429 lines
17 KiB
PHP
429 lines
17 KiB
PHP
<?php
|
|
mb_internal_encoding("utf8");
|
|
$subpath = "";
|
|
$file = "";
|
|
$username = "";
|
|
$myurl = (isset($_SERVER['HTTPS']) ? 'https' : 'http')
|
|
.'://'.$_SERVER['HTTP_HOST']
|
|
.explode('?', (isset($_SERVER['HTTP_X_ORIGINAL_REQUEST'])
|
|
? $_SERVER['HTTP_X_ORIGINAL_REQUEST']
|
|
: $_SERVER['REQUEST_URI']))[0];
|
|
function error_die($reason, $status='500 Internal Server Error') {
|
|
header("Expires: Tue, 01 Jan 2000 00:00:00 GMT");
|
|
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
|
|
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
|
|
header("Cache-Control: post-check=0, pre-check=0", false);
|
|
header("Pragma: no-cache");
|
|
header('HTTP/1.0 '.$status);
|
|
die('<html><body><h1>Error: '.$status.'</h1><p>'.$reason.'</p>');
|
|
}
|
|
require('configuration.php');
|
|
function alt(&$p1 = NULL, &$p2 = NULL, &$p3 = NULL) {
|
|
if (isset($p1)) return $p1;
|
|
if (isset($p2)) return $p2;
|
|
return $p2;
|
|
}
|
|
function computeUnsignedChecksum($bytestring) {
|
|
$unsigned_chksum = 0;
|
|
for($i=0; $i<512; $i++)
|
|
$unsigned_chksum += ord($bytestring[$i]);
|
|
for($i=0; $i<8; $i++)
|
|
$unsigned_chksum -= ord($bytestring[148 + $i]);
|
|
$unsigned_chksum += ord(" ") * 8;
|
|
return $unsigned_chksum;
|
|
}
|
|
function tarHeader($Name, $Size, $information=NULL) {
|
|
if (strlen($Name)>99) {
|
|
$ext = preg_replace('/.*\./', '', $Name);
|
|
$Name = substr($Name, 0, 98-strlen($ext)).'.'.$ext;
|
|
}
|
|
$header = str_pad($Name,100,chr(0));
|
|
$header .= str_pad("777",7,"0",STR_PAD_LEFT) . chr(0);
|
|
$header .= str_pad(decoct($information["user_id"]),7,"0",STR_PAD_LEFT) . chr(0);
|
|
$header .= str_pad(decoct($information["group_id"]),7,"0",STR_PAD_LEFT) . chr(0);
|
|
$header .= str_pad(decoct($Size),11,"0",STR_PAD_LEFT) . chr(0);
|
|
$header .= str_pad(decoct(time(0)),11,"0",STR_PAD_LEFT) . chr(0);
|
|
$header .= str_repeat(" ",8);
|
|
$header .= "0";
|
|
$header .= str_repeat(chr(0),100);
|
|
$header .= str_pad("ustar",6,chr(32));
|
|
$header .= chr(32) . chr(0);
|
|
$header .= str_pad($information["user_name"],32,chr(0));
|
|
$header .= str_pad($information["group_name"],32,chr(0));
|
|
$header .= str_repeat(chr(0),8);
|
|
$header .= str_repeat(chr(0),8);
|
|
$header .= str_repeat(chr(0),155);
|
|
$header .= str_repeat(chr(0),12);
|
|
$checksum = str_pad(decoct(computeUnsignedChecksum($header)),6,"0",STR_PAD_LEFT);
|
|
for($i=0; $i<6; $i++) {
|
|
$header[(148 + $i)] = substr($checksum,$i,1);
|
|
}
|
|
$header[154] = chr(0);
|
|
$header[155] = chr(32);
|
|
return $header;
|
|
}
|
|
function checkPath($pathToCheck) {
|
|
global $imagepath, $subpath;
|
|
$fullpath = preg_replace('/\/$/', '', $imagepath.'/'.$pathToCheck);
|
|
if ($fullpath==realpath($fullpath) && is_dir($fullpath)) {
|
|
$subpath=$pathToCheck;
|
|
$imagepath = $fullpath;
|
|
} else {
|
|
error_die('path not allowed: '.htmlentities($pathToCheck));
|
|
}
|
|
}
|
|
function checkFile($fileToCheck, $thumb = false) {
|
|
global $imagepath, $file, $subpath, $thumbpath, $imgfile;
|
|
if (!preg_match('/\//', $fileToCheck) && is_file($imagepath.'/'.$fileToCheck)) {
|
|
$imgfile = $fileToCheck;
|
|
} else {
|
|
error_die('file not found', '404 Not Found');
|
|
}
|
|
if ($thumb) { // image from thumbnail path
|
|
$file = $thumbpath.'/'.$subpath.'/'.$fileToCheck;
|
|
if (!is_dir($thumbpath.'/'.$subpath)) mkdir($thumbpath.'/'.$subpath, 0777, true);
|
|
if (!is_file($file)) { // create thumbnail
|
|
$image = new Imagick();
|
|
$image->readImage($imagepath.'/'.$fileToCheck);
|
|
$image->thumbnailImage(200, 200, true);
|
|
$image->writeImage($file);
|
|
}
|
|
} else {
|
|
$file = $imagepath.'/'.$fileToCheck;
|
|
}
|
|
}
|
|
function returnFile($file) {
|
|
$ext=strtolower(preg_replace('/.*\./', '', $file));
|
|
switch ($ext) {
|
|
case 'jpg': case 'jpeg': $type="image/jpeg"; break;
|
|
case 'tif': case 'tiff': $type="image/tiff"; break;
|
|
case 'gif': $type="image/gif"; break;
|
|
case 'png': $type="image/png"; break;
|
|
case 'bmp': $type="image/bmp"; break;
|
|
}
|
|
if (!is_file($file)) {
|
|
error_die('file does not exist', '404 Not Found');
|
|
}
|
|
if (!isset($_REQUEST['view'])) {
|
|
header('Content-type: '.$type);
|
|
header('Content-Length: '.filesize($file));
|
|
header('Content-Transfer-Encoding: binary');
|
|
flush();
|
|
readfile($file);
|
|
exit;
|
|
}
|
|
}
|
|
function extractDir($path) {
|
|
$res['dirs'] = array();
|
|
$res['files'] = array();
|
|
if ($d=opendir($path)) {
|
|
while (false!==($f=readdir($d)))
|
|
if (!preg_match('/^\./', $f) && is_dir($path.'/'.$f))
|
|
$res['dirs'][] = $f;
|
|
elseif (!preg_match('/^\./', $f) && is_file($path.'/'.$f))
|
|
switch (strtolower(preg_replace('/.*\./', '', $f))) {
|
|
case "jpg": case "jpeg": case "png":
|
|
$res['files'][] = $f;
|
|
}
|
|
}
|
|
closedir($d);
|
|
asort($res['dirs']);
|
|
asort($res['dirs']);
|
|
return $res;
|
|
}
|
|
/*function encrypt2($text) {
|
|
global $_REQUEST, $server_password;
|
|
return bin2hex(mcrypt_encrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB));
|
|
}
|
|
function decrypt2($text) {
|
|
global $_REQUEST, $server_password;
|
|
return unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB)));
|
|
}*/
|
|
function encrypt($text, $password = NULL) {
|
|
global $_REQUEST, $server_password;
|
|
if (!$password) $password = $_REQUEST['password'];
|
|
return base64_encode(mcrypt_encrypt(MCRYPT_BLOWFISH, $password+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB));
|
|
}
|
|
function decrypt($text) {
|
|
global $_REQUEST, $server_password;
|
|
$res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, base64_decode($text), MCRYPT_MODE_ECB)));
|
|
if (!$res) $res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB)));
|
|
return $res;
|
|
}
|
|
function makelink($link, $img, $filename, $style="") {
|
|
echo '<a href="'.$link.'"><img src="'.$img.'" alt="'.htmlentities($filename).'" '.$style.'/></a>';
|
|
}
|
|
function linkorselect($link, $img, $filename) {
|
|
if (isset($_REQUEST['select'])) {
|
|
echo '<input type="checkbox" id="'.htmlentities($filename).'" name="elements[]" value="'.htmlentities($filename).'" />';
|
|
echo '<label for="'.htmlentities($filename).'"><img class="thumbnail" src="'.$img.'" alt="'.htmlentities($filename).'"/></label>';
|
|
} else {
|
|
makelink($link, $img, $filename, 'class="thumbnail"');
|
|
}
|
|
}
|
|
|
|
function pageheader($arrows=NULL) {
|
|
global $username, $subpath;
|
|
?>
|
|
<div id="header">
|
|
<h1>Gallery: <?php echo htmlentities($username).($subpath?'@'.htmlentities($subpath):'') ?></h1>
|
|
<?php
|
|
if ($arrows) {
|
|
?>
|
|
<span id="arrows"><?php echo $arrows ?></span>
|
|
<?php
|
|
}
|
|
?>
|
|
</div>
|
|
<?php
|
|
}
|
|
|
|
function gallery() {
|
|
global $subpath, $imagepath, $max_validity_days;
|
|
$arrows = '';
|
|
if (preg_match('/\//', $subpath)) {
|
|
$arrows = '<a href="?path='.urlencode(preg_replace('/\/[^\/]+$/', '', $subpath)).'" title="up">↑</a>';
|
|
} elseif ($subpath!="") {
|
|
$arrows = '<a href="?" title="up">↑</a>';
|
|
}
|
|
pageheader($arrows);
|
|
if (isset($_REQUEST['select'])) {
|
|
echo '<a href="?path='.urlencode($subpath).'">Normal-Modus</a>';
|
|
echo '<form method="POST">';
|
|
echo '<input type="hidden" name="path" value="'.htmlentities($subpath).'">';
|
|
echo '<label for="password">Passwort:</label>';
|
|
echo '<input type="text" size="5" name="password" value="'.substr(str_shuffle(strtolower(sha1(rand().time()."SeAG6"))),0,4).'">';
|
|
echo '<label for="valid-until">Gültig bis:</label>';
|
|
echo '<input type="date" size="10" name="valid-until" max="'.date('Y-m-d', time()+((int)$max_validity_days)*86400).'" value="'.date('Y-m-d', time()+14*86400).'"/>';
|
|
echo '<input type="submit" name="share" value="Teilen"/>';
|
|
} else {
|
|
echo '<a href="?path='.urlencode($subpath).'&select">Auswahl-Modus</a>';
|
|
}
|
|
echo '<div class="dirs">';
|
|
$objects = extractDir($imagepath);
|
|
foreach ($objects['dirs'] as $f)
|
|
makelink('?path='.urlencode($subpath.($subpath!=""?'/':'').$f), '?path='.urlencode($subpath).'&folder='.urlencode($f), $f, 'class="folder"');
|
|
echo '</div><div class="images">';
|
|
foreach ($objects['files'] as $f)
|
|
linkorselect('?path='.urlencode($subpath).'&file='.urlencode($f).'&view', '?path='.urlencode($subpath).'&file='.urlencode($f).'&thumb', $f);
|
|
echo '</div>';
|
|
if (isset($_REQUEST['select'])) echo '</form>';
|
|
}
|
|
|
|
function singleimage() {
|
|
global $subpath, $imagepath, $imgfile, $preview_num;
|
|
$objects = extractDir($imagepath);
|
|
$pos = array_search($imgfile, $objects['files']);
|
|
$arrows='';
|
|
if ($pos>0)
|
|
$arrows .= '<a href="?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos-1]).'&view" title="previous">←</a>';
|
|
$arrows .= '<a href="?path='.urlencode($subpath).'" title="back">↑</a>';
|
|
if ($pos<count($objects['files'])-1)
|
|
$arrows .= '<a href="?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$pos+1]).'&view" title="next">→</a>';
|
|
pageheader($arrows);
|
|
echo '<div class="image"><img class="image" src="?path='.urlencode($subpath).'&file='.urlencode($imgfile).'" alt="'.urlencode($imgfile).'"/></div>';
|
|
if ($pos!==NULL) {
|
|
$lower = max(0, $pos-floor(((int)$preview_num)/2));
|
|
$higher = min(count($objects['files']), $lower+((int)$preview_num));
|
|
for ($i=$lower; $i<$higher; ++$i)
|
|
makelink('?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&view', '?path='.urlencode($subpath).'&file='.urlencode($objects['files'][$i]).'&thumb', $objects['files'][$i], 'style="width: '.round(100/($higher-$lower), 3).'%" class="thumbnail"');
|
|
}
|
|
}
|
|
|
|
function share() {
|
|
global $subpath, $myurl, $email, $fullname, $default_mail_text, $default_mail_subject;
|
|
pageheader('<a href="?path='.urlencode($subpath).'">←</a>');
|
|
$key = $_REQUEST;
|
|
unset($key['password']);
|
|
unset($key['share']);
|
|
unset($key['select']);
|
|
$secret=urlencode(encrypt($key));
|
|
$default_mailto = "";
|
|
if (isset($_REQUEST['mailto'])) {
|
|
if (preg_match('/PASSWORD/', $_REQUEST['mailtext']))
|
|
$message = preg_replace('/PASSWORD/', $_REQUEST['password'], $_REQUEST['mailtext']);
|
|
else
|
|
$message = $_REQUEST['mailtext']."\n\npassword: ".$_REQUEST['password'];
|
|
$link = $myurl.'?secret='.$secret;
|
|
if (preg_match('/LINK/', $message))
|
|
$message = preg_replace('/LINK/', $link, $message);
|
|
else
|
|
$message .= "\n\n".$link;
|
|
if (mail($_REQUEST['mailto'], $_REQUEST['subject'], $message, 'From: '.$_REQUEST['replyto']."\r\n".'Reply-To: '.$_REQUEST['replyto'])) {
|
|
echo '<h2>Mail Successfully Sent</h2>';
|
|
echo '<p>Mail sent to '.$_REQUEST['mailto'].'.</p>';
|
|
echo '<p>You can send more mails, if you want ...</p>';
|
|
} else {
|
|
echo '<h2>Send Mail <strong>Failed</strong></h2>';
|
|
echo '<p>Try again ...</p>';
|
|
}
|
|
}
|
|
echo '<h2>Share Files</h2>';
|
|
echo '<p>Share files: Tell your friend the password on a separate channel and send this: <a href="?secret='.$secret.'">Link to Share</a></p>';
|
|
?>
|
|
<img src="<?php echo $myurl.'?qrcode='.$secret; ?>" />
|
|
<p>or Send Link in E-Mail:</p>
|
|
<form method="POST">
|
|
<table style="width: 100%"><tr>
|
|
<td><label for="replyto">From:</label></td><td><input name="replyto" type="text" value="<?php echo alt($_REQUEST['replyto'], $email[0], $fallback_mail_replyto); ?>" list="emails" style="width: 99%"/><datalist id="emails"><?php for ($i=0; $i<$email['count']; ++$i) echo '<option value="'.$email[$i].'">'; ?></datalist></td>
|
|
</tr><tr>
|
|
<td><label for="mailto">To:</label></td><td><input name="mailto" type="text" value="<?php echo alt($_REQUEST['mailto'], $default_mailto); ?>" style="width: 99%"/></td>
|
|
</tr><tr>
|
|
<td><label for="subject">Subject:</label></td><td><input name="subject" type="text" value="<?php echo alt($_REQUEST['subject'], $default_mail_subject) ?>" style="width: 99%"/></td>
|
|
</tr><tr>
|
|
<td colspan="2"><textarea name="mailtext" style="width: 99%; height: 15em"><?php echo preg_replace('/USERNAME/', $fullname, alt($_REQUEST['mailtext'], $default_mail_text)) ?></textarea></td>
|
|
</tr><tr>
|
|
<td colspan="2"><input type="submit" value="send email"/></td>
|
|
</tr></table>
|
|
<?php
|
|
foreach ($_POST as $k => $v)
|
|
switch ($k) {
|
|
case 'replyto': case 'mailto': case 'subject': case 'mailtext': break;
|
|
default:
|
|
if (is_array($v)) foreach ($v as $e) echo '<input type="hidden" name="'.$k.'[]" value="'.$e.'"/>';
|
|
else echo '<input type="hidden" name="'.$k.'" value="'.$v.'"/>';
|
|
}
|
|
?>
|
|
</form>
|
|
<?php
|
|
if (isset($key['elements'])) foreach ($key['elements'] as $f)
|
|
makelink('?path='.urlencode($subpath).'&file='.urlencode($f).'&view',
|
|
'?path='.urlencode($subpath).'&file='.urlencode($f).'&thumb',
|
|
$f, 'class="thumbnail"');
|
|
}
|
|
|
|
function getpassword() {
|
|
?>
|
|
<h1>Password Required</h2>
|
|
<p>Enter password to start download of images as a Tape-ARchive (tar) file.</p>
|
|
<form method="POST">
|
|
<input type="hidden" name="secret" value="<?php echo htmlentities($_REQUEST['secret']) ?>"/>
|
|
<input type="password" name="password"/>
|
|
<input type="submit" value="show"/>
|
|
</form>
|
|
<?php
|
|
}
|
|
|
|
function sharedfiles() {
|
|
global $subpath;
|
|
$secret = decrypt($_REQUEST['secret']) or error_die('bad password', '403 Forbidden'); ?>
|
|
<h1>Shared Files</h1>
|
|
<p>Download shared files as a <a href="http://de.wikipedia.org/wiki/Tar">Tape-ARchive</a> (tar) file.</p>
|
|
<p><form method="POST">
|
|
<input type="hidden" name="secret" value="<?php echo htmlentities($_REQUEST['secret']) ?>"/>
|
|
<input type="hidden" name="password" value="<?php echo htmlentities($_REQUEST['password']) ?>"/>
|
|
<input type="hidden" name="download"/>
|
|
<input type="submit" value="download"/>
|
|
</form></p>
|
|
<?php
|
|
foreach ($secret['elements'] as $f) {
|
|
$secret['path'] = $subpath;
|
|
$secret['file'] = $f;
|
|
$secret['valid-until'] = date('c', time()+30);
|
|
$password=str_shuffle(sha1(rand().time()."Js83aéa"));
|
|
echo '<img src="?secret='.urlencode(encrypt($secret, $password)).'&password='.urlencode($password).'" alt="'.htmlentities($f).'"/>';
|
|
}
|
|
}
|
|
|
|
if (!isset($_REQUEST['secret'])) {
|
|
if ($username=="") error_die('not authorized', '403 Forbidden');
|
|
if (isset($_REQUEST['qrcode'])) {
|
|
QRcode::png($myurl.'?secret='.$_REQUEST['qrcode']);
|
|
exit;
|
|
} else {
|
|
if (isset($_REQUEST['path'])) checkPath($_REQUEST['path']);
|
|
if (isset($_REQUEST['folder']) && !preg_match('/\//', $_REQUEST['folder'])) {
|
|
$file = $thumbpath.'/folders/'.$subpath.'/'.$_REQUEST['folder'].'.png';
|
|
$type="image/png";
|
|
if (!is_dir($thumbpath.'/folders/'.$subpath)) mkdir($thumbpath.'/folders/'.$subpath, 0777, true);
|
|
if (!is_file($file)) { // create folder image
|
|
$txt = wordwrap(preg_replace('/ +/', ' ', preg_replace('/-/', ' - ', preg_replace('/_/', " ", $_REQUEST['folder']))), 16, "\n", true);
|
|
$image = new Imagick();
|
|
$image->readImage('folder.png'); // read local template file
|
|
$draw = new ImagickDraw();
|
|
$draw->setFillColor('black');
|
|
$draw->setFont($font);
|
|
if (mb_strlen($txt)<2) {
|
|
$draw->setFontSize(60);
|
|
$x = 75;
|
|
} else {
|
|
$draw->setFontSize(15);
|
|
$x = 50;
|
|
}
|
|
$image->annotateImage($draw, 10, $x, 0, $txt);
|
|
$image->writeImage($file);
|
|
}
|
|
} elseif (isset($_REQUEST['file'])) checkFile($_REQUEST['file'], isset($_REQUEST['thumb']));
|
|
if ($file!="") returnFile($file);
|
|
}
|
|
} else {
|
|
if (isset($_REQUEST['password'])) {
|
|
$secret = decrypt($_REQUEST['secret']) or error_die('bad password', '403 Forbidden');
|
|
if (!isset($secret['valid-until'])) error_die('missing validation date');
|
|
if (!isset($max_validity_days)) error_die('maximum validity days not set');
|
|
if (strtotime($secret['valid-until'])>time()+((int)$max_validity_days)*86400) error_die('validity limitation not respected');
|
|
if (strtotime($secret['valid-until'])<time()) error_die('sharing request timed out', '410 Gone');
|
|
checkPath($secret['path']);
|
|
if (isset($secret['file'])) {
|
|
checkFile($secret['file'], true);
|
|
if ($file!="") returnFile($file);
|
|
}
|
|
foreach ($secret['elements'] as $f) checkFile($f);
|
|
if (isset($_REQUEST['download'])) {
|
|
$secret = decrypt($_REQUEST['secret']) or error_die('bad password', '403 Forbidden');
|
|
if (!isset($secret['valid-until'])) error_die('missing validation date');
|
|
if (strtotime($secret['valid-until'])<time()) error_die('sharing request timed out', '410 Gone');
|
|
if (isset($secret['elements'])) {
|
|
$size = 0;
|
|
foreach ($secret['elements'] as $f) {
|
|
checkFile($f);
|
|
$size += 512 + ceil(filesize($file)/512)*512;
|
|
$files[] = $file;
|
|
}
|
|
header('Content-Description: File Transfer');
|
|
header('Content-Type: application/x-tar');
|
|
header('Content-Length: '.$size);
|
|
header('Content-Disposition: attachment; filename=shared-images.tar');
|
|
foreach($files as $f) {
|
|
print tarHeader('shared-images/'.basename($f), filesize($f));
|
|
readfile($f);
|
|
print str_repeat(chr(0), ceil(filesize($f)/512)*512-filesize($f));
|
|
}
|
|
exit;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
?><!DOCTYPE html>
|
|
<html>
|
|
<header>
|
|
<meta charset="utf-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<link rel="stylesheet" href="style.css">
|
|
</header>
|
|
<body>
|
|
<?php
|
|
if ($username=="") {
|
|
if (isset($_REQUEST['password'])) {
|
|
sharedfiles();
|
|
} else {
|
|
getpassword();
|
|
}
|
|
} else {
|
|
?>
|
|
<?php
|
|
if (isset($_REQUEST['share'])) {
|
|
share();
|
|
} else {
|
|
if (isset($_REQUEST['view'])) { // view single image
|
|
singleimage();
|
|
} else { // gallery view
|
|
gallery();
|
|
}
|
|
}
|
|
}
|
|
?>
|
|
</body>
|
|
</html>
|