KAZ/depollueur
3
1
Fork 0
Code Issues Pull Requests Projects Releases Activity

add admin

Browse Source
This commit is contained in:
François 2022-03-08 18:06:41 +01:00
parent 48937012ca
commit 0d5609501a
1 changed files with 167 additions and 145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

306
src/Jirafeau/a.php
View File

@ -27,7 +27,11 @@ define ('VAR_TOKENS', $cfg ['var_root'].'tokens/');
define ('VAR_TRACKS', $cfg ['var_root'].'tracks/'); define ('VAR_TRACKS', $cfg ['var_root'].'tracks/');
define ('VAR_PERIOD', $cfg ['var_root'].'period/'); define ('VAR_PERIOD', $cfg ['var_root'].'period/');
define ('VAR_FAKE', $cfg ['var_root'].'fake/'); define ('VAR_FAKE', $cfg ['var_root'].'fake/');
define ('VAR_PRIVATE', $cfg ['var_root'].'private/'); define ('VAR_ADMIN', $cfg ['var_root'].'admin/');
$domain="kaz.local";
if (preg_match ("%^.*//([^/]*)/?.*$%", $cfg ['web_root'], $matches))
$domain = $matches [1];
define ('MAX_VALID_UPLOAD_TIME', 60); define ('MAX_VALID_UPLOAD_TIME', 60);
define ('TOKEN_USE_LIMIT', "-2 hours"); define ('TOKEN_USE_LIMIT', "-2 hours");
@ -46,7 +50,7 @@ define ('M_TOO_LONG_LOGGED', "Temps de connexion dépassé.");
define ('M_EMAIL_CONTENT', "Bonjour,<br/><br/>Ceci est un message automatique, car vous venez de cliquer sur une demande de consultation de vos pi&egrave;ces jointes.<br/><br/>!!! Si vous n'&ecirc;tes pas &agrave; l'origine de cette demande, ne cliquez sur aucun lien de ce message. !!!<br/><br/>Le lien de connexion suivant est valable 15 minutes.<br/><a href=\"___LINK___\">___LINK___</a><br/><br/>Vous pouvez signaler des abus aupr&egrave;s de Kaz en faisant suivre ce message qui contient les traces de son &eacute;metteur (___IP___, ___DATE___).<br/><br/>Bonne navigation.<br/>."); define ('M_EMAIL_CONTENT', "Bonjour,<br/><br/>Ceci est un message automatique, car vous venez de cliquer sur une demande de consultation de vos pi&egrave;ces jointes.<br/><br/>!!! Si vous n'&ecirc;tes pas &agrave; l'origine de cette demande, ne cliquez sur aucun lien de ce message. !!!<br/><br/>Le lien de connexion suivant est valable 15 minutes.<br/><a href=\"___LINK___\">___LINK___</a><br/><br/>Vous pouvez signaler des abus aupr&egrave;s de Kaz en faisant suivre ce message qui contient les traces de son &eacute;metteur (___IP___, ___DATE___).<br/><br/>Bonne navigation.<br/>.");
define ('M_DOWNLOAD', "T&eacute;l&eacute;charger"); define ('M_DOWNLOAD', "T&eacute;l&eacute;charger");
define ('M_UPDATE', "Prolonger"); define ('M_UPDATE', "Prolonger");
define ('M_EMAIL_SUBJECT', "Lien de consultation des envois de pièces jointes."); define ('M_EMAIL_SUBJECT', "Lien de consultation des envois sur ".$domain.".");
define ('M_FILE', " fichier."); define ('M_FILE', " fichier.");
define ('M_FILES', " fichiers."); define ('M_FILES', " fichiers.");
define ('M_FILES_NOT_FOUND', " fichiers sont expirés."); define ('M_FILES_NOT_FOUND', " fichiers sont expirés.");
@ -64,7 +68,7 @@ define ('M_LOGOUT', 'Deconnecter');
define ('M_REFRESH', 'Actualiser'); define ('M_REFRESH', 'Actualiser');
define ('M_LOGOUT_TOKEN', "Vous n'&ecirc;tes plus connect&eacute;."); define ('M_LOGOUT_TOKEN', "Vous n'&ecirc;tes plus connect&eacute;.");
define ('M_SEND_TOKEN', "<br/><p>Vous allez recevoir un <b>lien d'acc&egrave;s temporaire</b> &agrave; vos donn&eacute;es.</p>"); define ('M_SEND_TOKEN', "<br/><p>Vous allez recevoir un <b>lien d'acc&egrave;s temporaire</b> &agrave; vos donn&eacute;es.</p>");
define ('M_WELCOME', "<p>Informations concernant le compte : <b>___SENDER___</b><br/>(page actualis&eacute;e &agrave; ___DATE___)</p>"); define ('M_WELCOME', "<p>Informations concernant le compte : <b>___SENDER___</b>___ADMIN___<br/>(page actualis&eacute;e &agrave; ___DATE___)</p>");
define ('M_INCONSISTENT_DATES', define ('M_INCONSISTENT_DATES',
" (dates incoh&eacute;antes avec ___FILENAME___ : ___DIRTIME___ != ___FILETIME___)"); " (dates incoh&eacute;antes avec ___FILENAME___ : ___DIRTIME___ != ___FILETIME___)");
@ -126,7 +130,7 @@ if (isset ($_REQUEST [A_RECORD]) && !empty ($_REQUEST [A_RECORD])) {
if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_RECORD])) if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_RECORD]))
$content = false.NL; $content = false.NL;
else else
$content = getSenderTrack ($_REQUEST [A_RECORD]).NL; $content = isSenderTrack ($_REQUEST [A_RECORD]).NL;
header ('HTTP/1.0 200 OK'); header ('HTTP/1.0 200 OK');
header ('Content-Length: ' . strlen ($content)); header ('Content-Length: ' . strlen ($content));
header ('Content-Type: text/plain'); header ('Content-Type: text/plain');
@ -185,7 +189,7 @@ function rmSenderTrack ($sender) {
if (file_exists (VAR_TRACKS.$sender)) if (file_exists (VAR_TRACKS.$sender))
unlink (VAR_TRACKS.$sender); unlink (VAR_TRACKS.$sender);
} }
function getSenderTrack ($sender) { function isSenderTrack ($sender) {
return $sender && file_exists (VAR_TRACKS.$sender); return $sender && file_exists (VAR_TRACKS.$sender);
} }
@ -211,7 +215,6 @@ function getSenderPeriod ($sender) {
return trim (file (VAR_PERIOD.$sender)[0]); return trim (file (VAR_PERIOD.$sender)[0]);
return DEFAULT_PERIOD; return DEFAULT_PERIOD;
} }
function period2seconds ($periodName) { function period2seconds ($periodName) {
if (!$periodName) if (!$periodName)
return JIRAFEAU_MONTH; return JIRAFEAU_MONTH;
@ -326,12 +329,13 @@ function readArchiveFromLines ($lines) {
$archive [T_SIGN] = $matches [1]; $archive [T_SIGN] = $matches [1];
break; break;
default: default:
global $message;
$message .= "<p>error:".$line."</p>";
$error = true; $error = true;
break; break;
} }
} }
global $message, $admin;
if ($error && $admin)
$message .= "readArchiveFromLines <pre>".print_r ($lines, true)."</pre>";
return $error ? [] : $archive; return $error ? [] : $archive;
} }
@ -386,8 +390,9 @@ function sendEMail ($receiver, $receiver_name, $subject, $body_string){
$mail->charSet = "UTF-8"; $mail->charSet = "UTF-8";
$mail->ContentType = 'text/html'; $mail->ContentType = 'text/html';
global $domain;
//Recipients (change this for every project) //Recipients (change this for every project)
$mail->setFrom ('no-reply@kaz.local', ''); $mail->setFrom ('no-reply@'.$domain, '');
$mail->addAddress ($receiver, $receiver_name); $mail->addAddress ($receiver, $receiver_name);
//Content //Content
@ -419,14 +424,12 @@ function cleanToken () {
unlink ($file); unlink ($file);
} }
} }
function rmToken ($sender) { function rmToken ($sender) {
if (!$sender) if (!$sender)
return; return;
if (file_exists (VAR_TOKENS.$sender)) if (file_exists (VAR_TOKENS.$sender))
unlink (VAR_TOKENS.$sender); unlink (VAR_TOKENS.$sender);
} }
function setToken ($sender) { function setToken ($sender) {
if (!$sender) if (!$sender)
return; return;
@ -435,13 +438,11 @@ function setToken ($sender) {
return $token; return $token;
return false; return false;
} }
function setLoggedToken ($sender, $token) { function setLoggedToken ($sender, $token) {
if (!$sender || !$token) if (!$sender || !$token)
return; return;
file_put_contents (VAR_TOKENS.$sender, T_CREATE.": ".time ().NL.T_TOKEN.": ".$token.NL.T_LOGGED.": ok".NL); file_put_contents (VAR_TOKENS.$sender, T_CREATE.": ".time ().NL.T_TOKEN.": ".$token.NL.T_LOGGED.": ok".NL);
} }
function getTokenVar ($sender, $varName) { function getTokenVar ($sender, $varName) {
if (!$sender) if (!$sender)
return; return;
@ -452,25 +453,162 @@ function getTokenVar ($sender, $varName) {
return $matches [1]; return $matches [1];
return false; return false;
} }
function getToken ($sender) { function getToken ($sender) {
return getTokenVar ($sender, T_TOKEN,); return getTokenVar ($sender, T_TOKEN,);
} }
function getCreateToken ($sender) { function getCreateToken ($sender) {
return getTokenVar ($sender, T_CREATE); return getTokenVar ($sender, T_CREATE);
} }
function getLoggedToken ($sender) { function getLoggedToken ($sender) {
return getTokenVar ($sender, T_LOGGED); return getTokenVar ($sender, T_LOGGED);
} }
function getTimeToken ($sender) { function getTimeToken ($sender) {
if (!$sender || !file_exists (VAR_TOKENS.$sender)) if (!$sender || !file_exists (VAR_TOKENS.$sender))
return false; return false;
return filemtime (VAR_TOKENS.$sender); return filemtime (VAR_TOKENS.$sender);
} }
// ========================================
function setAdmin ($sender) {
if (!$sender)
return;
if (!file_exists (VAR_ADMIN))
mkdir (VAR_ADMIN, 0755);
touch (VAR_ADMIN.$sender);
}
function rmAdmin ($sender) {
if (!$sender)
return;
if (file_exists (VAR_ADMIN.$sender))
unlink (VAR_ADMIN.$sender);
}
function isAdmin ($sender) {
return $sender && file_exists (VAR_ADMIN.$sender);
}
// ========================================
function deleteAction ($linkName) {
global $sender, $token, $message, $doLogout;
$link = jirafeau_get_link ($linkName);
//$message .= "ln: ".$linkName." l: "."<pre>".print_r ($link, 1)."</pre> mt: ".getTimeFile ($link ['hash'])."</br>";
if (!count ($link))
return;
if (isKazArchive ($link)) {
$dirName = $linkName;
$dirLink = $link;
$dirTime = $dirLink ['upload_date'];
$archiveInfo = readArchiveFromLink ($dirLink);
if (! count ($archiveInfo))
return;
if ($sender != $archiveInfo [T_SENDER]) {
setSenderFake ("rmdir: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, null);
$message .= "Tentative de supprimer un envoi dont vous n'&ecirc;tes pas le propri&eacute;taire";
return;
}
$fileToDelete = false;
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) {
$fileLink = jirafeau_get_link ($fileName);
if (! count ($fileLink))
continue;
$fileTime = $fileLink ['upload_date'];
if (! valideTime ($dirTime, $fileTime)) {
setSenderFake ("rmdir: newfile not same time", $sender, null, $dirLink, $fileLink);
$message .= "Cet envoi a &eacute;t&eacute; forg&eacute;e".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
return;
}
$fileToDelete = true;
}
$message .= "l'envoi ".$archiveInfo [T_TIME]." est supprim&eacute;";
if ($fileToDelete)
$message .= " avec<ul>";
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) {
$fileLink = jirafeau_get_link ($fileName);
if (! count ($fileLink))
continue;
$message .= "<li>".jirafeau_escape ($fileLink ['file_name'])."</li>";
jirafeau_delete_link ($fileName);
}
jirafeau_delete_link ($dirName);
$message .= $fileToDelete ? "</ul>" : ".";
return;
}
$fileName = $linkName;
$fileLink = $link;
$fileTime = $fileLink ['upload_date'];
$stack = array (VAR_LINKS);
while (($d = array_shift ($stack)) && $d != null) {
if (!file_exists ($d))
continue;
$dir = scandir ($d);
foreach ($dir as $dirName) {
if (strcmp ($dirName, '.') == 0 || strcmp ($dirName, '..') == 0 ||
preg_match ('/\.tmp/i', "$dirName")) {
continue;
}
if (is_dir ($d . $dirName)) {
$stack [] = $d . $dirName . '/';
continue;
}
$dirLink = jirafeau_get_link ($dirName);
//$dirTime = getTimeFile ($dirLink ['hash']);
$dirTime = $dirLink ['upload_date'];
if (!count ($dirLink))
continue;
if (!isKazArchive ($dirLink))
continue;
$archiveInfo = readArchiveFromLink ($dirLink);
if (! count ($archiveInfo))
return;
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$newName, $cryptKey]) {
if ($fileName != $newName)
continue;
if ($sender == $archiveInfo [T_SENDER]) {
if (valideTime ($dirTime, $fileTime)) {
jirafeau_delete_link ($fileName);
$message .= jirafeau_escape ($fileLink ['file_name'])." est supprim&eacute;";
// check empty dir
$empty = true;
foreach ([T_OLD, T_NEW] as $cat)
if ($empty && isset ($archiveInfo [$cat]))
foreach ($archiveInfo [$cat] as [$l, $c])
if (count (jirafeau_get_link ($l))) {
$empty = false;
break;
}
if ($empty) {
$message .= " ainsi que l'envoie ".$archiveInfo [T_TIME]." qui est vide.";
jirafeau_delete_link ($dirName);
} else
$message .= ".";
break;
}
setSenderFake ("rm: dir not same time", $sender, null, $dirLink, $fileLink);
$message .= "Cet envoi a &eacute;t&eacute; forg&eacute;e. ".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
break;
}
if (valideTime ($dirTime, $fileTime)) {
setSenderFake ("rm: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, $fileLink);
$message .= "Tentative de supprimer un envoi dont vous n'&ecirc;tes pas le propri&eacute;taire.".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
break;
}
setSenderFake ("rm: find not owner", $archiveInfo [T_SENDER], $sender, $dirLink, $fileLink);
$message .= "Quelqu'un av&eacute;tait revandiqu&eacute; cet envoi. (".$sender." != ".$archiveInfo [T_SENDER].")";
break;
}
}
}
}
// ======================================== // ========================================
if ($doUpload) { if ($doUpload) {
$maxtime = time ()+period2seconds ($_REQUEST ['time']); $maxtime = time ()+period2seconds ($_REQUEST ['time']);
@ -759,132 +897,12 @@ if (!getLoggedToken ($sender))
else else
touch (VAR_TOKENS.$sender); touch (VAR_TOKENS.$sender);
function deleteAction ($linkName) {
global $sender, $token, $message, $doLogout;
$link = jirafeau_get_link ($linkName);
//$message .= "ln: ".$linkName." l: "."<pre>".print_r ($link, 1)."</pre> mt: ".getTimeFile ($link ['hash'])."</br>";
if (!count ($link))
return;
if (isKazArchive ($link)) {
$dirName = $linkName;
$dirLink = $link;
$dirTime = $dirLink ['upload_date'];
$archiveInfo = readArchiveFromLink ($dirLink);
if (! count ($archiveInfo))
return;
if ($sender != $archiveInfo [T_SENDER]) {
setSenderFake ("rmdir: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, null);
$message .= "Tentative de supprimer un envoi dont vous n'&ecirc;tes pas le propri&eacute;taire";
return;
}
$fileToDelete = false;
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) {
$fileLink = jirafeau_get_link ($fileName);
if (! count ($fileLink))
continue;
$fileTime = $fileLink ['upload_date'];
if (! valideTime ($dirTime, $fileTime)) {
setSenderFake ("rmdir: newfile not same time", $sender, null, $dirLink, $fileLink);
$message .= "Cet envoi a &eacute;t&eacute; forg&eacute;e".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
return;
}
$fileToDelete = true;
}
$message .= "l'envoi ".$archiveInfo [T_TIME]." est supprim&eacute;";
if ($fileToDelete)
$message .= " avec<ul>";
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) {
$fileLink = jirafeau_get_link ($fileName);
if (! count ($fileLink))
continue;
$message .= "<li>".jirafeau_escape ($fileLink ['file_name'])."</li>";
jirafeau_delete_link ($fileName);
}
jirafeau_delete_link ($dirName);
$message .= $fileToDelete ? "</ul>" : ".";
return;
}
$fileName = $linkName;
$fileLink = $link;
$fileTime = $fileLink ['upload_date'];
$stack = array (VAR_LINKS);
while (($d = array_shift ($stack)) && $d != null) {
if (!file_exists ($d))
continue;
$dir = scandir ($d);
foreach ($dir as $dirName) {
if (strcmp ($dirName, '.') == 0 || strcmp ($dirName, '..') == 0 ||
preg_match ('/\.tmp/i', "$dirName")) {
continue;
}
if (is_dir ($d . $dirName)) {
$stack [] = $d . $dirName . '/';
continue;
}
$dirLink = jirafeau_get_link ($dirName);
//$dirTime = getTimeFile ($dirLink ['hash']);
$dirTime = $dirLink ['upload_date'];
if (!count ($dirLink))
continue;
if (!isKazArchive ($dirLink))
continue;
$archiveInfo = readArchiveFromLink ($dirLink);
if (! count ($archiveInfo))
return;
if ($archiveInfo [T_NEW])
foreach ($archiveInfo [T_NEW] as [$newName, $cryptKey]) {
if ($fileName != $newName)
continue;
if ($sender == $archiveInfo [T_SENDER]) {
if (valideTime ($dirTime, $fileTime)) {
jirafeau_delete_link ($fileName);
$message .= jirafeau_escape ($fileLink ['file_name'])." est supprim&eacute;";
// check empty dir
$empty = true;
foreach ([T_OLD, T_NEW] as $cat)
if ($empty && isset ($archiveInfo [$cat]))
foreach ($archiveInfo [$cat] as [$l, $c])
if (count (jirafeau_get_link ($l))) {
$empty = false;
break;
}
if ($empty) {
$message .= " ainsi que l'envoie ".$archiveInfo [T_TIME]." qui est vide.";
jirafeau_delete_link ($dirName);
} else
$message .= ".";
break;
}
setSenderFake ("rm: dir not same time", $sender, null, $dirLink, $fileLink);
$message .= "Cet envoi a &eacute;t&eacute; forg&eacute;e. ".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
break;
}
if (valideTime ($dirTime, $fileTime)) {
setSenderFake ("rm: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, $fileLink);
$message .= "Tentative de supprimer un envoi dont vous n'&ecirc;tes pas le propri&eacute;taire.".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
break;
}
setSenderFake ("rm: find not owner", $archiveInfo [T_SENDER], $sender, $dirLink, $fileLink);
$message .= "Quelqu'un av&eacute;tait revandiqu&eacute; cet envoi. (".$sender." != ".$archiveInfo [T_SENDER].")";
break;
}
}
}
}
// ======================================== // ========================================
// sender OK, token OK // sender OK, token OK
// ======================================== // ========================================
$admin = isAdmin ($sender);
// delete // delete
if (isset ($_REQUEST [A_DELETE])) { if (isset ($_REQUEST [A_DELETE])) {
if (!preg_match ('/[0-9a-zA-Z_-]+$/', $_REQUEST [A_DELETE])) if (!preg_match ('/[0-9a-zA-Z_-]+$/', $_REQUEST [A_DELETE]))
@ -896,7 +914,9 @@ if (isset ($_REQUEST [A_DELETE])) {
if ($doLogout || (isset ($_REQUEST [A_ACTION]) && $_REQUEST [A_ACTION] == T_LOGOUT)) { if ($doLogout || (isset ($_REQUEST [A_ACTION]) && $_REQUEST [A_ACTION] == T_LOGOUT)) {
rmToken ($sender); rmToken ($sender);
require (JIRAFEAU_ROOT . 'lib/template/header.php'); require (JIRAFEAU_ROOT . 'lib/template/header.php');
echo str_replace (["___SENDER___", "___DATE___"], [$sender, jirafeau_get_datetimefield (time ())], M_WELCOME); echo str_replace (["___SENDER___", "___ADMIN___", "___DATE___"],
[$sender, ($admin ? " (admin)" : ""), jirafeau_get_datetimefield (time ())],
M_WELCOME);
if ($message) if ($message)
echo "<p>Info : ".$message."</p>"; echo "<p>Info : ".$message."</p>";
echo M_LOGOUT; echo M_LOGOUT;
@ -953,7 +973,9 @@ while ( ($d = array_shift ($stack)) && $d != null) {
} }
} }
require (JIRAFEAU_ROOT . 'lib/template/header.php'); require (JIRAFEAU_ROOT . 'lib/template/header.php');
echo str_replace (["___SENDER___", "___DATE___"], [$sender, jirafeau_get_datetimefield (time ())], M_WELCOME); echo str_replace (["___SENDER___", "___ADMIN___", "___DATE___"],
[$sender, ($admin ? " (admin)" : ""), jirafeau_get_datetimefield (time ())],
M_WELCOME);
if ($message) if ($message)
echo "<p>Info : ".$message."</p>"; echo "<p>Info : ".$message."</p>";
echo '<script type="text/javascript">'; echo '<script type="text/javascript">';
@ -1010,7 +1032,7 @@ div.frame {border: 1px; border-style: solid; padding: 1em; margin: 1em;}
--></style> --></style>
<?php <?php
$defaultChecked = []; $defaultChecked = [];
$defaultChecked [getSenderTrack ($sender) ? "on" : "off"] = ' checked="checked"'; $defaultChecked [isSenderTrack ($sender) ? "on" : "off"] = ' checked="checked"';
$defaultChecked [getSenderPeriod ($sender)] = ' selected="selected"'; $defaultChecked [getSenderPeriod ($sender)] = ' selected="selected"';
echo echo
'<form method="post">'. '<form method="post">'.