@ -27,7 +27,11 @@ define ('VAR_TOKENS', $cfg ['var_root'].'tokens/');
define ('VAR_TRACKS', $cfg ['var_root'].'tracks/');
define ('VAR_PERIOD', $cfg ['var_root'].'period/');
define ('VAR_FAKE', $cfg ['var_root'].'fake/');
define ('VAR_PRIVATE', $cfg ['var_root'].'private/');
define ('VAR_ADMIN', $cfg ['var_root'].'admin/');
$domain="kaz.local";
if (preg_match ("%^.*//([^/]*)/?.*$%", $cfg ['web_root'], $matches))
$domain = $matches [1];
define ('MAX_VALID_UPLOAD_TIME', 60);
define ('TOKEN_USE_LIMIT', "-2 hours");
@ -46,7 +50,7 @@ define ('M_TOO_LONG_LOGGED', "Temps de connexion dépassé.");
define ('M_EMAIL_CONTENT', "Bonjour,< br / > < br / > Ceci est un message automatique, car vous venez de cliquer sur une demande de consultation de vos piè ces jointes.< br / > < br / > !!! Si vous n'ê tes pas à l'origine de cette demande, ne cliquez sur aucun lien de ce message. !!!< br / > < br / > Le lien de connexion suivant est valable 15 minutes.< br / > < a href = \"___LINK___\" > ___LINK___< / a > < br / > < br / > Vous pouvez signaler des abus auprè s de Kaz en faisant suivre ce message qui contient les traces de son é metteur (___IP___, ___DATE___).< br / > < br / > Bonne navigation.< br / > .");
define ('M_DOWNLOAD', "Té lé charger");
define ('M_UPDATE', "Prolonger");
define ('M_EMAIL_SUBJECT', "Lien de consultation des envois de pièces jointes .");
define ('M_EMAIL_SUBJECT', "Lien de consultation des envois sur ".$domain." .");
define ('M_FILE', " fichier.");
define ('M_FILES', " fichiers.");
define ('M_FILES_NOT_FOUND', " fichiers sont expirés.");
@ -64,7 +68,7 @@ define ('M_LOGOUT', 'Deconnecter');
define ('M_REFRESH', 'Actualiser');
define ('M_LOGOUT_TOKEN', "Vous n'ê tes plus connecté .");
define ('M_SEND_TOKEN', "< br / > < p > Vous allez recevoir un < b > lien d'accè s temporaire< / b > à vos donné es.< / p > ");
define ('M_WELCOME', "< p > Informations concernant le compte : < b > ___SENDER___< / b > < br / > (page actualisé e à ___DATE___)< / p > ");
define ('M_WELCOME', "< p > Informations concernant le compte : < b > ___SENDER___< / b > ___ADMIN___ < br / > (page actualisé e à ___DATE___)< / p > ");
define ('M_INCONSISTENT_DATES',
" (dates incohé antes avec ___FILENAME___ : ___DIRTIME___ != ___FILETIME___)");
@ -126,7 +130,7 @@ if (isset ($_REQUEST [A_RECORD]) && !empty ($_REQUEST [A_RECORD])) {
if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_RECORD]))
$content = false.NL;
else
$content = get SenderTrack ($_REQUEST [A_RECORD]).NL;
$content = is SenderTrack ($_REQUEST [A_RECORD]).NL;
header ('HTTP/1.0 200 OK');
header ('Content-Length: ' . strlen ($content));
header ('Content-Type: text/plain');
@ -185,7 +189,7 @@ function rmSenderTrack ($sender) {
if (file_exists (VAR_TRACKS.$sender))
unlink (VAR_TRACKS.$sender);
}
function get SenderTrack ($sender) {
function is SenderTrack ($sender) {
return $sender & & file_exists (VAR_TRACKS.$sender);
}
@ -211,7 +215,6 @@ function getSenderPeriod ($sender) {
return trim (file (VAR_PERIOD.$sender)[0]);
return DEFAULT_PERIOD;
}
function period2seconds ($periodName) {
if (!$periodName)
return JIRAFEAU_MONTH;
@ -326,12 +329,13 @@ function readArchiveFromLines ($lines) {
$archive [T_SIGN] = $matches [1];
break;
default:
global $message;
$message .= "< p > error:".$line."< / p > ";
$error = true;
break;
}
}
global $message, $admin;
if ($error & & $admin)
$message .= "readArchiveFromLines < pre > ".print_r ($lines, true)."< / pre > ";
return $error ? [] : $archive;
}
@ -386,8 +390,9 @@ function sendEMail ($receiver, $receiver_name, $subject, $body_string){
$mail->charSet = "UTF-8";
$mail->ContentType = 'text/html';
global $domain;
//Recipients (change this for every project)
$mail->setFrom ('no-reply@kaz.local ', '');
$mail->setFrom ('no-reply@'.$domain , '');
$mail->addAddress ($receiver, $receiver_name);
//Content
@ -419,14 +424,12 @@ function cleanToken () {
unlink ($file);
}
}
function rmToken ($sender) {
if (!$sender)
return;
if (file_exists (VAR_TOKENS.$sender))
unlink (VAR_TOKENS.$sender);
}
function setToken ($sender) {
if (!$sender)
return;
@ -435,13 +438,11 @@ function setToken ($sender) {
return $token;
return false;
}
function setLoggedToken ($sender, $token) {
if (!$sender || !$token)
return;
file_put_contents (VAR_TOKENS.$sender, T_CREATE.": ".time ().NL.T_TOKEN.": ".$token.NL.T_LOGGED.": ok".NL);
}
function getTokenVar ($sender, $varName) {
if (!$sender)
return;
@ -452,25 +453,162 @@ function getTokenVar ($sender, $varName) {
return $matches [1];
return false;
}
function getToken ($sender) {
return getTokenVar ($sender, T_TOKEN,);
}
function getCreateToken ($sender) {
return getTokenVar ($sender, T_CREATE);
}
function getLoggedToken ($sender) {
return getTokenVar ($sender, T_LOGGED);
}
function getTimeToken ($sender) {
if (!$sender || !file_exists (VAR_TOKENS.$sender))
return false;
return filemtime (VAR_TOKENS.$sender);
}
// ========================================
function setAdmin ($sender) {
if (!$sender)
return;
if (!file_exists (VAR_ADMIN))
mkdir (VAR_ADMIN, 0755);
touch (VAR_ADMIN.$sender);
}
function rmAdmin ($sender) {
if (!$sender)
return;
if (file_exists (VAR_ADMIN.$sender))
unlink (VAR_ADMIN.$sender);
}
function isAdmin ($sender) {
return $sender & & file_exists (VAR_ADMIN.$sender);
}
// ========================================
function deleteAction ($linkName) {
global $sender, $token, $message, $doLogout;
$link = jirafeau_get_link ($linkName);
//$message .= "ln: ".$linkName." l: "."< pre > ".print_r ($link, 1)."< / pre > mt: ".getTimeFile ($link ['hash'])."< / br > ";
if (!count ($link))
return;
if (isKazArchive ($link)) {
$dirName = $linkName;
$dirLink = $link;
$dirTime = $dirLink ['upload_date'];
$archiveInfo = readArchiveFromLink ($dirLink);
if (! count ($archiveInfo))
return;
if ($sender != $archiveInfo [T_SENDER]) {
setSenderFake ("rmdir: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, null);
$message .= "Tentative de supprimer un envoi dont vous n'ê tes pas le proprié taire";
return;
}
$fileToDelete = false;
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) {
$fileLink = jirafeau_get_link ($fileName);
if (! count ($fileLink))
continue;
$fileTime = $fileLink ['upload_date'];
if (! valideTime ($dirTime, $fileTime)) {
setSenderFake ("rmdir: newfile not same time", $sender, null, $dirLink, $fileLink);
$message .= "Cet envoi a é té forgé e".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
return;
}
$fileToDelete = true;
}
$message .= "l'envoi ".$archiveInfo [T_TIME]." est supprimé ";
if ($fileToDelete)
$message .= " avec< ul > ";
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) {
$fileLink = jirafeau_get_link ($fileName);
if (! count ($fileLink))
continue;
$message .= "< li > ".jirafeau_escape ($fileLink ['file_name'])."< / li > ";
jirafeau_delete_link ($fileName);
}
jirafeau_delete_link ($dirName);
$message .= $fileToDelete ? "< / ul > " : ".";
return;
}
$fileName = $linkName;
$fileLink = $link;
$fileTime = $fileLink ['upload_date'];
$stack = array (VAR_LINKS);
while (($d = array_shift ($stack)) & & $d != null) {
if (!file_exists ($d))
continue;
$dir = scandir ($d);
foreach ($dir as $dirName) {
if (strcmp ($dirName, '.') == 0 || strcmp ($dirName, '..') == 0 ||
preg_match ('/\.tmp/i', "$dirName")) {
continue;
}
if (is_dir ($d . $dirName)) {
$stack [] = $d . $dirName . '/';
continue;
}
$dirLink = jirafeau_get_link ($dirName);
//$dirTime = getTimeFile ($dirLink ['hash']);
$dirTime = $dirLink ['upload_date'];
if (!count ($dirLink))
continue;
if (!isKazArchive ($dirLink))
continue;
$archiveInfo = readArchiveFromLink ($dirLink);
if (! count ($archiveInfo))
return;
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$newName, $cryptKey]) {
if ($fileName != $newName)
continue;
if ($sender == $archiveInfo [T_SENDER]) {
if (valideTime ($dirTime, $fileTime)) {
jirafeau_delete_link ($fileName);
$message .= jirafeau_escape ($fileLink ['file_name'])." est supprimé ";
// check empty dir
$empty = true;
foreach ([T_OLD, T_NEW] as $cat)
if ($empty & & isset ($archiveInfo [$cat]))
foreach ($archiveInfo [$cat] as [$l, $c])
if (count (jirafeau_get_link ($l))) {
$empty = false;
break;
}
if ($empty) {
$message .= " ainsi que l'envoie ".$archiveInfo [T_TIME]." qui est vide.";
jirafeau_delete_link ($dirName);
} else
$message .= ".";
break;
}
setSenderFake ("rm: dir not same time", $sender, null, $dirLink, $fileLink);
$message .= "Cet envoi a é té forgé e. ".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
break;
}
if (valideTime ($dirTime, $fileTime)) {
setSenderFake ("rm: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, $fileLink);
$message .= "Tentative de supprimer un envoi dont vous n'ê tes pas le proprié taire.".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
break;
}
setSenderFake ("rm: find not owner", $archiveInfo [T_SENDER], $sender, $dirLink, $fileLink);
$message .= "Quelqu'un avé tait revandiqué cet envoi. (".$sender." != ".$archiveInfo [T_SENDER].")";
break;
}
}
}
}
// ========================================
if ($doUpload) {
$maxtime = time ()+period2seconds ($_REQUEST ['time']);
@ -532,7 +670,7 @@ if (isset ($_REQUEST [A_SENDER]) && !empty ($_REQUEST [A_SENDER])) {
// XXX
//if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_SENDER]))
if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_SENDER]))
$senderError=true;
$senderError = true;
else {
cleanToken ();
$sender = $_REQUEST [A_SENDER];
@ -700,8 +838,8 @@ if (isset ($_REQUEST [A_ACTION]) && $_REQUEST [A_ACTION] == T_LOGIN && $sender)
// XXX test token
$url = $urlBase.$_SERVER ['SCRIPT_NAME']."?".A_SENDER."=".$sender."&".A_TOKEN."=".$token;
$result = sendEMail ($sender, "", M_EMAIL_SUBJECT,
str_replace (["___LINK___", "___IP___", "___DATE___"],
[$url, $_SERVER ['HTTP_X_REAL_IP'] , date ("Y-m-d H:i:s")], M_EMAIL_CONTENT));
str_replace (["___LINK___", "___IP___", "___DATE___"],
[$url, $_SERVER ['HTTP_X_REAL_IP'] , date ("Y-m-d H:i:s")], M_EMAIL_CONTENT));
if ($result)
echo M_SEND_TOKEN;
else
@ -759,132 +897,12 @@ if (!getLoggedToken ($sender))
else
touch (VAR_TOKENS.$sender);
function deleteAction ($linkName) {
global $sender, $token, $message, $doLogout;
$link = jirafeau_get_link ($linkName);
//$message .= "ln: ".$linkName." l: "."< pre > ".print_r ($link, 1)."< / pre > mt: ".getTimeFile ($link ['hash'])."< / br > ";
if (!count ($link))
return;
if (isKazArchive ($link)) {
$dirName = $linkName;
$dirLink = $link;
$dirTime = $dirLink ['upload_date'];
$archiveInfo = readArchiveFromLink ($dirLink);
if (! count ($archiveInfo))
return;
if ($sender != $archiveInfo [T_SENDER]) {
setSenderFake ("rmdir: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, null);
$message .= "Tentative de supprimer un envoi dont vous n'ê tes pas le proprié taire";
return;
}
$fileToDelete = false;
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) {
$fileLink = jirafeau_get_link ($fileName);
if (! count ($fileLink))
continue;
$fileTime = $fileLink ['upload_date'];
if (! valideTime ($dirTime, $fileTime)) {
setSenderFake ("rmdir: newfile not same time", $sender, null, $dirLink, $fileLink);
$message .= "Cet envoi a é té forgé e".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
return;
}
$fileToDelete = true;
}
$message .= "l'envoi ".$archiveInfo [T_TIME]." est supprimé ";
if ($fileToDelete)
$message .= " avec< ul > ";
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) {
$fileLink = jirafeau_get_link ($fileName);
if (! count ($fileLink))
continue;
$message .= "< li > ".jirafeau_escape ($fileLink ['file_name'])."< / li > ";
jirafeau_delete_link ($fileName);
}
jirafeau_delete_link ($dirName);
$message .= $fileToDelete ? "< / ul > " : ".";
return;
}
$fileName = $linkName;
$fileLink = $link;
$fileTime = $fileLink ['upload_date'];
$stack = array (VAR_LINKS);
while (($d = array_shift ($stack)) & & $d != null) {
if (!file_exists ($d))
continue;
$dir = scandir ($d);
foreach ($dir as $dirName) {
if (strcmp ($dirName, '.') == 0 || strcmp ($dirName, '..') == 0 ||
preg_match ('/\.tmp/i', "$dirName")) {
continue;
}
if (is_dir ($d . $dirName)) {
$stack [] = $d . $dirName . '/';
continue;
}
$dirLink = jirafeau_get_link ($dirName);
//$dirTime = getTimeFile ($dirLink ['hash']);
$dirTime = $dirLink ['upload_date'];
if (!count ($dirLink))
continue;
if (!isKazArchive ($dirLink))
continue;
$archiveInfo = readArchiveFromLink ($dirLink);
if (! count ($archiveInfo))
return;
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$newName, $cryptKey]) {
if ($fileName != $newName)
continue;
if ($sender == $archiveInfo [T_SENDER]) {
if (valideTime ($dirTime, $fileTime)) {
jirafeau_delete_link ($fileName);
$message .= jirafeau_escape ($fileLink ['file_name'])." est supprimé ";
// check empty dir
$empty = true;
foreach ([T_OLD, T_NEW] as $cat)
if ($empty & & isset ($archiveInfo [$cat]))
foreach ($archiveInfo [$cat] as [$l, $c])
if (count (jirafeau_get_link ($l))) {
$empty = false;
break;
}
if ($empty) {
$message .= " ainsi que l'envoie ".$archiveInfo [T_TIME]." qui est vide.";
jirafeau_delete_link ($dirName);
} else
$message .= ".";
break;
}
setSenderFake ("rm: dir not same time", $sender, null, $dirLink, $fileLink);
$message .= "Cet envoi a é té forgé e. ".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
break;
}
if (valideTime ($dirTime, $fileTime)) {
setSenderFake ("rm: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, $fileLink);
$message .= "Tentative de supprimer un envoi dont vous n'ê tes pas le proprié taire.".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
break;
}
setSenderFake ("rm: find not owner", $archiveInfo [T_SENDER], $sender, $dirLink, $fileLink);
$message .= "Quelqu'un avé tait revandiqué cet envoi. (".$sender." != ".$archiveInfo [T_SENDER].")";
break;
}
}
}
}
// ========================================
// sender OK, token OK
// ========================================
$admin = isAdmin ($sender);
// delete
if (isset ($_REQUEST [A_DELETE])) {
if (!preg_match ('/[0-9a-zA-Z_-]+$/', $_REQUEST [A_DELETE]))
@ -896,7 +914,9 @@ if (isset ($_REQUEST [A_DELETE])) {
if ($doLogout || (isset ($_REQUEST [A_ACTION]) & & $_REQUEST [A_ACTION] == T_LOGOUT)) {
rmToken ($sender);
require (JIRAFEAU_ROOT . 'lib/template/header.php');
echo str_replace (["___SENDER___", "___DATE___"], [$sender, jirafeau_get_datetimefield (time ())], M_WELCOME);
echo str_replace (["___SENDER___", "___ADMIN___", "___DATE___"],
[$sender, ($admin ? " (admin)" : ""), jirafeau_get_datetimefield (time ())],
M_WELCOME);
if ($message)
echo "< p > Info : ".$message."< / p > ";
echo M_LOGOUT;
@ -953,7 +973,9 @@ while ( ($d = array_shift ($stack)) && $d != null) {
}
}
require (JIRAFEAU_ROOT . 'lib/template/header.php');
echo str_replace (["___SENDER___", "___DATE___"], [$sender, jirafeau_get_datetimefield (time ())], M_WELCOME);
echo str_replace (["___SENDER___", "___ADMIN___", "___DATE___"],
[$sender, ($admin ? " (admin)" : ""), jirafeau_get_datetimefield (time ())],
M_WELCOME);
if ($message)
echo "< p > Info : ".$message."< / p > ";
echo '< script type = "text/javascript" > ' ;
@ -1010,7 +1032,7 @@ div.frame {border: 1px; border-style: solid; padding: 1em; margin: 1em;}
-->< / style >
<?php
$defaultChecked = [];
$defaultChecked [get SenderTrack ($sender) ? "on" : "off"] = ' checked="checked"';
$defaultChecked [is SenderTrack ($sender) ? "on" : "off"] = ' checked="checked"';
$defaultChecked [getSenderPeriod ($sender)] = ' selected="selected"';
echo
'< form method = "post" > '.