KAZ
/
depollueur
3
1
Fork 0
Code Issues Pull Requests Projects Releases Activity
Browse Source

add admin

develop
François 2 years ago
parent
48937012ca
commit
0d5609501a
1 changed files with 167 additions and 145 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 312
      src/Jirafeau/a.php

312
src/Jirafeau/a.php
View File

@ -27,7 +27,11 @@ define ('VAR_TOKENS', $cfg ['var_root'].'tokens/');
define ('VAR_TRACKS', $cfg ['var_root'].'tracks/');
define ('VAR_PERIOD', $cfg ['var_root'].'period/');
define ('VAR_FAKE', $cfg ['var_root'].'fake/');
define ('VAR_PRIVATE', $cfg ['var_root'].'private/');
define ('VAR_ADMIN', $cfg ['var_root'].'admin/');
$domain="kaz.local";
if (preg_match ("%^.*//([^/]*)/?.*$%", $cfg ['web_root'], $matches))
$domain = $matches [1];
define ('MAX_VALID_UPLOAD_TIME', 60);
define ('TOKEN_USE_LIMIT', "-2 hours");
@ -46,7 +50,7 @@ define ('M_TOO_LONG_LOGGED', "Temps de connexion dépassé.");
define ('M_EMAIL_CONTENT', "Bonjour,<br/><br/>Ceci est un message automatique, car vous venez de cliquer sur une demande de consultation de vos pi&egrave;ces jointes.<br/><br/>!!! Si vous n'&ecirc;tes pas &agrave; l'origine de cette demande, ne cliquez sur aucun lien de ce message. !!!<br/><br/>Le lien de connexion suivant est valable 15 minutes.<br/><a href=\"___LINK___\">___LINK___</a><br/><br/>Vous pouvez signaler des abus aupr&egrave;s de Kaz en faisant suivre ce message qui contient les traces de son &eacute;metteur (___IP___, ___DATE___).<br/><br/>Bonne navigation.<br/>.");
define ('M_DOWNLOAD', "T&eacute;l&eacute;charger");
define ('M_UPDATE', "Prolonger");
define ('M_EMAIL_SUBJECT', "Lien de consultation des envois de pièces jointes.");
define ('M_EMAIL_SUBJECT', "Lien de consultation des envois sur ".$domain.".");
define ('M_FILE', " fichier.");
define ('M_FILES', " fichiers.");
define ('M_FILES_NOT_FOUND', " fichiers sont expirés.");
@ -64,7 +68,7 @@ define ('M_LOGOUT', 'Deconnecter');
define ('M_REFRESH', 'Actualiser');
define ('M_LOGOUT_TOKEN', "Vous n'&ecirc;tes plus connect&eacute;.");
define ('M_SEND_TOKEN', "<br/><p>Vous allez recevoir un <b>lien d'acc&egrave;s temporaire</b> &agrave; vos donn&eacute;es.</p>");
define ('M_WELCOME', "<p>Informations concernant le compte : <b>___SENDER___</b><br/>(page actualis&eacute;e &agrave; ___DATE___)</p>");
define ('M_WELCOME', "<p>Informations concernant le compte : <b>___SENDER___</b>___ADMIN___<br/>(page actualis&eacute;e &agrave; ___DATE___)</p>");
define ('M_INCONSISTENT_DATES',
" (dates incoh&eacute;antes avec ___FILENAME___ : ___DIRTIME___ != ___FILETIME___)");
@ -126,7 +130,7 @@ if (isset ($_REQUEST [A_RECORD]) && !empty ($_REQUEST [A_RECORD])) {
if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_RECORD]))
$content = false.NL;
else
$content = getSenderTrack ($_REQUEST [A_RECORD]).NL;
$content = isSenderTrack ($_REQUEST [A_RECORD]).NL;
header ('HTTP/1.0 200 OK');
header ('Content-Length: ' . strlen ($content));
header ('Content-Type: text/plain');
@ -185,7 +189,7 @@ function rmSenderTrack ($sender) {
if (file_exists (VAR_TRACKS.$sender))
unlink (VAR_TRACKS.$sender);
}
function getSenderTrack ($sender) {
function isSenderTrack ($sender) {
return $sender && file_exists (VAR_TRACKS.$sender);
}
@ -211,7 +215,6 @@ function getSenderPeriod ($sender) {
return trim (file (VAR_PERIOD.$sender)[0]);
return DEFAULT_PERIOD;
}
function period2seconds ($periodName) {
if (!$periodName)
return JIRAFEAU_MONTH;
@ -326,12 +329,13 @@ function readArchiveFromLines ($lines) {
$archive [T_SIGN] = $matches [1];
break;
default:
global $message;
$message .= "<p>error:".$line."</p>";
$error = true;
break;
}
}
global $message, $admin;
if ($error && $admin)
$message .= "readArchiveFromLines <pre>".print_r ($lines, true)."</pre>";
return $error ? [] : $archive;
}
@ -386,8 +390,9 @@ function sendEMail ($receiver, $receiver_name, $subject, $body_string){
$mail->charSet = "UTF-8";
$mail->ContentType = 'text/html';
global $domain;
//Recipients (change this for every project)
$mail->setFrom ('no-reply@kaz.local', '');
$mail->setFrom ('no-reply@'.$domain, '');
$mail->addAddress ($receiver, $receiver_name);
//Content
@ -419,14 +424,12 @@ function cleanToken () {
unlink ($file);
}
}
function rmToken ($sender) {
if (!$sender)
return;
if (file_exists (VAR_TOKENS.$sender))
unlink (VAR_TOKENS.$sender);
}
function setToken ($sender) {
if (!$sender)
return;
@ -435,13 +438,11 @@ function setToken ($sender) {
return $token;
return false;
}
function setLoggedToken ($sender, $token) {
if (!$sender || !$token)
return;
file_put_contents (VAR_TOKENS.$sender, T_CREATE.": ".time ().NL.T_TOKEN.": ".$token.NL.T_LOGGED.": ok".NL);
}
function getTokenVar ($sender, $varName) {
if (!$sender)
return;
@ -452,25 +453,162 @@ function getTokenVar ($sender, $varName) {
return $matches [1];
return false;
}
function getToken ($sender) {
return getTokenVar ($sender, T_TOKEN,);
}
function getCreateToken ($sender) {
return getTokenVar ($sender, T_CREATE);
}
function getLoggedToken ($sender) {
return getTokenVar ($sender, T_LOGGED);
}
function getTimeToken ($sender) {
if (!$sender || !file_exists (VAR_TOKENS.$sender))
return false;
return filemtime (VAR_TOKENS.$sender);
}
// ========================================
function setAdmin ($sender) {
if (!$sender)
return;
if (!file_exists (VAR_ADMIN))
mkdir (VAR_ADMIN, 0755);
touch (VAR_ADMIN.$sender);
}
function rmAdmin ($sender) {
if (!$sender)
return;
if (file_exists (VAR_ADMIN.$sender))
unlink (VAR_ADMIN.$sender);
}
function isAdmin ($sender) {
return $sender && file_exists (VAR_ADMIN.$sender);
}
// ========================================
function deleteAction ($linkName) {
global $sender, $token, $message, $doLogout;
$link = jirafeau_get_link ($linkName);
//$message .= "ln: ".$linkName." l: "."<pre>".print_r ($link, 1)."</pre> mt: ".getTimeFile ($link ['hash'])."</br>";
if (!count ($link))
return;
if (isKazArchive ($link)) {
$dirName = $linkName;
$dirLink = $link;
$dirTime = $dirLink ['upload_date'];
$archiveInfo = readArchiveFromLink ($dirLink);
if (! count ($archiveInfo))
return;
if ($sender != $archiveInfo [T_SENDER]) {
setSenderFake ("rmdir: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, null);
$message .= "Tentative de supprimer un envoi dont vous n'&ecirc;tes pas le propri&eacute;taire";
return;
}
$fileToDelete = false;
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) {
$fileLink = jirafeau_get_link ($fileName);
if (! count ($fileLink))
continue;
$fileTime = $fileLink ['upload_date'];
if (! valideTime ($dirTime, $fileTime)) {
setSenderFake ("rmdir: newfile not same time", $sender, null, $dirLink, $fileLink);
$message .= "Cet envoi a &eacute;t&eacute; forg&eacute;e".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
return;
}
$fileToDelete = true;
}
$message .= "l'envoi ".$archiveInfo [T_TIME]." est supprim&eacute;";
if ($fileToDelete)
$message .= " avec<ul>";
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) {
$fileLink = jirafeau_get_link ($fileName);
if (! count ($fileLink))
continue;
$message .= "<li>".jirafeau_escape ($fileLink ['file_name'])."</li>";
jirafeau_delete_link ($fileName);
}
jirafeau_delete_link ($dirName);
$message .= $fileToDelete ? "</ul>" : ".";
return;
}
$fileName = $linkName;
$fileLink = $link;
$fileTime = $fileLink ['upload_date'];
$stack = array (VAR_LINKS);
while (($d = array_shift ($stack)) && $d != null) {
if (!file_exists ($d))
continue;
$dir = scandir ($d);
foreach ($dir as $dirName) {
if (strcmp ($dirName, '.') == 0 || strcmp ($dirName, '..') == 0 ||
preg_match ('/\.tmp/i', "$dirName")) {
continue;
}
if (is_dir ($d . $dirName)) {
$stack [] = $d . $dirName . '/';
continue;
}
$dirLink = jirafeau_get_link ($dirName);
//$dirTime = getTimeFile ($dirLink ['hash']);
$dirTime = $dirLink ['upload_date'];
if (!count ($dirLink))
continue;
if (!isKazArchive ($dirLink))
continue;
$archiveInfo = readArchiveFromLink ($dirLink);
if (! count ($archiveInfo))
return;
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$newName, $cryptKey]) {
if ($fileName != $newName)
continue;
if ($sender == $archiveInfo [T_SENDER]) {
if (valideTime ($dirTime, $fileTime)) {
jirafeau_delete_link ($fileName);
$message .= jirafeau_escape ($fileLink ['file_name'])." est supprim&eacute;";
// check empty dir
$empty = true;
foreach ([T_OLD, T_NEW] as $cat)
if ($empty && isset ($archiveInfo [$cat]))
foreach ($archiveInfo [$cat] as [$l, $c])
if (count (jirafeau_get_link ($l))) {
$empty = false;
break;
}
if ($empty) {
$message .= " ainsi que l'envoie ".$archiveInfo [T_TIME]." qui est vide.";
jirafeau_delete_link ($dirName);
} else
$message .= ".";
break;
}
setSenderFake ("rm: dir not same time", $sender, null, $dirLink, $fileLink);
$message .= "Cet envoi a &eacute;t&eacute; forg&eacute;e. ".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
break;
}
if (valideTime ($dirTime, $fileTime)) {
setSenderFake ("rm: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, $fileLink);
$message .= "Tentative de supprimer un envoi dont vous n'&ecirc;tes pas le propri&eacute;taire.".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
break;
}
setSenderFake ("rm: find not owner", $archiveInfo [T_SENDER], $sender, $dirLink, $fileLink);
$message .= "Quelqu'un av&eacute;tait revandiqu&eacute; cet envoi. (".$sender." != ".$archiveInfo [T_SENDER].")";
break;
}
}
}
}
// ========================================
if ($doUpload) {
$maxtime = time ()+period2seconds ($_REQUEST ['time']);
@ -532,7 +670,7 @@ if (isset ($_REQUEST [A_SENDER]) && !empty ($_REQUEST [A_SENDER])) {
// XXX
//if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_SENDER]))
if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_SENDER]))
$senderError=true;
$senderError = true;
else {
cleanToken ();
$sender = $_REQUEST [A_SENDER];
@ -700,8 +838,8 @@ if (isset ($_REQUEST [A_ACTION]) && $_REQUEST [A_ACTION] == T_LOGIN && $sender)
// XXX test token
$url = $urlBase.$_SERVER ['SCRIPT_NAME']."?".A_SENDER."=".$sender."&".A_TOKEN."=".$token;
$result = sendEMail ($sender, "", M_EMAIL_SUBJECT,
str_replace (["___LINK___", "___IP___", "___DATE___"],
[$url, $_SERVER ['HTTP_X_REAL_IP'] , date ("Y-m-d H:i:s")], M_EMAIL_CONTENT));
str_replace (["___LINK___", "___IP___", "___DATE___"],
[$url, $_SERVER ['HTTP_X_REAL_IP'] , date ("Y-m-d H:i:s")], M_EMAIL_CONTENT));
if ($result)
echo M_SEND_TOKEN;
else
@ -759,132 +897,12 @@ if (!getLoggedToken ($sender))
else
touch (VAR_TOKENS.$sender);
function deleteAction ($linkName) {
global $sender, $token, $message, $doLogout;
$link = jirafeau_get_link ($linkName);
//$message .= "ln: ".$linkName." l: "."<pre>".print_r ($link, 1)."</pre> mt: ".getTimeFile ($link ['hash'])."</br>";
if (!count ($link))
return;
if (isKazArchive ($link)) {
$dirName = $linkName;
$dirLink = $link;
$dirTime = $dirLink ['upload_date'];
$archiveInfo = readArchiveFromLink ($dirLink);
if (! count ($archiveInfo))
return;
if ($sender != $archiveInfo [T_SENDER]) {
setSenderFake ("rmdir: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, null);
$message .= "Tentative de supprimer un envoi dont vous n'&ecirc;tes pas le propri&eacute;taire";
return;
}
$fileToDelete = false;
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) {
$fileLink = jirafeau_get_link ($fileName);
if (! count ($fileLink))
continue;
$fileTime = $fileLink ['upload_date'];
if (! valideTime ($dirTime, $fileTime)) {
setSenderFake ("rmdir: newfile not same time", $sender, null, $dirLink, $fileLink);
$message .= "Cet envoi a &eacute;t&eacute; forg&eacute;e".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
return;
}
$fileToDelete = true;
}
$message .= "l'envoi ".$archiveInfo [T_TIME]." est supprim&eacute;";
if ($fileToDelete)
$message .= " avec<ul>";
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) {
$fileLink = jirafeau_get_link ($fileName);
if (! count ($fileLink))
continue;
$message .= "<li>".jirafeau_escape ($fileLink ['file_name'])."</li>";
jirafeau_delete_link ($fileName);
}
jirafeau_delete_link ($dirName);
$message .= $fileToDelete ? "</ul>" : ".";
return;
}
$fileName = $linkName;
$fileLink = $link;
$fileTime = $fileLink ['upload_date'];
$stack = array (VAR_LINKS);
while (($d = array_shift ($stack)) && $d != null) {
if (!file_exists ($d))
continue;
$dir = scandir ($d);
foreach ($dir as $dirName) {
if (strcmp ($dirName, '.') == 0 || strcmp ($dirName, '..') == 0 ||
preg_match ('/\.tmp/i', "$dirName")) {
continue;
}
if (is_dir ($d . $dirName)) {
$stack [] = $d . $dirName . '/';
continue;
}
$dirLink = jirafeau_get_link ($dirName);
//$dirTime = getTimeFile ($dirLink ['hash']);
$dirTime = $dirLink ['upload_date'];
if (!count ($dirLink))
continue;
if (!isKazArchive ($dirLink))
continue;
$archiveInfo = readArchiveFromLink ($dirLink);
if (! count ($archiveInfo))
return;
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$newName, $cryptKey]) {
if ($fileName != $newName)
continue;
if ($sender == $archiveInfo [T_SENDER]) {
if (valideTime ($dirTime, $fileTime)) {
jirafeau_delete_link ($fileName);
$message .= jirafeau_escape ($fileLink ['file_name'])." est supprim&eacute;";
// check empty dir
$empty = true;
foreach ([T_OLD, T_NEW] as $cat)
if ($empty && isset ($archiveInfo [$cat]))
foreach ($archiveInfo [$cat] as [$l, $c])
if (count (jirafeau_get_link ($l))) {
$empty = false;
break;
}
if ($empty) {
$message .= " ainsi que l'envoie ".$archiveInfo [T_TIME]." qui est vide.";
jirafeau_delete_link ($dirName);
} else
$message .= ".";
break;
}
setSenderFake ("rm: dir not same time", $sender, null, $dirLink, $fileLink);
$message .= "Cet envoi a &eacute;t&eacute; forg&eacute;e. ".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
break;
}
if (valideTime ($dirTime, $fileTime)) {
setSenderFake ("rm: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, $fileLink);
$message .= "Tentative de supprimer un envoi dont vous n'&ecirc;tes pas le propri&eacute;taire.".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
break;
}
setSenderFake ("rm: find not owner", $archiveInfo [T_SENDER], $sender, $dirLink, $fileLink);
$message .= "Quelqu'un av&eacute;tait revandiqu&eacute; cet envoi. (".$sender." != ".$archiveInfo [T_SENDER].")";
break;
}
}
}
}
// ========================================
// sender OK, token OK
// ========================================
$admin = isAdmin ($sender);
// delete
if (isset ($_REQUEST [A_DELETE])) {
if (!preg_match ('/[0-9a-zA-Z_-]+$/', $_REQUEST [A_DELETE]))
@ -896,7 +914,9 @@ if (isset ($_REQUEST [A_DELETE])) {
if ($doLogout || (isset ($_REQUEST [A_ACTION]) && $_REQUEST [A_ACTION] == T_LOGOUT)) {
rmToken ($sender);
require (JIRAFEAU_ROOT . 'lib/template/header.php');
echo str_replace (["___SENDER___", "___DATE___"], [$sender, jirafeau_get_datetimefield (time ())], M_WELCOME);
echo str_replace (["___SENDER___", "___ADMIN___", "___DATE___"],
[$sender, ($admin ? " (admin)" : ""), jirafeau_get_datetimefield (time ())],
M_WELCOME);
if ($message)
echo "<p>Info : ".$message."</p>";
echo M_LOGOUT;
@ -953,7 +973,9 @@ while ( ($d = array_shift ($stack)) && $d != null) {
}
}
require (JIRAFEAU_ROOT . 'lib/template/header.php');
echo str_replace (["___SENDER___", "___DATE___"], [$sender, jirafeau_get_datetimefield (time ())], M_WELCOME);
echo str_replace (["___SENDER___", "___ADMIN___", "___DATE___"],
[$sender, ($admin ? " (admin)" : ""), jirafeau_get_datetimefield (time ())],
M_WELCOME);
if ($message)
echo "<p>Info : ".$message."</p>";
echo '<script type="text/javascript">';
@ -1010,7 +1032,7 @@ div.frame {border: 1px; border-style: solid; padding: 1em; margin: 1em;}
--></style>
<?php
$defaultChecked = [];
$defaultChecked [getSenderTrack ($sender) ? "on" : "off"] = ' checked="checked"';
$defaultChecked [isSenderTrack ($sender) ? "on" : "off"] = ' checked="checked"';
$defaultChecked [getSenderPeriod ($sender)] = ' selected="selected"';
echo
'<form method="post">'.

Write Preview
Loading…
Cancel
Save