diff --git a/src/Jirafeau/a.php b/src/Jirafeau/a.php
index b049e04..879c6d8 100644
--- a/src/Jirafeau/a.php
+++ b/src/Jirafeau/a.php
@@ -27,7 +27,11 @@ define ('VAR_TOKENS', $cfg ['var_root'].'tokens/');
define ('VAR_TRACKS', $cfg ['var_root'].'tracks/');
define ('VAR_PERIOD', $cfg ['var_root'].'period/');
define ('VAR_FAKE', $cfg ['var_root'].'fake/');
-define ('VAR_PRIVATE', $cfg ['var_root'].'private/');
+define ('VAR_ADMIN', $cfg ['var_root'].'admin/');
+
+$domain="kaz.local";
+if (preg_match ("%^.*//([^/]*)/?.*$%", $cfg ['web_root'], $matches))
+ $domain = $matches [1];
define ('MAX_VALID_UPLOAD_TIME', 60);
define ('TOKEN_USE_LIMIT', "-2 hours");
@@ -46,7 +50,7 @@ define ('M_TOO_LONG_LOGGED', "Temps de connexion dépassé.");
define ('M_EMAIL_CONTENT', "Bonjour,
Ceci est un message automatique, car vous venez de cliquer sur une demande de consultation de vos pièces jointes.
!!! Si vous n'êtes pas à l'origine de cette demande, ne cliquez sur aucun lien de ce message. !!!
Le lien de connexion suivant est valable 15 minutes.
___LINK___
Vous pouvez signaler des abus auprès de Kaz en faisant suivre ce message qui contient les traces de son émetteur (___IP___, ___DATE___).
Bonne navigation.
.");
define ('M_DOWNLOAD', "Télécharger");
define ('M_UPDATE', "Prolonger");
-define ('M_EMAIL_SUBJECT', "Lien de consultation des envois de pièces jointes.");
+define ('M_EMAIL_SUBJECT', "Lien de consultation des envois sur ".$domain.".");
define ('M_FILE', " fichier.");
define ('M_FILES', " fichiers.");
define ('M_FILES_NOT_FOUND', " fichiers sont expirés.");
@@ -64,7 +68,7 @@ define ('M_LOGOUT', 'Deconnecter');
define ('M_REFRESH', 'Actualiser');
define ('M_LOGOUT_TOKEN', "Vous n'êtes plus connecté.");
define ('M_SEND_TOKEN', "
Vous allez recevoir un lien d'accès temporaire à vos données.
");
-define ('M_WELCOME', "Informations concernant le compte : ___SENDER___
(page actualisée à ___DATE___)
");
+define ('M_WELCOME', "Informations concernant le compte : ___SENDER______ADMIN___
(page actualisée à ___DATE___)
");
define ('M_INCONSISTENT_DATES',
" (dates incohéantes avec ___FILENAME___ : ___DIRTIME___ != ___FILETIME___)");
@@ -126,7 +130,7 @@ if (isset ($_REQUEST [A_RECORD]) && !empty ($_REQUEST [A_RECORD])) {
if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_RECORD]))
$content = false.NL;
else
- $content = getSenderTrack ($_REQUEST [A_RECORD]).NL;
+ $content = isSenderTrack ($_REQUEST [A_RECORD]).NL;
header ('HTTP/1.0 200 OK');
header ('Content-Length: ' . strlen ($content));
header ('Content-Type: text/plain');
@@ -185,7 +189,7 @@ function rmSenderTrack ($sender) {
if (file_exists (VAR_TRACKS.$sender))
unlink (VAR_TRACKS.$sender);
}
-function getSenderTrack ($sender) {
+function isSenderTrack ($sender) {
return $sender && file_exists (VAR_TRACKS.$sender);
}
@@ -211,7 +215,6 @@ function getSenderPeriod ($sender) {
return trim (file (VAR_PERIOD.$sender)[0]);
return DEFAULT_PERIOD;
}
-
function period2seconds ($periodName) {
if (!$periodName)
return JIRAFEAU_MONTH;
@@ -326,12 +329,13 @@ function readArchiveFromLines ($lines) {
$archive [T_SIGN] = $matches [1];
break;
default:
- global $message;
- $message .= "error:".$line."
";
$error = true;
break;
}
}
+ global $message, $admin;
+ if ($error && $admin)
+ $message .= "readArchiveFromLines ".print_r ($lines, true)."
";
return $error ? [] : $archive;
}
@@ -386,8 +390,9 @@ function sendEMail ($receiver, $receiver_name, $subject, $body_string){
$mail->charSet = "UTF-8";
$mail->ContentType = 'text/html';
+ global $domain;
//Recipients (change this for every project)
- $mail->setFrom ('no-reply@kaz.local', '');
+ $mail->setFrom ('no-reply@'.$domain, '');
$mail->addAddress ($receiver, $receiver_name);
//Content
@@ -419,14 +424,12 @@ function cleanToken () {
unlink ($file);
}
}
-
function rmToken ($sender) {
if (!$sender)
return;
if (file_exists (VAR_TOKENS.$sender))
unlink (VAR_TOKENS.$sender);
}
-
function setToken ($sender) {
if (!$sender)
return;
@@ -435,13 +438,11 @@ function setToken ($sender) {
return $token;
return false;
}
-
function setLoggedToken ($sender, $token) {
if (!$sender || !$token)
return;
file_put_contents (VAR_TOKENS.$sender, T_CREATE.": ".time ().NL.T_TOKEN.": ".$token.NL.T_LOGGED.": ok".NL);
}
-
function getTokenVar ($sender, $varName) {
if (!$sender)
return;
@@ -452,25 +453,162 @@ function getTokenVar ($sender, $varName) {
return $matches [1];
return false;
}
-
function getToken ($sender) {
return getTokenVar ($sender, T_TOKEN,);
}
-
function getCreateToken ($sender) {
return getTokenVar ($sender, T_CREATE);
}
-
function getLoggedToken ($sender) {
return getTokenVar ($sender, T_LOGGED);
}
-
function getTimeToken ($sender) {
if (!$sender || !file_exists (VAR_TOKENS.$sender))
return false;
return filemtime (VAR_TOKENS.$sender);
}
+// ========================================
+function setAdmin ($sender) {
+ if (!$sender)
+ return;
+ if (!file_exists (VAR_ADMIN))
+ mkdir (VAR_ADMIN, 0755);
+ touch (VAR_ADMIN.$sender);
+}
+function rmAdmin ($sender) {
+ if (!$sender)
+ return;
+ if (file_exists (VAR_ADMIN.$sender))
+ unlink (VAR_ADMIN.$sender);
+}
+function isAdmin ($sender) {
+ return $sender && file_exists (VAR_ADMIN.$sender);
+}
+
+// ========================================
+function deleteAction ($linkName) {
+ global $sender, $token, $message, $doLogout;
+
+ $link = jirafeau_get_link ($linkName);
+ //$message .= "ln: ".$linkName." l: "."".print_r ($link, 1)."
mt: ".getTimeFile ($link ['hash'])."";
+ if (!count ($link))
+ return;
+ if (isKazArchive ($link)) {
+ $dirName = $linkName;
+ $dirLink = $link;
+ $dirTime = $dirLink ['upload_date'];
+ $archiveInfo = readArchiveFromLink ($dirLink);
+ if (! count ($archiveInfo))
+ return;
+ if ($sender != $archiveInfo [T_SENDER]) {
+ setSenderFake ("rmdir: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, null);
+ $message .= "Tentative de supprimer un envoi dont vous n'êtes pas le propriétaire";
+ return;
+ }
+ $fileToDelete = false;
+ if ($archiveInfo [T_NEW])
+ foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) {
+ $fileLink = jirafeau_get_link ($fileName);
+ if (! count ($fileLink))
+ continue;
+ $fileTime = $fileLink ['upload_date'];
+ if (! valideTime ($dirTime, $fileTime)) {
+ setSenderFake ("rmdir: newfile not same time", $sender, null, $dirLink, $fileLink);
+ $message .= "Cet envoi a été forgée".
+ str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
+ [$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
+ return;
+ }
+ $fileToDelete = true;
+ }
+ $message .= "l'envoi ".$archiveInfo [T_TIME]." est supprimé";
+ if ($fileToDelete)
+ $message .= " avec";
+ if ($archiveInfo [T_NEW])
+ foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) {
+ $fileLink = jirafeau_get_link ($fileName);
+ if (! count ($fileLink))
+ continue;
+ $message .= "- ".jirafeau_escape ($fileLink ['file_name'])."
";
+ jirafeau_delete_link ($fileName);
+ }
+ jirafeau_delete_link ($dirName);
+ $message .= $fileToDelete ? "
" : ".";
+ return;
+ }
+ $fileName = $linkName;
+ $fileLink = $link;
+ $fileTime = $fileLink ['upload_date'];
+ $stack = array (VAR_LINKS);
+ while (($d = array_shift ($stack)) && $d != null) {
+ if (!file_exists ($d))
+ continue;
+ $dir = scandir ($d);
+ foreach ($dir as $dirName) {
+ if (strcmp ($dirName, '.') == 0 || strcmp ($dirName, '..') == 0 ||
+ preg_match ('/\.tmp/i', "$dirName")) {
+ continue;
+ }
+ if (is_dir ($d . $dirName)) {
+ $stack [] = $d . $dirName . '/';
+ continue;
+ }
+ $dirLink = jirafeau_get_link ($dirName);
+ //$dirTime = getTimeFile ($dirLink ['hash']);
+ $dirTime = $dirLink ['upload_date'];
+ if (!count ($dirLink))
+ continue;
+ if (!isKazArchive ($dirLink))
+ continue;
+ $archiveInfo = readArchiveFromLink ($dirLink);
+ if (! count ($archiveInfo))
+ return;
+ if ($archiveInfo [T_NEW])
+ foreach ($archiveInfo [T_NEW] as [$newName, $cryptKey]) {
+ if ($fileName != $newName)
+ continue;
+ if ($sender == $archiveInfo [T_SENDER]) {
+ if (valideTime ($dirTime, $fileTime)) {
+ jirafeau_delete_link ($fileName);
+ $message .= jirafeau_escape ($fileLink ['file_name'])." est supprimé";
+ // check empty dir
+ $empty = true;
+ foreach ([T_OLD, T_NEW] as $cat)
+ if ($empty && isset ($archiveInfo [$cat]))
+ foreach ($archiveInfo [$cat] as [$l, $c])
+ if (count (jirafeau_get_link ($l))) {
+ $empty = false;
+ break;
+ }
+ if ($empty) {
+ $message .= " ainsi que l'envoie ".$archiveInfo [T_TIME]." qui est vide.";
+ jirafeau_delete_link ($dirName);
+ } else
+ $message .= ".";
+ break;
+ }
+ setSenderFake ("rm: dir not same time", $sender, null, $dirLink, $fileLink);
+ $message .= "Cet envoi a été forgée. ".
+ str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
+ [$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
+ break;
+ }
+ if (valideTime ($dirTime, $fileTime)) {
+ setSenderFake ("rm: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, $fileLink);
+ $message .= "Tentative de supprimer un envoi dont vous n'êtes pas le propriétaire.".
+ str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
+ [$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
+ break;
+ }
+ setSenderFake ("rm: find not owner", $archiveInfo [T_SENDER], $sender, $dirLink, $fileLink);
+ $message .= "Quelqu'un avétait revandiqué cet envoi. (".$sender." != ".$archiveInfo [T_SENDER].")";
+ break;
+ }
+ }
+ }
+}
+
// ========================================
if ($doUpload) {
$maxtime = time ()+period2seconds ($_REQUEST ['time']);
@@ -532,7 +670,7 @@ if (isset ($_REQUEST [A_SENDER]) && !empty ($_REQUEST [A_SENDER])) {
// XXX
//if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_SENDER]))
if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_SENDER]))
- $senderError=true;
+ $senderError = true;
else {
cleanToken ();
$sender = $_REQUEST [A_SENDER];
@@ -700,8 +838,8 @@ if (isset ($_REQUEST [A_ACTION]) && $_REQUEST [A_ACTION] == T_LOGIN && $sender)
// XXX test token
$url = $urlBase.$_SERVER ['SCRIPT_NAME']."?".A_SENDER."=".$sender."&".A_TOKEN."=".$token;
$result = sendEMail ($sender, "", M_EMAIL_SUBJECT,
- str_replace (["___LINK___", "___IP___", "___DATE___"],
- [$url, $_SERVER ['HTTP_X_REAL_IP'] , date ("Y-m-d H:i:s")], M_EMAIL_CONTENT));
+ str_replace (["___LINK___", "___IP___", "___DATE___"],
+ [$url, $_SERVER ['HTTP_X_REAL_IP'] , date ("Y-m-d H:i:s")], M_EMAIL_CONTENT));
if ($result)
echo M_SEND_TOKEN;
else
@@ -759,132 +897,12 @@ if (!getLoggedToken ($sender))
else
touch (VAR_TOKENS.$sender);
-function deleteAction ($linkName) {
- global $sender, $token, $message, $doLogout;
-
- $link = jirafeau_get_link ($linkName);
- //$message .= "ln: ".$linkName." l: "."".print_r ($link, 1)."
mt: ".getTimeFile ($link ['hash'])."";
- if (!count ($link))
- return;
- if (isKazArchive ($link)) {
- $dirName = $linkName;
- $dirLink = $link;
- $dirTime = $dirLink ['upload_date'];
- $archiveInfo = readArchiveFromLink ($dirLink);
- if (! count ($archiveInfo))
- return;
- if ($sender != $archiveInfo [T_SENDER]) {
- setSenderFake ("rmdir: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, null);
- $message .= "Tentative de supprimer un envoi dont vous n'êtes pas le propriétaire";
- return;
- }
- $fileToDelete = false;
- if ($archiveInfo [T_NEW])
- foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) {
- $fileLink = jirafeau_get_link ($fileName);
- if (! count ($fileLink))
- continue;
- $fileTime = $fileLink ['upload_date'];
- if (! valideTime ($dirTime, $fileTime)) {
- setSenderFake ("rmdir: newfile not same time", $sender, null, $dirLink, $fileLink);
- $message .= "Cet envoi a été forgée".
- str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
- [$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
- return;
- }
- $fileToDelete = true;
- }
- $message .= "l'envoi ".$archiveInfo [T_TIME]." est supprimé";
- if ($fileToDelete)
- $message .= " avec";
- if ($archiveInfo [T_NEW])
- foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) {
- $fileLink = jirafeau_get_link ($fileName);
- if (! count ($fileLink))
- continue;
- $message .= "- ".jirafeau_escape ($fileLink ['file_name'])."
";
- jirafeau_delete_link ($fileName);
- }
- jirafeau_delete_link ($dirName);
- $message .= $fileToDelete ? "
" : ".";
- return;
- }
- $fileName = $linkName;
- $fileLink = $link;
- $fileTime = $fileLink ['upload_date'];
- $stack = array (VAR_LINKS);
- while (($d = array_shift ($stack)) && $d != null) {
- if (!file_exists ($d))
- continue;
- $dir = scandir ($d);
- foreach ($dir as $dirName) {
- if (strcmp ($dirName, '.') == 0 || strcmp ($dirName, '..') == 0 ||
- preg_match ('/\.tmp/i', "$dirName")) {
- continue;
- }
- if (is_dir ($d . $dirName)) {
- $stack [] = $d . $dirName . '/';
- continue;
- }
- $dirLink = jirafeau_get_link ($dirName);
- //$dirTime = getTimeFile ($dirLink ['hash']);
- $dirTime = $dirLink ['upload_date'];
- if (!count ($dirLink))
- continue;
- if (!isKazArchive ($dirLink))
- continue;
- $archiveInfo = readArchiveFromLink ($dirLink);
- if (! count ($archiveInfo))
- return;
- if ($archiveInfo [T_NEW])
- foreach ($archiveInfo [T_NEW] as [$newName, $cryptKey]) {
- if ($fileName != $newName)
- continue;
- if ($sender == $archiveInfo [T_SENDER]) {
- if (valideTime ($dirTime, $fileTime)) {
- jirafeau_delete_link ($fileName);
- $message .= jirafeau_escape ($fileLink ['file_name'])." est supprimé";
- // check empty dir
- $empty = true;
- foreach ([T_OLD, T_NEW] as $cat)
- if ($empty && isset ($archiveInfo [$cat]))
- foreach ($archiveInfo [$cat] as [$l, $c])
- if (count (jirafeau_get_link ($l))) {
- $empty = false;
- break;
- }
- if ($empty) {
- $message .= " ainsi que l'envoie ".$archiveInfo [T_TIME]." qui est vide.";
- jirafeau_delete_link ($dirName);
- } else
- $message .= ".";
- break;
- }
- setSenderFake ("rm: dir not same time", $sender, null, $dirLink, $fileLink);
- $message .= "Cet envoi a été forgée. ".
- str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
- [$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
- break;
- }
- if (valideTime ($dirTime, $fileTime)) {
- setSenderFake ("rm: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, $fileLink);
- $message .= "Tentative de supprimer un envoi dont vous n'êtes pas le propriétaire.".
- str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
- [$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
- break;
- }
- setSenderFake ("rm: find not owner", $archiveInfo [T_SENDER], $sender, $dirLink, $fileLink);
- $message .= "Quelqu'un avétait revandiqué cet envoi. (".$sender." != ".$archiveInfo [T_SENDER].")";
- break;
- }
- }
- }
-}
-
// ========================================
// sender OK, token OK
// ========================================
+$admin = isAdmin ($sender);
+
// delete
if (isset ($_REQUEST [A_DELETE])) {
if (!preg_match ('/[0-9a-zA-Z_-]+$/', $_REQUEST [A_DELETE]))
@@ -896,7 +914,9 @@ if (isset ($_REQUEST [A_DELETE])) {
if ($doLogout || (isset ($_REQUEST [A_ACTION]) && $_REQUEST [A_ACTION] == T_LOGOUT)) {
rmToken ($sender);
require (JIRAFEAU_ROOT . 'lib/template/header.php');
- echo str_replace (["___SENDER___", "___DATE___"], [$sender, jirafeau_get_datetimefield (time ())], M_WELCOME);
+ echo str_replace (["___SENDER___", "___ADMIN___", "___DATE___"],
+ [$sender, ($admin ? " (admin)" : ""), jirafeau_get_datetimefield (time ())],
+ M_WELCOME);
if ($message)
echo "Info : ".$message."
";
echo M_LOGOUT;
@@ -953,7 +973,9 @@ while ( ($d = array_shift ($stack)) && $d != null) {
}
}
require (JIRAFEAU_ROOT . 'lib/template/header.php');
-echo str_replace (["___SENDER___", "___DATE___"], [$sender, jirafeau_get_datetimefield (time ())], M_WELCOME);
+echo str_replace (["___SENDER___", "___ADMIN___", "___DATE___"],
+ [$sender, ($admin ? " (admin)" : ""), jirafeau_get_datetimefield (time ())],
+ M_WELCOME);
if ($message)
echo "Info : ".$message."
";
echo '