add admin

This commit is contained in:
François 2022-03-08 18:06:41 +01:00
parent 48937012ca
commit 0d5609501a

View File

@ -27,7 +27,11 @@ define ('VAR_TOKENS', $cfg ['var_root'].'tokens/');
define ('VAR_TRACKS', $cfg ['var_root'].'tracks/');
define ('VAR_PERIOD', $cfg ['var_root'].'period/');
define ('VAR_FAKE', $cfg ['var_root'].'fake/');
define ('VAR_PRIVATE', $cfg ['var_root'].'private/');
define ('VAR_ADMIN', $cfg ['var_root'].'admin/');
$domain="kaz.local";
if (preg_match ("%^.*//([^/]*)/?.*$%", $cfg ['web_root'], $matches))
$domain = $matches [1];
define ('MAX_VALID_UPLOAD_TIME', 60);
define ('TOKEN_USE_LIMIT', "-2 hours");
@ -46,7 +50,7 @@ define ('M_TOO_LONG_LOGGED', "Temps de connexion dépassé.");
define ('M_EMAIL_CONTENT', "Bonjour,<br/><br/>Ceci est un message automatique, car vous venez de cliquer sur une demande de consultation de vos pi&egrave;ces jointes.<br/><br/>!!! Si vous n'&ecirc;tes pas &agrave; l'origine de cette demande, ne cliquez sur aucun lien de ce message. !!!<br/><br/>Le lien de connexion suivant est valable 15 minutes.<br/><a href=\"___LINK___\">___LINK___</a><br/><br/>Vous pouvez signaler des abus aupr&egrave;s de Kaz en faisant suivre ce message qui contient les traces de son &eacute;metteur (___IP___, ___DATE___).<br/><br/>Bonne navigation.<br/>.");
define ('M_DOWNLOAD', "T&eacute;l&eacute;charger");
define ('M_UPDATE', "Prolonger");
define ('M_EMAIL_SUBJECT', "Lien de consultation des envois de pièces jointes.");
define ('M_EMAIL_SUBJECT', "Lien de consultation des envois sur ".$domain.".");
define ('M_FILE', " fichier.");
define ('M_FILES', " fichiers.");
define ('M_FILES_NOT_FOUND', " fichiers sont expirés.");
@ -64,7 +68,7 @@ define ('M_LOGOUT', 'Deconnecter');
define ('M_REFRESH', 'Actualiser');
define ('M_LOGOUT_TOKEN', "Vous n'&ecirc;tes plus connect&eacute;.");
define ('M_SEND_TOKEN', "<br/><p>Vous allez recevoir un <b>lien d'acc&egrave;s temporaire</b> &agrave; vos donn&eacute;es.</p>");
define ('M_WELCOME', "<p>Informations concernant le compte : <b>___SENDER___</b><br/>(page actualis&eacute;e &agrave; ___DATE___)</p>");
define ('M_WELCOME', "<p>Informations concernant le compte : <b>___SENDER___</b>___ADMIN___<br/>(page actualis&eacute;e &agrave; ___DATE___)</p>");
define ('M_INCONSISTENT_DATES',
" (dates incoh&eacute;antes avec ___FILENAME___ : ___DIRTIME___ != ___FILETIME___)");
@ -126,7 +130,7 @@ if (isset ($_REQUEST [A_RECORD]) && !empty ($_REQUEST [A_RECORD])) {
if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_RECORD]))
$content = false.NL;
else
$content = getSenderTrack ($_REQUEST [A_RECORD]).NL;
$content = isSenderTrack ($_REQUEST [A_RECORD]).NL;
header ('HTTP/1.0 200 OK');
header ('Content-Length: ' . strlen ($content));
header ('Content-Type: text/plain');
@ -185,7 +189,7 @@ function rmSenderTrack ($sender) {
if (file_exists (VAR_TRACKS.$sender))
unlink (VAR_TRACKS.$sender);
}
function getSenderTrack ($sender) {
function isSenderTrack ($sender) {
return $sender && file_exists (VAR_TRACKS.$sender);
}
@ -211,7 +215,6 @@ function getSenderPeriod ($sender) {
return trim (file (VAR_PERIOD.$sender)[0]);
return DEFAULT_PERIOD;
}
function period2seconds ($periodName) {
if (!$periodName)
return JIRAFEAU_MONTH;
@ -326,12 +329,13 @@ function readArchiveFromLines ($lines) {
$archive [T_SIGN] = $matches [1];
break;
default:
global $message;
$message .= "<p>error:".$line."</p>";
$error = true;
break;
}
}
global $message, $admin;
if ($error && $admin)
$message .= "readArchiveFromLines <pre>".print_r ($lines, true)."</pre>";
return $error ? [] : $archive;
}
@ -386,8 +390,9 @@ function sendEMail ($receiver, $receiver_name, $subject, $body_string){
$mail->charSet = "UTF-8";
$mail->ContentType = 'text/html';
global $domain;
//Recipients (change this for every project)
$mail->setFrom ('no-reply@kaz.local', '');
$mail->setFrom ('no-reply@'.$domain, '');
$mail->addAddress ($receiver, $receiver_name);
//Content
@ -419,14 +424,12 @@ function cleanToken () {
unlink ($file);
}
}
function rmToken ($sender) {
if (!$sender)
return;
if (file_exists (VAR_TOKENS.$sender))
unlink (VAR_TOKENS.$sender);
}
function setToken ($sender) {
if (!$sender)
return;
@ -435,13 +438,11 @@ function setToken ($sender) {
return $token;
return false;
}
function setLoggedToken ($sender, $token) {
if (!$sender || !$token)
return;
file_put_contents (VAR_TOKENS.$sender, T_CREATE.": ".time ().NL.T_TOKEN.": ".$token.NL.T_LOGGED.": ok".NL);
}
function getTokenVar ($sender, $varName) {
if (!$sender)
return;
@ -452,25 +453,162 @@ function getTokenVar ($sender, $varName) {
return $matches [1];
return false;
}
function getToken ($sender) {
return getTokenVar ($sender, T_TOKEN,);
}
function getCreateToken ($sender) {
return getTokenVar ($sender, T_CREATE);
}
function getLoggedToken ($sender) {
return getTokenVar ($sender, T_LOGGED);
}
function getTimeToken ($sender) {
if (!$sender || !file_exists (VAR_TOKENS.$sender))
return false;
return filemtime (VAR_TOKENS.$sender);
}
// ========================================
function setAdmin ($sender) {
if (!$sender)
return;
if (!file_exists (VAR_ADMIN))
mkdir (VAR_ADMIN, 0755);
touch (VAR_ADMIN.$sender);
}
function rmAdmin ($sender) {
if (!$sender)
return;
if (file_exists (VAR_ADMIN.$sender))
unlink (VAR_ADMIN.$sender);
}
function isAdmin ($sender) {
return $sender && file_exists (VAR_ADMIN.$sender);
}
// ========================================
function deleteAction ($linkName) {
global $sender, $token, $message, $doLogout;
$link = jirafeau_get_link ($linkName);
//$message .= "ln: ".$linkName." l: "."<pre>".print_r ($link, 1)."</pre> mt: ".getTimeFile ($link ['hash'])."</br>";
if (!count ($link))
return;
if (isKazArchive ($link)) {
$dirName = $linkName;
$dirLink = $link;
$dirTime = $dirLink ['upload_date'];
$archiveInfo = readArchiveFromLink ($dirLink);
if (! count ($archiveInfo))
return;
if ($sender != $archiveInfo [T_SENDER]) {
setSenderFake ("rmdir: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, null);
$message .= "Tentative de supprimer un envoi dont vous n'&ecirc;tes pas le propri&eacute;taire";
return;
}
$fileToDelete = false;
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) {
$fileLink = jirafeau_get_link ($fileName);
if (! count ($fileLink))
continue;
$fileTime = $fileLink ['upload_date'];
if (! valideTime ($dirTime, $fileTime)) {
setSenderFake ("rmdir: newfile not same time", $sender, null, $dirLink, $fileLink);
$message .= "Cet envoi a &eacute;t&eacute; forg&eacute;e".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
return;
}
$fileToDelete = true;
}
$message .= "l'envoi ".$archiveInfo [T_TIME]." est supprim&eacute;";
if ($fileToDelete)
$message .= " avec<ul>";
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) {
$fileLink = jirafeau_get_link ($fileName);
if (! count ($fileLink))
continue;
$message .= "<li>".jirafeau_escape ($fileLink ['file_name'])."</li>";
jirafeau_delete_link ($fileName);
}
jirafeau_delete_link ($dirName);
$message .= $fileToDelete ? "</ul>" : ".";
return;
}
$fileName = $linkName;
$fileLink = $link;
$fileTime = $fileLink ['upload_date'];
$stack = array (VAR_LINKS);
while (($d = array_shift ($stack)) && $d != null) {
if (!file_exists ($d))
continue;
$dir = scandir ($d);
foreach ($dir as $dirName) {
if (strcmp ($dirName, '.') == 0 || strcmp ($dirName, '..') == 0 ||
preg_match ('/\.tmp/i', "$dirName")) {
continue;
}
if (is_dir ($d . $dirName)) {
$stack [] = $d . $dirName . '/';
continue;
}
$dirLink = jirafeau_get_link ($dirName);
//$dirTime = getTimeFile ($dirLink ['hash']);
$dirTime = $dirLink ['upload_date'];
if (!count ($dirLink))
continue;
if (!isKazArchive ($dirLink))
continue;
$archiveInfo = readArchiveFromLink ($dirLink);
if (! count ($archiveInfo))
return;
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$newName, $cryptKey]) {
if ($fileName != $newName)
continue;
if ($sender == $archiveInfo [T_SENDER]) {
if (valideTime ($dirTime, $fileTime)) {
jirafeau_delete_link ($fileName);
$message .= jirafeau_escape ($fileLink ['file_name'])." est supprim&eacute;";
// check empty dir
$empty = true;
foreach ([T_OLD, T_NEW] as $cat)
if ($empty && isset ($archiveInfo [$cat]))
foreach ($archiveInfo [$cat] as [$l, $c])
if (count (jirafeau_get_link ($l))) {
$empty = false;
break;
}
if ($empty) {
$message .= " ainsi que l'envoie ".$archiveInfo [T_TIME]." qui est vide.";
jirafeau_delete_link ($dirName);
} else
$message .= ".";
break;
}
setSenderFake ("rm: dir not same time", $sender, null, $dirLink, $fileLink);
$message .= "Cet envoi a &eacute;t&eacute; forg&eacute;e. ".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
break;
}
if (valideTime ($dirTime, $fileTime)) {
setSenderFake ("rm: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, $fileLink);
$message .= "Tentative de supprimer un envoi dont vous n'&ecirc;tes pas le propri&eacute;taire.".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
break;
}
setSenderFake ("rm: find not owner", $archiveInfo [T_SENDER], $sender, $dirLink, $fileLink);
$message .= "Quelqu'un av&eacute;tait revandiqu&eacute; cet envoi. (".$sender." != ".$archiveInfo [T_SENDER].")";
break;
}
}
}
}
// ========================================
if ($doUpload) {
$maxtime = time ()+period2seconds ($_REQUEST ['time']);
@ -532,7 +670,7 @@ if (isset ($_REQUEST [A_SENDER]) && !empty ($_REQUEST [A_SENDER])) {
// XXX
//if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_SENDER]))
if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_SENDER]))
$senderError=true;
$senderError = true;
else {
cleanToken ();
$sender = $_REQUEST [A_SENDER];
@ -700,8 +838,8 @@ if (isset ($_REQUEST [A_ACTION]) && $_REQUEST [A_ACTION] == T_LOGIN && $sender)
// XXX test token
$url = $urlBase.$_SERVER ['SCRIPT_NAME']."?".A_SENDER."=".$sender."&".A_TOKEN."=".$token;
$result = sendEMail ($sender, "", M_EMAIL_SUBJECT,
str_replace (["___LINK___", "___IP___", "___DATE___"],
[$url, $_SERVER ['HTTP_X_REAL_IP'] , date ("Y-m-d H:i:s")], M_EMAIL_CONTENT));
str_replace (["___LINK___", "___IP___", "___DATE___"],
[$url, $_SERVER ['HTTP_X_REAL_IP'] , date ("Y-m-d H:i:s")], M_EMAIL_CONTENT));
if ($result)
echo M_SEND_TOKEN;
else
@ -759,132 +897,12 @@ if (!getLoggedToken ($sender))
else
touch (VAR_TOKENS.$sender);
function deleteAction ($linkName) {
global $sender, $token, $message, $doLogout;
$link = jirafeau_get_link ($linkName);
//$message .= "ln: ".$linkName." l: "."<pre>".print_r ($link, 1)."</pre> mt: ".getTimeFile ($link ['hash'])."</br>";
if (!count ($link))
return;
if (isKazArchive ($link)) {
$dirName = $linkName;
$dirLink = $link;
$dirTime = $dirLink ['upload_date'];
$archiveInfo = readArchiveFromLink ($dirLink);
if (! count ($archiveInfo))
return;
if ($sender != $archiveInfo [T_SENDER]) {
setSenderFake ("rmdir: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, null);
$message .= "Tentative de supprimer un envoi dont vous n'&ecirc;tes pas le propri&eacute;taire";
return;
}
$fileToDelete = false;
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) {
$fileLink = jirafeau_get_link ($fileName);
if (! count ($fileLink))
continue;
$fileTime = $fileLink ['upload_date'];
if (! valideTime ($dirTime, $fileTime)) {
setSenderFake ("rmdir: newfile not same time", $sender, null, $dirLink, $fileLink);
$message .= "Cet envoi a &eacute;t&eacute; forg&eacute;e".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
return;
}
$fileToDelete = true;
}
$message .= "l'envoi ".$archiveInfo [T_TIME]." est supprim&eacute;";
if ($fileToDelete)
$message .= " avec<ul>";
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) {
$fileLink = jirafeau_get_link ($fileName);
if (! count ($fileLink))
continue;
$message .= "<li>".jirafeau_escape ($fileLink ['file_name'])."</li>";
jirafeau_delete_link ($fileName);
}
jirafeau_delete_link ($dirName);
$message .= $fileToDelete ? "</ul>" : ".";
return;
}
$fileName = $linkName;
$fileLink = $link;
$fileTime = $fileLink ['upload_date'];
$stack = array (VAR_LINKS);
while (($d = array_shift ($stack)) && $d != null) {
if (!file_exists ($d))
continue;
$dir = scandir ($d);
foreach ($dir as $dirName) {
if (strcmp ($dirName, '.') == 0 || strcmp ($dirName, '..') == 0 ||
preg_match ('/\.tmp/i', "$dirName")) {
continue;
}
if (is_dir ($d . $dirName)) {
$stack [] = $d . $dirName . '/';
continue;
}
$dirLink = jirafeau_get_link ($dirName);
//$dirTime = getTimeFile ($dirLink ['hash']);
$dirTime = $dirLink ['upload_date'];
if (!count ($dirLink))
continue;
if (!isKazArchive ($dirLink))
continue;
$archiveInfo = readArchiveFromLink ($dirLink);
if (! count ($archiveInfo))
return;
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$newName, $cryptKey]) {
if ($fileName != $newName)
continue;
if ($sender == $archiveInfo [T_SENDER]) {
if (valideTime ($dirTime, $fileTime)) {
jirafeau_delete_link ($fileName);
$message .= jirafeau_escape ($fileLink ['file_name'])." est supprim&eacute;";
// check empty dir
$empty = true;
foreach ([T_OLD, T_NEW] as $cat)
if ($empty && isset ($archiveInfo [$cat]))
foreach ($archiveInfo [$cat] as [$l, $c])
if (count (jirafeau_get_link ($l))) {
$empty = false;
break;
}
if ($empty) {
$message .= " ainsi que l'envoie ".$archiveInfo [T_TIME]." qui est vide.";
jirafeau_delete_link ($dirName);
} else
$message .= ".";
break;
}
setSenderFake ("rm: dir not same time", $sender, null, $dirLink, $fileLink);
$message .= "Cet envoi a &eacute;t&eacute; forg&eacute;e. ".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
break;
}
if (valideTime ($dirTime, $fileTime)) {
setSenderFake ("rm: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, $fileLink);
$message .= "Tentative de supprimer un envoi dont vous n'&ecirc;tes pas le propri&eacute;taire.".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
break;
}
setSenderFake ("rm: find not owner", $archiveInfo [T_SENDER], $sender, $dirLink, $fileLink);
$message .= "Quelqu'un av&eacute;tait revandiqu&eacute; cet envoi. (".$sender." != ".$archiveInfo [T_SENDER].")";
break;
}
}
}
}
// ========================================
// sender OK, token OK
// ========================================
$admin = isAdmin ($sender);
// delete
if (isset ($_REQUEST [A_DELETE])) {
if (!preg_match ('/[0-9a-zA-Z_-]+$/', $_REQUEST [A_DELETE]))
@ -896,7 +914,9 @@ if (isset ($_REQUEST [A_DELETE])) {
if ($doLogout || (isset ($_REQUEST [A_ACTION]) && $_REQUEST [A_ACTION] == T_LOGOUT)) {
rmToken ($sender);
require (JIRAFEAU_ROOT . 'lib/template/header.php');
echo str_replace (["___SENDER___", "___DATE___"], [$sender, jirafeau_get_datetimefield (time ())], M_WELCOME);
echo str_replace (["___SENDER___", "___ADMIN___", "___DATE___"],
[$sender, ($admin ? " (admin)" : ""), jirafeau_get_datetimefield (time ())],
M_WELCOME);
if ($message)
echo "<p>Info : ".$message."</p>";
echo M_LOGOUT;
@ -953,7 +973,9 @@ while ( ($d = array_shift ($stack)) && $d != null) {
}
}
require (JIRAFEAU_ROOT . 'lib/template/header.php');
echo str_replace (["___SENDER___", "___DATE___"], [$sender, jirafeau_get_datetimefield (time ())], M_WELCOME);
echo str_replace (["___SENDER___", "___ADMIN___", "___DATE___"],
[$sender, ($admin ? " (admin)" : ""), jirafeau_get_datetimefield (time ())],
M_WELCOME);
if ($message)
echo "<p>Info : ".$message."</p>";
echo '<script type="text/javascript">';
@ -1010,7 +1032,7 @@ div.frame {border: 1px; border-style: solid; padding: 1em; margin: 1em;}
--></style>
<?php
$defaultChecked = [];
$defaultChecked [getSenderTrack ($sender) ? "on" : "off"] = ' checked="checked"';
$defaultChecked [isSenderTrack ($sender) ? "on" : "off"] = ' checked="checked"';
$defaultChecked [getSenderPeriod ($sender)] = ' selected="selected"';
echo
'<form method="post">'.