request timed out', '410 Gone'); if ($file!="") returnFile($file);
if (isset($secret['elements'])) { }
$size = 0; foreach ($secret['elements'] as $f) checkFile($f);
foreach ($secret['elements'] as $f) { if (isset($_REQUEST['download'])) {
checkFile($f); $secret = decrypt($_REQUEST['secret']) or error_die('bad password', '403 Forbidden');
$size += 512 + ceil(filesize($file)/512)*512; if (!isset($secret['valid-until'])) error_die('missing validation date');
$files[] = $file; if (strtotime($secret['valid-until'])<time()) error_die('sharing request timed out', '410 Gone');
} if (isset($secret['elements'])) {
header('Content-Description: File Transfer'); $size = 0;
header('Content-Type: application/x-tar'); foreach ($secret['elements'] as $f) {
header('Content-Length: '.$size); checkFile($f);
header('Content-Disposition: attachment; filename=shared-images.tar'); $size += 512 + ceil(filesize($file)/512)*512;
foreach($files as $f) { $files[] = $file;
print tarHeader('shared-images/'.basename($f), filesize($f)); }
readfile($f); header('Content-Description: File Transfer');
print str_repeat(chr(0), ceil(filesize($f)/512)*512-filesize($f)); header('Content-Type: application/x-tar');
} header('Content-Length: '.$size);
exit; header('Content-Disposition: attachment; filename=shared-images.tar');
} foreach($files as $f) {
} print tarHeader('shared-images/'.basename($f), filesize($f));
} elseif (isset($_REQUEST['qrcode'])) { readfile($f);
QRcode::png((isset($_SERVER['HTTPS']) ? 'https' : 'http') print str_repeat(chr(0), ceil(filesize($f)/512)*512-filesize($f));
.'://'.$_SERVER[HTTP_HOST].$_SERVER[REQUEST_URI].'?secret='.$_REQUEST['secret']); }
exit; exit;
} }
} }
}
}
?><!DOCTYPE html> ?><!DOCTYPE html>
<html> <html>
<header> <header>
@@ -231,140 +233,145 @@
</header> </header>
<body> <body>
<?php <?php
if ($username=="") { if ($username=="") {
if (isset($_REQUEST['password'])) { if (isset($_REQUEST['password'])) {
?> ?>
<h1>Shared Files</h1> <h1>Shared Files</h1>
<p>Download shared files as a <a href="http://de.wikipedia.org/wiki/Tar">Tape-ARchive</a> (tar) file.</p> <p>Download shared files as a <a href="http://de.wikipedia.org/wiki/Tar">Tape-ARchive</a> (tar) file.</p>
<p><form method="POST"> <p><form method="POST">
<input type="hidden" name="secret" value="<?php echo htmlentities($_REQUEST['secret']) ?>"/> <input type="hidden" name="secret" value="<?php echo htmlentities($_REQUEST['secret']) ?>"/>
<input type="hidden" name="password" value="<?php echo htmlentities($_REQUEST['password']) ?>"/> <input type="hidden" name="password" value="<?php echo htmlentities($_REQUEST['password']) ?>"/>
<input type="hidden" name="download"/> <input type="hidden" name="download"/>
<input type="submit" value="download"/> <input type="submit" value="download"/>
</form></p> </form></p>
<?php <?php
foreach ($secret['elements'] as $f) { foreach ($secret['elements'] as $f) {
$secret['path'] = $subpath; $secret['path'] = $subpath;
$secret['file'] = $f; $secret['file'] = $f;
$secret['valid-until'] = date('c', time()+30); $secret['valid-until'] = date('c', time()+30);
$password=str_shuffle(sha1(rand().time()."Js83aéa")); $password=str_shuffle(sha1(rand().time()."Js83aéa"));
echo '<img src="?secret='.urlencode(encrypt($secret, $password)).'&password='.urlencode($password).'" alt="'.htmlentities($f).'"/>'; echo '<img src="?secret='.urlencode(encrypt($secret, $password)).'&password='.urlencode($password).'" alt="'.htmlentities($f).'"/>';
}
} else {
?>
<h1>Password Required</h2>
<p>Enter password to start download of images as a Tape-ARchive (tar) file.</p>
<form method="POST">
<input type="hidden" name="secret" value="<?php echo htmlentities($_REQUEST['secret']) ?>"/>
<input type="password" name="password"/>
<input type="submit" value="show"/>
</form>
<?php
} }
} else { } else {
?> ?>
<h1>Gallery: <?php echo htmlentities($username).' @ '.htmlentities($subpath) ?></h1> <h1>Password Required</h2>
<?php <p>Enter password to start download of images as a Tape-ARchive (tar) file.</p>
if (isset($_REQUEST['share'])) { <form method="POST">
echo '<a href="?path='.urlencode($subpath).'"><img src="?folder=←" alt="←"/></a><br/>'; <input type="hidden" name="secret" value="<?php echo htmlentities($_REQUEST['secret']) ?>"/>
$key = $_REQUEST; <input type="password" name="password"/>
unset($key['password']); <input type="submit" value="show"/>
unset($key['share']); </form>
unset($key['select']); <?php
$secret=urlencode(encrypt($key));
$default_mailto = "";
if (isset($_REQUEST['mailto'])) {
$message = preg_replace('/PASSWORD/', $_REQUEST['password'], $_REQUEST['mailtext']);
$link = (isset($_SERVER['HTTPS'])?'https://':'http://').$_SERVER['HTTP_HOST'].explode('?', $_SERVER['REQUEST_URI'])[0].'?secret='.$secret;
if (preg_match('/LINK/', $message)) $message = preg_replace('/LINK/', $link, $message);
else $message .= "\n\n".$link;
if (mail($_REQUEST['mailto'], $_REQUEST['subject'], $message, 'From: '.$_REQUEST['replyto']."\r\n".'Reply-To: '.$_REQUEST['replyto'])) {
echo '<h2>Mail Successfully Sent</h2>';
echo '<p>Mail sent to '.$_REQUEST['mailto'].'.</p>';
echo '<p>You can send more mails, if you want ...</p>';
} else {
echo '<h2>Send Mail <strong>Failed</strong></h2>';
echo '<p>Try again ...</p>';
}
}
echo '<h2>Share Files</h2>';
echo '<p>Share files: Tell your friend the password on a separate channel and send this: <a href="?secret
='.$secret.'">Link to Share</a></p>';
?>
<img src="<?php echo (isset($_SERVER['HTTPS']) ? 'https' : 'http')
.'://'.$_SERVER[HTTP_HOST].$_SERVER[REQUEST_URI].'?secret='.$secret.'&qrcode=1'; ?>" />
<p>or Send Link in E-Mail:</p>
<form method="POST">
<table style="width: 100%"><tr>
<td><label for="replyto">From:</label></td><td><input name="replyto" type="text" value="<?php echo alt($_REQUEST['replyto'], $email, $fallback_mail_replyto) ?>" style="width: 99%"/></td>
</tr><tr>
<td><label for="mailto">To:</label></td><td><input name="mailto" type="text" value="<?php echo alt($_REQUEST['mailto'], $default_mailto) ?>" style="width: 99%"/></td>
</tr><tr>
<td><label for="subject">Subject:</label></td><td><input name="subject" type="text" value="<?php echo alt($_REQUEST['subject'], $default_mail_subject) ?>" style="width: 99%"/></td>
</tr><tr>
<td colspan="2"><textarea name="mailtext" style="width: 99%; height: 15em"><?php echo alt($_REQUEST['mailtext'], $default_mail_text) ?></textarea></td>
</tr><tr>
<td colspan="2"><input type="submit" value="send email"/></td>
</tr></table>
<?php
foreach ($_POST as $k => $v)
switch ($k) {
case 'replyto': case 'mailto': case 'subject': case 'mailtext': break;
default:
if (is_array($v)) foreach ($v as $e) echo '<input type="hidden" name="'.$k.'[]" value="'.$e.'"/>';
else echo '<input type="hidden" name="'.$k.'" value="'.$v.'"/>';
}
?>
</form>
<?php
foreach ($key['elements'] as $f)
makelink('?path='.urlencode($subpath).'&file='.urlencode($f).'&view', '?path='.urlencode($subpath).'&file='.urlencode($f).'&thumb', $f);
} else {
if (isset($_REQUEST['view'])) { // view single image
$objects = extractDir($imagepath);
$pos = array_search($imgfile, $objects['files']);
if ($pos>0)
echo '<a href="?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos-1]).'&view"><img src="?folder=←" alt="previous"/></a>';
echo '<a href="?path='.urlencode($subpath).'"><img src="?folder=↑" alt="↑"/></a>';
if ($pos<count($objects['files'])-1)
echo '<a href="?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos+1]).'&view"><img src="?folder=→" alt="next"/></a>';
echo '<div class="image"><img style="width: 100%" src="?path='.urlencode($subpath).'&file='.urlencode($imgfile).'" alt="'.urlencode($imgfile).'"/></div>';
if ($pos!==NULL) {
$lower = max(0, $pos-floor(((int)$preview_num)/2));
$higher = min(count($objects['files']), $lower+((int)$preview_num));
for ($i=$lower; $i<$higher; ++$i)
makelink('?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&view', '?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&thumb', $objects['files'][$i], 'style="width: '.round(100/($higher-$lower), 3).'%"');
}
} else { // gallery view
if (isset($_REQUEST['select'])) {
echo '<a href="?path='.urlencode($subpath).'">Normal-Modus</a>';
echo '<form method="POST">';
echo '<input type="hidden" name="path" value="'.htmlentities($subpath).'">';
echo '<label for="password">Passwort:</label>';
echo '<input type="text" size="5" name="password" value="'.substr(str_shuffle(strtolower(sha1(rand().time()."SeAG6"))),0,4).'">';
echo '<label for="valid-until">Gültig bis:</label>';
echo '<input type="date" size="10" name="valid-until" max="'.date('Y-m-d', time()+((int)$max_validity_days)*86400).'" value="'.date('Y-m-d', time()+14*86400).'"/>';
echo '<input type="submit" name="share" value="Teilen"/>';
} else {
echo '<a href="?path='.urlencode($subpath).'&select">Auswahl-Modus</a>';
}
echo '<div class="dirs">';
if (preg_match('/\//', $subpath)) {
echo '<a href="?path='.urlencode(preg_replace('/\/[^\/]+$/', '', $subpath)).'"><img src="?folder=↑" alt="↑"/></a>';
} elseif ($subpath!="") {
echo '<a href="?"><img src="?folder=↑" alt="↑"/></a>';
}
$objects = extractDir($imagepath);
foreach ($objects['dirs'] as $f)
makelink('?path='.urlencode($subpath.($subpath!=""?'/':'').$f), '?path='.urlencode($subpath).'&folder='.urlencode($f), $f);
echo '</div><div class="images">';
foreach ($objects['files'] as $f)
linkorselect('?path='.urlencode($subpath).'&file='.urlencode($f).'&view', '?path='.urlencode($subpath).'&file='.urlencode($f).'&thumb', $f);
echo '</div>';
if (isset($_REQUEST['select'])) echo '</form>';
}
}
} }
?> } else {
?>
<h1>Gallery: <?php echo htmlentities($username).' @ '.htmlentities($subpath) ?></h1>
<?php
if (isset($_REQUEST['share'])) {
echo '<a href="?path='.urlencode($subpath).'"><img src="?folder=←" alt="←"/></a><br/>';
$key = $_REQUEST;
unset($key['password']);
unset($key['share']);
unset($key['select']);
$secret=urlencode(encrypt($key));
$default_mailto = "";
if (isset($_REQUEST['mailto'])) {
if (preg_match('/LINK/', $message))
$message = preg_replace('/PASSWORD/', $_REQUEST['password'], $_REQUEST['mailtext']);
else
$message = $_REQUEST['mailtext']."\n\npassword: ".$REQUEST['password'];
$link = (isset($_SERVER['HTTPS'])?'https://':'http://').$_SERVER['HTTP_HOST'].explode('?', $_SERVER['REQUEST_URI'])[0].'?secret='.$secret;
if (preg_match('/LINK/', $message))
$message = preg_replace('/LINK/', $link, $message);
else
$message .= "\n\n".$link;
if (mail($_REQUEST['mailto'], $_REQUEST['subject'], $message, 'From: '.$_REQUEST['replyto']."\r\n".'Reply-To: '.$_REQUEST['replyto'])) {
echo '<h2>Mail Successfully Sent</h2>';
echo '<p>Mail sent to '.$_REQUEST['mailto'].'.</p>';
echo '<p>You can send more mails, if you want ...</p>';
} else {
echo '<h2>Send Mail <strong>Failed</strong></h2>';
echo '<p>Try again ...</p>';
}
}
echo '<h2>Share Files</h2>';
echo '<p>Share files: Tell your friend the password on a separate channel and send this: <a href="?secret
='.$secret.'">Link to Share</a></p>';
?>
<img src="<?php echo (isset($_SERVER['HTTPS']) ? 'https' : 'http')
.'://'.$_SERVER['HTTP_HOST'].explode('?', $_SERVER['REQUEST_URI'])[0].'?qrcode='.$secret; ?>" />
<p>or Send Link in E-Mail:</p>
<form method="POST">
<table style="width: 100%"><tr>
<td><label for="replyto">From:</label></td><td><input name="replyto" type="text" value="<?php echo alt($_REQUEST['replyto'], $email[0], $fallback_mail_replyto); ?>" list="emails" style="width: 99%"/><datalist id="emails"><?php for ($i=0; $i<$email['count']; ++$i) echo '<option value="'.$email[$i].'">'; ?></datalist></td>
</tr><tr>
<td><label for="mailto">To:</label></td><td><input name="mailto" type="text" value="<?php echo alt($_REQUEST['mailto'], $default_mailto); ?>" style="width: 99%"/></td>
</tr><tr>
<td><label for="subject">Subject:</label></td><td><input name="subject" type="text" value="<?php echo alt($_REQUEST['subject'], $default_mail_subject) ?>" style="width: 99%"/></td>
</tr><tr>
<td colspan="2"><textarea name="mailtext" style="width: 99%; height: 15em"><?php echo preg_replace('/USERNAME/', $fullname, alt($_REQUEST['mailtext'], $default_mail_text)) ?></textarea></td>
</tr><tr>
<td colspan="2"><input type="submit" value="send email"/></td>
</tr></table>
<?php
foreach ($_POST as $k => $v)
switch ($k) {
case 'replyto': case 'mailto': case 'subject': case 'mailtext': break;
default:
if (is_array($v)) foreach ($v as $e) echo '<input type="hidden" name="'.$k.'[]" value="'.$e.'"/>';
else echo '<input type="hidden" name="'.$k.'" value="'.$v.'"/>';
}
?>
</form>
<?php
foreach ($key['elements'] as $f)
makelink('?path='.urlencode($subpath).'&file='.urlencode($f).'&view', '?path='.urlencode($subpath).'&file='.urlencode($f).'&thumb', $f);
} else {
if (isset($_REQUEST['view'])) { // view single image
$objects = extractDir($imagepath);
$pos = array_search($imgfile, $objects['files']);
if ($pos>0)
echo '<a href="?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos-1]).'&view"><img src="?folder=←" alt="previous"/></a>';
echo '<a href="?path='.urlencode($subpath).'"><img src="?folder=↑" alt="↑"/></a>';
if ($pos<count($objects['files'])-1)
echo '<a href="?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos+1]).'&view"><img src="?folder=→" alt="next"/></a>';
echo '<div class="image"><img style="width: 100%" src="?path='.urlencode($subpath).'&file='.urlencode($imgfile).'" alt="'.urlencode($imgfile).'"/></div>';
if ($pos!==NULL) {
$lower = max(0, $pos-floor(((int)$preview_num)/2));
$higher = min(count($objects['files']), $lower+((int)$preview_num));
for ($i=$lower; $i<$higher; ++$i)
makelink('?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&view', '?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&thumb', $objects['files'][$i], 'style="width: '.round(100/($higher-$lower), 3).'%"');
}
} else { // gallery view
if (isset($_REQUEST['select'])) {
echo '<a href="?path='.urlencode($subpath).'">Normal-Modus</a>';
echo '<form method="POST">';
echo '<input type="hidden" name="path" value="'.htmlentities($subpath).'">';
echo '<label for="password">Passwort:</label>';
echo '<input type="text" size="5" name="password" value="'.substr(str_shuffle(strtolower(sha1(rand().time()."SeAG6"))),0,4).'">';
echo '<label for="valid-until">Gültig bis:</label>';
echo '<input type="date" size="10" name="valid-until" max="'.date('Y-m-d', time()+((int)$max_validity_days)*86400).'" value="'.date('Y-m-d', time()+14*86400).'"/>';
echo '<input type="submit" name="share" value="Teilen"/>';
} else {
echo '<a href="?path='.urlencode($subpath).'&select">Auswahl-Modus</a>';
}
echo '<div class="dirs">';
if (preg_match('/\//', $subpath)) {
echo '<a href="?path='.urlencode(preg_replace('/\/[^\/]+$/', '', $subpath)).'"><img src="?folder=↑" alt="↑"/></a>';
} elseif ($subpath!="") {
echo '<a href="?"><img src="?folder=↑" alt="↑"/></a>';
}
$objects = extractDir($imagepath);
foreach ($objects['dirs'] as $f)
makelink('?path='.urlencode($subpath.($subpath!=""?'/':'').$f), '?path='.urlencode($subpath).'&folder='.urlencode($f), $f);
echo '</div><div class="images">';
foreach ($objects['files'] as $f)
linkorselect('?path='.urlencode($subpath).'&file='.urlencode($f).'&view', '?path='.urlencode($subpath).'&file='.urlencode($f).'&thumb', $f);
echo '</div>';
if (isset($_REQUEST['select'])) echo '</form>';
}
}
}
?>
</body> </body>
</html> </html>