From d83b89b6248947052db2cb62f55a9c0c3818c45b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois?= Date: Thu, 17 Feb 2022 18:13:09 +0100 Subject: [PATCH] clean code --- src/Jirafeau/a.php | 643 +++++++++++++++++++++++++++------------------ 1 file changed, 387 insertions(+), 256 deletions(-) diff --git a/src/Jirafeau/a.php b/src/Jirafeau/a.php index dd69e84..284d099 100644 --- a/src/Jirafeau/a.php +++ b/src/Jirafeau/a.php @@ -22,7 +22,9 @@ define ('VAR_TOKENS', $cfg ['var_root'].'tokens/'); define ('VAR_TRACKS', $cfg ['var_root'].'tracks/'); define ('VAR_PERIOD', $cfg ['var_root'].'period/'); define ('VAR_FAKE', $cfg ['var_root'].'fake/'); +define ('VAR_PRIVATE', $cfg ['var_root'].'private/'); +define ('MAX_VALID_UPLOAD_TIME', 60); define ('TOKEN_USE_LIMIT', "-2 hours"); define ('TOKEN_LOGIN_LIMIT', "-15 minutes"); define ('TOKEN_LOGOUT_LIMIT', "-8 hours"); @@ -50,12 +52,16 @@ define ('M_INTRO_FORM', "Quelles sont les informations me concernant ?"); define ('M_MEL', "votre mèl"); define ('M_NO_FILENAME', 'SansNom'); define ('M_NO_SENDER', 'kaz-'); -define ('M_OLD_ATTACHEMENT_DIRNAME', "RappelHistorique"); +define ('M_NEW_ATTACHEMENT_DIRNAME', "nouveau"); +define ('M_OLD_ATTACHEMENT_DIRNAME', "ancien"); define ('M_SEND', "Connexion"); define ('M_LOGOUT', 'Deconnecter'); define ('M_REFRESH', 'Actualiser'); define ('M_LOGOUT_TOKEN', "Vous n'êtes plus connecté."); define ('M_SEND_TOKEN', "Vous allez recevoir un lien d'accès temporaire à vos données."); +define ('M_INCONSISTENT_DATES', + " (dates incohéantes avec ___FILENAME___ : ".___DIRTIME___." != ".___FILETIME___." / ". + date ("Y-m-d H:i:s", ___DIRTIME___)." != ".date ("Y-m-d H:i:s", ___DIRTIME___).")"); define ('A_ACTION', 'a'); // action : T_SEND, T_LOGOUT, A_RECORD+(on|off), A_PERIOD(minute|hour|day|week|month|quarter) define ('A_GET', 'g'); // get archive @@ -76,13 +82,15 @@ define ('T_FILENAME', 'file_name'); define ('T_HASH', 'hash'); define ('T_LOGGED', "logged"); define ('T_NEW', 'new'); +define ('T_SIGN', 'sign'); define ('T_NOT_FOUND', 'not_found'); define ('T_OLD', 'old'); define ('T_RENAME', 'rename'); define ('T_SEND', 'send'); define ('T_LOGOUT', 'lougout'); define ('T_SENDER', 'sender'); -define ('T_TIMESTAMP', 'timestamp'); +define ('T_TIME', 'time'); +define ('T_ID', 'id'); define ('T_TOKEN', "token"); define ('T_WARNING_FILENAME', "-Avertissement.txt"); define ('T_ZIP_EXT', ".zip"); @@ -106,18 +114,23 @@ $message = ''; /* Remove errors. */ @error_reporting (0); -$do_update = false; +$doUpdate = false; if (isset ($_REQUEST [A_UPDATE]) && !empty ($_REQUEST [A_UPDATE])) { - $do_update = true; + $doUpdate = true; } -$do_download = false; +$doDownload = false; if (isset ($_REQUEST [A_GET]) && !empty ($_REQUEST [A_GET])) { - $do_download = true; + $doDownload = true; +} + +$doUpload = false; +if (isset ($_FILES ['file'])) { + $doUpload = true; } // ======================================== -function return_error ($msg) { +function returnError ($msg) { require (JIRAFEAU_ROOT.'lib/template/header.php'); echo '

' . $msg . '

'; require (JIRAFEAU_ROOT.'lib/template/footer.php'); @@ -125,52 +138,80 @@ function return_error ($msg) { } // ======================================== -function setTrack ($sender) { +function setSenderTrack ($sender) { if (!$sender) return; if (!file_exists (VAR_TRACKS)) mkdir (VAR_TRACKS, 0755); touch (VAR_TRACKS.$sender); } -function rmTrack ($sender) { +function rmSenderTrack ($sender) { if (!$sender) return; if (file_exists (VAR_TRACKS.$sender)) unlink (VAR_TRACKS.$sender); } -function getTrack ($sender) { +function getSenderTrack ($sender) { if (!$sender) return; return file_exists (VAR_TRACKS.$sender); } // ======================================== -function setPeriod ($sender, $period) { +function setSenderPeriod ($sender, $period) { if (!$sender) return; if (!file_exists (VAR_PERIOD)) mkdir (VAR_PERIOD, 0755); if (empty ($period) || DEFAULT_PERIOD == $period) { - if (file_exists (VAR_PERIOD.$sender)) - unlink (VAR_PERIOD.$sender); + rmSenderPeriod ($sender); } else file_put_contents (VAR_PERIOD.$sender, $period.NL); } -function rmPeriod ($sender) { +function rmSenderPeriod ($sender) { if (!$sender) return; if (file_exists (VAR_PERIOD.$sender)) unlink (VAR_PERIOD.$sender); } -function getPeriod ($sender) { +function getSenderPeriod ($sender) { if (!$sender || !file_exists (VAR_PERIOD.$sender)) return DEFAULT_PERIOD; return trim (file (VAR_PERIOD.$sender)[0]); } +function period2seconds ($periodName) { + if (!$periodName) + return JIRAFEAU_MONTH; + switch ($periodName) { + case 'minute': + return JIRAFEAU_MINUTE; + break; + case 'hour': + return JIRAFEAU_HOUR; + break; + case 'day': + return JIRAFEAU_DAY; + break; + case 'week': + return JIRAFEAU_WEEK; + break; + case 'month': + return JIRAFEAU_MONTH; + break; + case 'quarter': + return JIRAFEAU_QUARTER; + break; + case 'year': + return JIRAFEAU_YEAR; + break; + default: + returnError (t ('ERR_OCC') . ' (periodName)'); + } +} + // ======================================== -function setFake ($sender, $dir_link, $dirTime) { - return; +function setSenderFake ($sender, $dirLink, $dirTime) { if (!$sender) return; if (!file_exists (VAR_FAKE)) @@ -178,8 +219,7 @@ function setFake ($sender, $dir_link, $dirTime) { file_put_contents (VAR_FAKE.$sender, "time: ".$dirTime.NL."sender: ".$sender.NL); rmToken ($sender); } - -function getFake ($sender) { +function getSenderFake ($sender) { if (!$sender) return; return file_exists (VAR_FAKE.$sender); @@ -191,33 +231,70 @@ function isKazArchive ($link) { @preg_match ("/".T_ARCHIVE_TITLE."/", jirafeau_escape ($link ['file_name'])) && jirafeau_escape ($link ['mime_type']) == T_ARCHIVE_MIME; } + +// ======================================== +function readArchiveFromLink ($link) { + $p = s2p ($link ['hash']); + $lines = file (VAR_FILES . $p . $link ['hash']); + $archive = readArchiveFromLines ($lines); + return $archive; +} +function readArchiveFromLines ($lines) { + $archive = []; + $error = false; + foreach ($lines as $line) { + switch (true) { + case preg_match ("/^\s*id:\s*(\d++)\s*$/", $line, $matches): + $archive [T_ID] = $matches [1]; + case preg_match ("/^\s*sender:\s*(([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6})\s*$/i", $line, $matches): + $archive [T_SENDER] = $matches [1]; + break; + case preg_match ("/^\s*time:\s*(\d{4}([:-]\d{2}){5})\s*$/i", $line, $matches): + $archive [T_TIME] = $matches [1]; + break; + case preg_match ("/^\s*new:\s*([0-9a-zA-Z_-]+)\s+([0-9a-zA-Z_-]+)\s*$/", $line, $matches): + $archive [T_NEW][] = [$matches [1], $matches [2]]; + break; + case preg_match ("/^\s*old:\s*([0-9a-zA-Z_-]+)\s+([0-9a-zA-Z_-]+)\s*$/", $line, $matches): + $archive [T_OLD][] = [$matches [1], $matches [2]]; + break; + case preg_match ("/^\s*sign:\s*([0-9a-zA-Z_-]+)\s*$/", $line, $matches): + $archive [T_SIGN] = $matches [1]; + break; + default: + global $message; + $message .= "

error:".$line."

"; + $error = true; + break; + } + } + return $error ? [] : $archive; +} + // ======================================== function getFileName ($hash) { $p = s2p ($hash); return VAR_FILES.$p.$hash; } - function getTimeFile ($hash) { $f = getFileName ($hash); return file_exists ($f) ? filemtime ($f) : 0; } - function valideTime ($t1, $t2) { - return true; - return abs ($t1 - $t2) < 60; // XXX delay + global $message; + return abs ($t1 - $t2) < MAX_VALID_UPLOAD_TIME; } // ======================================== /** Update link * @param $link the link's name (hash) - * @param $update_period the periode (i.e in : "month") + * @param $update_period the period (i.e in : "month") */ -function update_link ($link_name, $link, $update_period) { +function updateLink ($link_name, $link, $maxLimit) { $time_max = $link ['time']; - $time_up = time () + $update_period; - $time_more = $time_up + JIRAFEAU_HOUR; - if ($time_max < 0 || $time_up < $time_max) + if ($time_max < 0 || $maxLimit < $time_max) return $time_max; + $time_more = $maxLimit + JIRAFEAU_MINUTE; $link ['time'] = $time_more; $link_tmp_name = VAR_LINKS . $link ['hash'] . rand (0, 10000) . '.tmp'; $handle = fopen ($link_tmp_name, 'w'); @@ -232,35 +309,7 @@ function update_link ($link_name, $link, $update_period) { } // ======================================== -// read archive info -function read_archive_info ($link) { - $p = s2p ($link ['hash']); - $result = []; - $error=false; - foreach (file (VAR_FILES . $p . $link ['hash']) as $line) { - switch (true) { - case preg_match ("/^\s*src:\s*(([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6})\s*$/i", $line, $matches): - $result [T_SENDER] = $matches [1]; - break; - case preg_match ("/^\s*time:\s*(\d{4}([:-]\d{2}){5})\s*$/i", $line, $matches): - $result [T_TIMESTAMP] = $matches [1]; - break; - case preg_match ("/^\s*old:\s*([0-9a-zA-Z_-]+)\s+([0-9a-zA-Z_-]+)\s*$/", $line, $matches): - $result [T_OLD][] = [$matches [1], $matches [2]]; - break; - case preg_match ("/^\s*new:\s*([0-9a-zA-Z_-]+)\s+([0-9a-zA-Z_-]+)\s*$/", $line, $matches): - $result [T_NEW][] = [$matches [1], $matches [2]]; - break; - default: - $error = true; - break; - } - } - return $error ? [] : $result; -} - -// ======================================== -function send_email ($receiver, $receiver_name, $subject, $body_string){ +function sendEMail ($receiver, $receiver_name, $subject, $body_string){ try { // SERVER SETTINGS $mail = new PHPMailer (true); @@ -359,49 +408,50 @@ function getTimeToken ($sender) { } // ======================================== -if ($do_update) { - $update_period = JIRAFEAU_MONTH; - switch ($_REQUEST [A_UPDATE]) { - case 'minute': - $update_period = JIRAFEAU_MINUTE; - break; - case 'hour': - $update_period = JIRAFEAU_HOUR; - break; - case 'day': - $update_period = JIRAFEAU_DAY; - break; - case 'week': - $update_period = JIRAFEAU_WEEK; - break; - case 'month': - $update_period = JIRAFEAU_MONTH; - break; - case 'quarter': - $update_period = JIRAFEAU_QUARTER; - break; - case 'year': - $update_period = JIRAFEAU_YEAR; - break; - default: - return_error (t ('ERR_OCC') . ' (update_period)'); - } - $link_name = $_REQUEST [A_HASH]; - if (!preg_match ('/[0-9a-zA-Z_-]+$/', $link_name)) - return_error (t ('FILE_404')); - $link = jirafeau_get_link ($link_name); +if ($doUpload) { + $maxtime = time ()+period2seconds ($_REQUEST ['time']); + $key = isset ($_REQUEST ['key']) ? $_REQUEST ['key'] : ''; + $ip = $_SERVER ['HTTP_X_REAL_IP']; // XXX + $res = jirafeau_upload ( + $_FILES['file'], + isset ($_POST ['one_time_download']), + $key, + $maxtime, + $ip, + $cfg['enable_crypt'], + $cfg['link_name_length'], + $cfg['file_hash'] + ); + if (! count ($res ['error']) || $res['error']['has_error']) + $content = 'Error 6 ' . $res['error']['why']; + else + $content = $res ['link'].NL.$res ['delete_link'].NL; + header ('HTTP/1.0 200 OK'); + header ('Content-Length: ' . strlen ($content)); + header ('Content-Type: text/plain'); + echo $content; + exit; +} + +// ======================================== +if ($doUpdate) { + $maxTime = time ()+period2seconds ($_REQUEST [A_UPDATE]); + $linkName = $_REQUEST [A_HASH]; + if (!preg_match ('/[0-9a-zA-Z_-]+$/', $linkName)) + returnError (t ('FILE_404')); + $link = jirafeau_get_link ($linkName); if (count ($link) == 0) - return_error (t ('FILE_404')); - $time = update_link ($link_name, $link, $update_period); + returnError (t ('FILE_404')); + $time = updateLink ($linkName, $link, $maxTime); $content = '' . $time . NL; if (isKazArchive ($link)) { - $archive_info = read_archive_info ($l); - if (count ($archive_info)) { + $archiveInfo = readArchiveFromLink ($l); + if (count ($archiveInfo)) { foreach ([T_OLD, T_NEW] as $cat) - if (isset ($archive_info [$cat])) - foreach ($archive_info [$cat] as [$link_name, $crypt_key]) - update_link ($link_name, jirafeau_get_link ($link_name), $update_period); + if (isset ($archiveInfo [$cat])) + foreach ($archiveInfo [$cat] as [$linkName, $cryptKey]) + updateLink ($linkName, jirafeau_get_link ($linkName), $maxTime); } } header ('HTTP/1.0 200 OK'); @@ -423,98 +473,98 @@ if (isset ($_REQUEST [A_SENDER]) && !empty ($_REQUEST [A_SENDER])) { } // ======================================== -if ($do_download) { +if ($doDownload) { // check archive exist $couple = explode ("~", $_REQUEST [A_GET], 2); if (count ($couple) == 0) - return_error (E_BAD_ARCHIVE_NAME); - $link_name = $couple [0]; - if (!$link_name || !preg_match ('/[0-9a-zA-Z_-]+$/', $link_name)) - return_error (E_BAD_ARCHIVE_NAME); - $crypt_key = count ($couple) == 2 ? $couple [1] : ""; - $link = jirafeau_get_link ($link_name); + returnError (E_BAD_ARCHIVE_NAME); + $linkName = $couple [0]; + if (!$linkName || !preg_match ('/[0-9a-zA-Z_-]+$/', $linkName)) + returnError (E_BAD_ARCHIVE_NAME); + $cryptKey = count ($couple) == 2 ? $couple [1] : ""; + $link = jirafeau_get_link ($linkName); if (count ($link) == 0) - return_error (t ('FILE_404')); + returnError (t ('FILE_404')); $key = $link ['key']; - if ($key && (empty ($crypt_key) || $key != $crypt_key)) - return_error (t ('BAD_PSW')); + if ($key && (empty ($cryptKey) || $key != $cryptKey)) + returnError (t ('BAD_PSW')); - $archive_info = read_archive_info ($link); + $archiveInfo = readArchiveFromLink ($link); // check entries - $archive_content = []; + $archiveContent = []; $modif = false; - $single_name = []; + $singleName = []; foreach ([T_OLD, T_NEW] as $cat) - if (isset ($archive_info [$cat])) - foreach ($archive_info [$cat] as [$link_name, $crypt_key]) { - $link = jirafeau_get_link ($link_name); + if (isset ($archiveInfo [$cat])) + foreach ($archiveInfo [$cat] as [$linkName, $cryptKey]) { + $link = jirafeau_get_link ($linkName); if (count ($link) == 0) { - if (isset ($archive_content [T_NOT_FOUND])) - ++$archive_content [T_NOT_FOUND]; + if (isset ($archiveContent [T_NOT_FOUND])) + ++$archiveContent [T_NOT_FOUND]; else - $archive_content [T_NOT_FOUND] = 1; + $archiveContent [T_NOT_FOUND] = 1; $modif = true; continue; } $key = $link ['key']; - if ($key && (empty ($crypt_key) || $key != $crypt_key)) { - if (isset ($archive_content [T_BAD_PASW])) - ++$archive_content [T_BAD_PASW]; + if ($key && (empty ($cryptKey) || $key != $cryptKey)) { + if (isset ($archiveContent [T_BAD_PASW])) + ++$archiveContent [T_BAD_PASW]; else - $archive_content [T_BAD_PASW] = 1; + $archiveContent [T_BAD_PASW] = 1; $modif = true; continue; } - $src_name = $dst_name = ($link ['file_name'] ? $link ['file_name'] : M_NO_FILENAME); - if (in_array ($src_name, $single_name)) + $srcName = $dstName = ($link ['file_name'] ? $link ['file_name'] : M_NO_FILENAME); + if (in_array ($srcName, $singleName)) for ($i = 0; $i < 10000; ++$i) { - $dst_name = sprintf ("%s-%2d", $src_name, $i); - if (!in_array ($dst_name, $single_name)) { - if (isset ($archive_content [T_RENAME])) - ++$archive_content [T_RENAME]; + $dstName = sprintf ("%s-%2d", $srcName, $i); + if (!in_array ($dstName, $singleName)) { + if (isset ($archiveContent [T_RENAME])) + ++$archiveContent [T_RENAME]; else - $archive_content [T_RENAME] = 1; + $archiveContent [T_RENAME] = 1; $modif = true; break; } } - $single_name [] = $dst_name; - $archive_content [$cat][T_ENTRIES][] = [T_HASH => $link ['hash'], T_FILENAME => $dst_name, T_CRYPT_KEY => $crypt_key, T_CRYPTED => $link ['crypted']]; + $singleName [] = $dstName; + $archiveContent [$cat][T_ENTRIES][] = [T_HASH => $link ['hash'], T_FILENAME => $dstName, T_CRYPT_KEY => $cryptKey, T_CRYPTED => $link ['crypted']]; } // build zip - $dirname = M_NO_SENDER.(isset ($archive_info [T_TIMESTAMP]) && !empty ($archive_info [T_TIMESTAMP])) ? - $archive_info [T_TIMESTAMP] : date ("Y-m-d-H:i:s"); + $dirname = M_NO_SENDER.(isset ($archiveInfo [T_TIME]) && !empty ($archiveInfo [T_TIME])) ? + $archiveInfo [T_TIME] : date ("Y-m-d-H:i:s"); $dirname = str_replace (":", "_", $dirname); $tmpFileName = tempnam (sys_get_temp_dir (), $dirname."-"); $zip = new ZipArchive; if (!$zip) - return_error (E_CREATE_ZIP); + returnError (E_CREATE_ZIP); if ($zip->open ($tmpFileName.T_ZIP_EXT, ZipArchive::CREATE) !== TRUE) - return_error (E_OPEN_ZIP); + returnError (E_OPEN_ZIP); // create info if ($modif) { $info = ''; - if (isset ($archive_info [T_NOT_FOUND])) - $info .= $archive_info [T_NOT_FOUND]. ($archive_info [T_NOT_FOUND] ? M_FILE_NOT_FOUND : M_FILES_NOT_FOUND).NL; - if (isset ($archive_info [T_BAD_PASW])) - $info .= M_BAD_KEY. $archive_info [T_BAD_PASW]. ($archive_info [T_BAD_PASW] ? M_FILE : M_FILES).NL; - if (isset ($archive_info[T_RENAME])) - $info .= $archive_info[T_RENAME]. ($archive_info[T_RENAME] ? M_FILE_RENAMED : M_FILES_RENAMED).NL; + if (isset ($archiveInfo [T_NOT_FOUND])) + $info .= $archiveInfo [T_NOT_FOUND]. ($archiveInfo [T_NOT_FOUND] ? M_FILE_NOT_FOUND : M_FILES_NOT_FOUND).NL; + if (isset ($archiveInfo [T_BAD_PASW])) + $info .= M_BAD_KEY. $archiveInfo [T_BAD_PASW]. ($archiveInfo [T_BAD_PASW] ? M_FILE : M_FILES).NL; + if (isset ($archiveInfo[T_RENAME])) + $info .= $archiveInfo[T_RENAME]. ($archiveInfo[T_RENAME] ? M_FILE_RENAMED : M_FILES_RENAMED).NL; $zip->addFromString ($dirname.T_WARNING_FILENAME, $info); } foreach ([T_OLD, T_NEW] as $cat) - if (isset ($archive_info [$cat])) { - $subdir = $dirname . ($cat == T_NEW ? "" : "/".M_OLD_ATTACHEMENT_DIRNAME); - foreach ($archive_content [$cat][T_ENTRIES] as $entry) { + if (isset ($archiveInfo [$cat])) { + $subdir = $dirname . "-".($cat == T_NEW ? M_NEW_ATTACHEMENT_DIRNAME : M_OLD_ATTACHEMENT_DIRNAME); + foreach ($archiveContent [$cat][T_ENTRIES] as $entry) { $p = s2p ($entry [T_HASH]); if ($entry [T_CRYPTED]) { $m = mcrypt_module_open ('rijndael-256', '', 'ofb', ''); $md5_key = md5 ($entry [T_CRYPT_KEY]); - $iv = jirafeau_crypt_create_iv ($md5_key, mcrypt_enc_get_iv_size ($m)); - mcrypt_generic_init ($m, $md5_key, $iv); + $iv = jirafeau_crypt_create_iv ($md5Key, mcrypt_enc_get_iv_size ($m)); + mcrypt_generic_init ($m, $md5Key, $iv); $r = fopen (VAR_FILES . $p . $entry [T_HASH], 'r'); $content = ""; while (!feof ($r)) { @@ -534,21 +584,21 @@ if ($do_download) { $zip->close (); - if (!is_file ($tmpFileName.T_ZIP_EXT,)) - return_error (E_OPEN_ZIP); - if (false) { // log - $content = print_r ($archive_info, 1); - $content .= print_r ($archive_content, 1); + $message .= print_r ($archiveInfo, 1); + $message .= print_r ($archiveContent, 1); header ('HTTP/1.0 200 OK'); - header ('Content-Length: ' . strlen ($content)); + header ('Content-Length: ' . strlen ($message)); header ('Content-Type: text/plain'); - echo $content; + echo $message; exit; } + if (!is_file ($tmpFileName.T_ZIP_EXT,)) + returnError (E_OPEN_ZIP); + header ("Content-Type: application/zip"); header ('Content-Disposition: filename="'.$dirname.'.zip"'); $r = fopen ($tmpFileName.".zip", 'r'); @@ -566,8 +616,8 @@ if ($do_download) { // ======================================== if (isset ($_REQUEST [A_RECORD]) && !empty ($_REQUEST [A_RECORD])) { if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_RECORD])) - return_error (M_BAD_SENDER_NAME); - $content = getTrack ($_REQUEST [A_RECORD]).NL; + returnError (M_BAD_SENDER_NAME); + $content = getSenderTrack ($_REQUEST [A_RECORD]).NL; header ('HTTP/1.0 200 OK'); header ('Content-Length: ' . strlen ($content)); header ('Content-Type: text/plain'); @@ -578,8 +628,8 @@ if (isset ($_REQUEST [A_RECORD]) && !empty ($_REQUEST [A_RECORD])) { // ======================================== if (isset ($_REQUEST [A_PERIOD]) && !empty ($_REQUEST [A_PERIOD])) { if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_PERIOD])) - return_error (M_BAD_SENDER_NAME); - $content = getPeriod ($_REQUEST [A_PERIOD]).NL; + returnError (M_BAD_SENDER_NAME); + $content = getSenderPeriod ($_REQUEST [A_PERIOD]).NL; header ('HTTP/1.0 200 OK'); header ('Content-Length: ' . strlen ($content)); header ('Content-Type: text/plain'); @@ -597,18 +647,18 @@ if (isset ($_REQUEST [A_TOKEN]) && !empty ($_REQUEST [A_TOKEN])) { } $refToken = getToken ($sender); -$url_base = $_SERVER ['HTTP_X_FORWARDED_PROTO']."://".$_SERVER ['HTTP_HOST']; +$urlBase = $_SERVER ['HTTP_X_FORWARDED_PROTO']."://".$_SERVER ['HTTP_HOST']; if (isset ($_REQUEST [A_ACTION]) && $_REQUEST [A_ACTION] == T_SEND && $sender) { require (JIRAFEAU_ROOT . 'lib/template/header.php'); - if (getFake ($sender)) + if (getSenderFake ($sender)) echo "Ce compte ne peut plus se connecter. Veuillez contacter les administrateurs."; else { $token = setToken ($sender); // XXX test token - $url = $url_base.$_SERVER ['SCRIPT_NAME']."?".A_SENDER."=".$sender."&".A_TOKEN."=".$token; - $result = send_email ($sender, "", M_EMAIL_SUBJECT, - str_replace (["___LINK___", "___IP___", "___DATE___"], - [$url, $_SERVER ['HTTP_X_REAL_IP'] , date ("Y-m-d H:i:s")], M_EMAIL_CONTENT)); + $url = $urlBase.$_SERVER ['SCRIPT_NAME']."?".A_SENDER."=".$sender."&".A_TOKEN."=".$token; + $result = sendEMail ($sender, "", M_EMAIL_SUBJECT, + str_replace (["___LINK___", "___IP___", "___DATE___"], + [$url, $_SERVER ['HTTP_X_REAL_IP'] , date ("Y-m-d H:i:s")], M_EMAIL_CONTENT)); if ($result) echo M_SEND_TOKEN; else @@ -665,115 +715,126 @@ if (!getLoggedToken ($sender)) else touch (VAR_TOKENS.$sender); -function deleteAction ($link_name) { +function deleteAction ($linkName) { global $sender, $token, $message, $doLogout; - $link = jirafeau_get_link ($link_name); - //$message .= "ln: ".$link_name." l: "."
".print_r ($link, 1)."
mt: ".getTimeFile ($link ['hash'])."
"; + $link = jirafeau_get_link ($linkName); + //$message .= "ln: ".$linkName." l: "."
".print_r ($link, 1)."
mt: ".getTimeFile ($link ['hash'])."
"; if (!count ($link)) return; if (isKazArchive ($link)) { - $dir_name = $link_name; - $dir_link = $link; - $dirTime = getTimeFile ($dir_link ['hash']); - $archive_info = read_archive_info ($dir_link); - if (! count ($archive_info)) + $dirName = $linkName; + $dirLink = $link; + $dirTime = $dirLink ['upload_date']; + $archiveInfo = readArchiveFromLink ($dirLink); + if (! count ($archiveInfo)) return; - if ($sender != $archive_info [T_SENDER]) { - setFake ($sender, $dir_link, $dirTime); - $message .= "Tentative de supprimer un envoi dont vous n'êtes pas le propriétaire. (F1 ".$sender." != ".$archive_info [T_SENDER].")"; - //XXX $doLogout = true; + if ($sender != $archiveInfo [T_SENDER]) { + setSenderFake ($sender, $dirLink, $dirTime); + $message .= "Tentative de supprimer un envoi dont vous n'êtes pas le propriétaire. (".$sender." != ".$archiveInfo [T_SENDER].")"; + $doLogout = true; return; } - if ($archive_info [T_NEW]) - foreach ($archive_info [T_NEW] as [$file_name, $crypt_key]) { - $file_link = jirafeau_get_link ($file_name); - if (! count ($file_link)) + $fileToDelete = false; + if ($archiveInfo [T_NEW]) + foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) { + $fileLink = jirafeau_get_link ($fileName); + if (! count ($fileLink)) continue; - $fileTime = getTimeFile ($file_link ['hash']); + $fileTime = $fileLink ['upload_date']; if (! valideTime ($dirTime, $fileTime)) { - setFake ($sender, $dir_link, $dirTime); - $message .= "Cet envoi a été forgée (dates incohéantes). (F2 ". - getFileName ($dir_link ['hash'])." =? ".getFileName ($file_link ['hash'])." ". - date ("Y-m-d H:i:s", $dirTime)." != ".date ("Y-m-d H:i:s", $fileTime).")"; - // XXX $doLogout = true; + setSenderFake ($sender, $dirLink, $dirTime); + $message .= "Cet envoi a été forgée". + str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"], + [$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES); + $doLogout = true; return; } + $fileToDelete = true; } - if ($archive_info [T_NEW]) - foreach ($archive_info [T_NEW] as [$file_name, $crypt_key]) { - $file_link = jirafeau_get_link ($file_name); - if (! count ($file_link)) + $message .= "l'envoi ".$archiveInfo [T_TIME]." est supprimé"; + if ($fileToDelete) + $message .= " avec" : "."; return; } - $file_name = $link_name; - $file_link = $link; - $fileTime = getTimeFile ($file_name); + $fileName = $linkName; + $fileLink = $link; + $fileTime = $fileLink ['upload_date']; $stack = array (VAR_LINKS); while (($d = array_shift ($stack)) && $d != null) { if (!file_exists ($d)) continue; $dir = scandir ($d); - foreach ($dir as $dir_name) { - if (strcmp ($dir_name, '.') == 0 || strcmp ($dir_name, '..') == 0 || - preg_match ('/\.tmp/i', "$dir_name")) { + foreach ($dir as $dirName) { + if (strcmp ($dirName, '.') == 0 || strcmp ($dirName, '..') == 0 || + preg_match ('/\.tmp/i', "$dirName")) { continue; } - if (is_dir ($d . $dir_name)) { - /* Push new found directory. */ - $stack [] = $d . $dir_name . '/'; + if (is_dir ($d . $dirName)) { + $stack [] = $d . $dirName . '/'; continue; } - /* Read link informations. */ - $dir_link = jirafeau_get_link ($dir_name); - $dirTime = getTimeFile ($dir_link ['hash']); - if (!count ($dir_link)) + $dirLink = jirafeau_get_link ($dirName); + //$dirTime = getTimeFile ($dirLink ['hash']); + $dirTime = $dirLink ['upload_date']; + if (!count ($dirLink)) continue; - if (!isKazArchive ($dir_link)) + if (!isKazArchive ($dirLink)) continue; - $archive_info = read_archive_info ($dir_link); - if (! count ($archive_info)) + $archiveInfo = readArchiveFromLink ($dirLink); + if (! count ($archiveInfo)) return; - if ($archive_info [T_NEW]) - foreach ($archive_info [T_NEW] as [$new_name, $crypt_key]) { - if ($file_name != $new_name) + if ($archiveInfo [T_NEW]) + foreach ($archiveInfo [T_NEW] as [$newName, $cryptKey]) { + if ($fileName != $newName) continue; - if ($sender == $archive_info [T_SENDER]) { + if ($sender == $archiveInfo [T_SENDER]) { if (valideTime ($dirTime, $fileTime)) { - jirafeau_delete_link ($file_name); - $message .= jirafeau_escape ($file_link ['file_name'])." est supprim&eacte;."; + jirafeau_delete_link ($fileName); + $message .= jirafeau_escape ($fileLink ['file_name'])." est supprimé"; // check empty dir $empty = true; foreach ([T_OLD, T_NEW] as $cat) - if ($empty && isset ($archive_info [$cat])) - foreach ($archive_info [$cat] as [$l, $c]) + if ($empty && isset ($archiveInfo [$cat])) + foreach ($archiveInfo [$cat] as [$l, $c]) if (count (jirafeau_get_link ($l))) { $empty = false; break; } if ($empty) { - $message .= jirafeau_escape ($file_link ['dir_name'])." vide est &eacte;galement supprim&eacte;."; - jirafeau_delete_link ($dir_name); - } + $message .= " ainsi que l'envoie ".$archiveInfo [T_TIME]." qui est vide."; + jirafeau_delete_link ($dirName); + } else + $message .= "."; break; } - setFake ($sender, $dir_link, $dirTime); - $message .= "Cet envoi a été forgée. (F3 ".date ("Y-m-d H:i:s", $dirTime)." != ".date ("Y-m-d H:i:s", $fileTime).")"; - // XXX $dologout = true; + setSenderFake ($sender, $dirLink, $dirTime); + $message .= "Cet envoi a été forgée. ". + str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"], + [$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES); + $dologout = true; break; } if (valideTime ($dirTime, $fileTime)) { - setFake ($sender, $dir_link, $dirTime); - $message .= "Tentative de supprimer un envoi dont vous n'êtes pas le propriétaire. (F4 ".date ("Y-m-d H:i:s", $dirTime)." != ".date ("Y-m-d H:i:s", $fileTime).")"; - // XXX $doLogout = true; + setSenderFake ($sender, $dirLink, $dirTime); + $message .= "Tentative de supprimer un envoi dont vous n'êtes pas le propriétaire.". + str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"], + [$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES); + $doLogout = true; break; } - setFake ($archive_info [T_SENDER], $dir_link, $dirTime); - $message .= "Quelqu'un avétait revandiqué cet envoi. (F5 ".$sender." != ".$archive_info [T_SENDER].")"; + setSenderFake ($archiveInfo [T_SENDER], $dirLink, $dirTime); + $message .= "Quelqu'un avétait revandiqué cet envoi. (".$sender." != ".$archiveInfo [T_SENDER].")"; break; } } @@ -787,7 +848,7 @@ function deleteAction ($link_name) { // delete if (isset ($_REQUEST [A_DELETE])) { if (!preg_match ('/[0-9a-zA-Z_-]+$/', $_REQUEST [A_DELETE])) - return_error (t ('FILE_404')); + returnError (t ('FILE_404')); deleteAction ($_REQUEST [A_DELETE]); } @@ -810,13 +871,13 @@ if (isset ($_REQUEST [A_ACTION])) { switch (true) { case preg_match ("/^".A_RECORD."(on|off)$/i", $_REQUEST [A_ACTION], $matches): if ($matches [1] == "on") - setTrack ($sender); + setSenderTrack ($sender); else - rmTrack ($sender); + rmSenderTrack ($sender); $message .= "Votre suivi à été mise à jour."; break; case preg_match ("/^".A_PERIOD."(".implode ("|", array_keys ($periodText)).")$/i", $_REQUEST [A_ACTION], $matches): - setPeriod ($sender, $matches [1]); + setSenderPeriod ($sender, $matches [1]); $message .= "Votre période à été mise à jour."; break; } @@ -827,30 +888,30 @@ $archives = []; $stack = array (VAR_LINKS); while ( ($d = array_shift ($stack)) && $d != null) { $dir = scandir ($d); - foreach ($dir as $dir_name) { - if (strcmp ($dir_name, '.') == 0 || strcmp ($dir_name, '..') == 0 || - preg_match ('/\.tmp/i', "$dir_name")) { + foreach ($dir as $dirName) { + if (strcmp ($dirName, '.') == 0 || strcmp ($dirName, '..') == 0 || + preg_match ('/\.tmp/i', "$dirName")) { continue; } - if (is_dir ($d . $dir_name)) { + if (is_dir ($d . $dirName)) { /* Push new found directory. */ - $stack [] = $d . $dir_name . '/'; + $stack [] = $d . $dirName . '/'; continue; } /* Read link informations. */ - $l = jirafeau_get_link ($dir_name); + $l = jirafeau_get_link ($dirName); if (!count ($l)) continue; if (!isKazArchive ($l)) continue; - $archive_info = read_archive_info ($l); - if ($sender != $archive_info [T_SENDER]) + $archiveInfo = readArchiveFromLink ($l); + if ($sender != $archiveInfo [T_SENDER]) continue; - $archive_info ['link'] = $dir_name; - $archive_info ['key'] = $l ['key']; - $archive_info ['time'] = $l ['time']; - $archive_info ['hash'] = $l ['hash']; - $archives [] = $archive_info; + $archiveInfo ['link'] = $dirName; + $archiveInfo ['key'] = $l ['key']; + $archiveInfo ['maxtime'] = $l ['time']; + $archiveInfo ['hash'] = $l ['hash']; + $archives [] = $archiveInfo; } } require (JIRAFEAU_ROOT . 'lib/template/header.php'); @@ -864,7 +925,7 @@ echo '