|
|
@ -3,9 +3,14 @@ |
|
|
|
* Kaz addon (see https://git.kaz.bzh/KAZ/depollueur for information) |
|
|
|
* create un archive for a set of file or update file deadline |
|
|
|
|
|
|
|
a.php?u=month&h=HHHHHHHH => deadline |
|
|
|
a.php?r=email => track |
|
|
|
a.php?p=email => period |
|
|
|
a.php?u=month&h=HHHHHHHH => update deadline |
|
|
|
a.php?g=l~k => zip |
|
|
|
a.php?s=mel@domain.org => send status e-mail |
|
|
|
a.php?time=month&key=password + POST file => upload |
|
|
|
a.php?s=mel@domain.org => form |
|
|
|
a.php?s=mel@domain.org&t=password + [action] => manage account |
|
|
|
action: a=login a=logout a=r[on|off] a=p[minute|hour|day|week|month|quarter] |
|
|
|
*/ |
|
|
|
use PHPMailer\PHPMailer\PHPMailer; |
|
|
|
use PHPMailer\PHPMailer\SMTP; |
|
|
@ -62,7 +67,7 @@ define ('M_SEND_TOKEN', "Vous allez recevoir un lien d'accès temporaire & |
|
|
|
define ('M_INCONSISTENT_DATES', |
|
|
|
" (dates incohéantes avec ___FILENAME___ : ___DIRTIME___ != ___FILETIME___)"); |
|
|
|
|
|
|
|
define ('A_ACTION', 'a'); // action : T_SEND, T_LOGOUT, A_RECORD+(on|off), A_PERIOD(minute|hour|day|week|month|quarter) |
|
|
|
define ('A_ACTION', 'a'); // action : T_LOGIN, T_LOGOUT, A_RECORD+(on|off), A_PERIOD(minute|hour|day|week|month|quarter) |
|
|
|
define ('A_GET', 'g'); // get archive |
|
|
|
define ('A_HASH', 'h'); // file to update or delete |
|
|
|
define ('A_OPEN_TOKEN', 'o'); // ask token |
|
|
@ -85,8 +90,8 @@ define ('T_SIGN', 'sign'); |
|
|
|
define ('T_NOT_FOUND', 'not_found'); |
|
|
|
define ('T_OLD', 'old'); |
|
|
|
define ('T_RENAME', 'rename'); |
|
|
|
define ('T_SEND', 'send'); |
|
|
|
define ('T_LOGOUT', 'lougout'); |
|
|
|
define ('T_LOGIN', 'login'); |
|
|
|
define ('T_LOGOUT', 'logout'); |
|
|
|
define ('T_SENDER', 'sender'); |
|
|
|
define ('T_TIME', 'time'); |
|
|
|
define ('T_ID', 'id'); |
|
|
@ -113,6 +118,31 @@ $message = ''; |
|
|
|
/* Remove errors. */ |
|
|
|
@error_reporting (0); |
|
|
|
|
|
|
|
// ======================================== |
|
|
|
if (isset ($_REQUEST [A_RECORD]) && !empty ($_REQUEST [A_RECORD])) { |
|
|
|
if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_RECORD])) |
|
|
|
returnError (M_BAD_SENDER_NAME); |
|
|
|
$content = getSenderTrack ($_REQUEST [A_RECORD]).NL; |
|
|
|
header ('HTTP/1.0 200 OK'); |
|
|
|
header ('Content-Length: ' . strlen ($content)); |
|
|
|
header ('Content-Type: text/plain'); |
|
|
|
echo $content; |
|
|
|
exit; |
|
|
|
} |
|
|
|
|
|
|
|
// ======================================== |
|
|
|
if (isset ($_REQUEST [A_PERIOD]) && !empty ($_REQUEST [A_PERIOD])) { |
|
|
|
if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_PERIOD])) |
|
|
|
returnError (M_BAD_SENDER_NAME); |
|
|
|
$content = getSenderPeriod ($_REQUEST [A_PERIOD]).NL; |
|
|
|
header ('HTTP/1.0 200 OK'); |
|
|
|
header ('Content-Length: ' . strlen ($content)); |
|
|
|
header ('Content-Type: text/plain'); |
|
|
|
echo $content; |
|
|
|
exit; |
|
|
|
} |
|
|
|
|
|
|
|
// ======================================== |
|
|
|
$doUpdate = false; |
|
|
|
if (isset ($_REQUEST [A_UPDATE]) && !empty ($_REQUEST [A_UPDATE])) { |
|
|
|
$doUpdate = true; |
|
|
@ -211,27 +241,46 @@ function period2seconds ($periodName) { |
|
|
|
} |
|
|
|
|
|
|
|
// ======================================== |
|
|
|
function setSenderFake ($error, $sender, $owner, $dirLink, $dirTime, $fileName, $fileTime) { |
|
|
|
if (!$sender) |
|
|
|
return; |
|
|
|
function setSenderFake ($error, $sender, $owner, $dirLink, $fileLink) { |
|
|
|
global $doLogout; |
|
|
|
|
|
|
|
if (!file_exists (VAR_FAKE)) |
|
|
|
mkdir (VAR_FAKE, 0755); |
|
|
|
file_put_contents (VAR_FAKE.$sender, |
|
|
|
"time: ".time ().NL. |
|
|
|
"date: ".date ("Y-m-d H:i:s").NL. |
|
|
|
"error: ".$error.NL. |
|
|
|
"sender: ".$sender.NL. |
|
|
|
"owner: ".$owner.NL. |
|
|
|
"dirLink: ".$dirLink.NL. |
|
|
|
"dirTime: ".$dirTime.NL. |
|
|
|
"fileTime: ".$fileTime.NL); |
|
|
|
"fileName: ".$fileName.NL. |
|
|
|
rmToken ($sender); |
|
|
|
} |
|
|
|
function getSenderFake ($sender) { |
|
|
|
$dirTime = $fileTime = $fileName = $fileType = $ip = ''; |
|
|
|
if (count ($dirLink) != 0) { |
|
|
|
$dirTime = $dirLink ['upload_date'].date (" Y-m-d H:i:s", $dirLink ['upload_date']); |
|
|
|
$ip = $dirLink ['ip']; |
|
|
|
} |
|
|
|
if (!$sender) |
|
|
|
return; |
|
|
|
return file_exists (VAR_FAKE.$sender); |
|
|
|
if (count ($fileLink) != 0) { |
|
|
|
$fileTime = $fileLink ['upload_date'].date (" Y-m-d H:i:s", $fileLink ['upload_date']); |
|
|
|
$fileName = $link ['file_name']; |
|
|
|
$fileType = $link ['mime_type']; |
|
|
|
} |
|
|
|
$content = |
|
|
|
"time : ".time ().NL. |
|
|
|
"date : ".date ("Y-m-d H:i:s").NL. |
|
|
|
"error : ".$error.NL. |
|
|
|
"sender : <".$sender.">".NL. |
|
|
|
"owner : <".$owner.">".NL. |
|
|
|
"dirLink : <".$dirLink.">".NL. |
|
|
|
"dirTime : ".$dirTime.NL. |
|
|
|
"dirIp : ".$ip.NL. |
|
|
|
"fileTime: ".$fileTime.NL. |
|
|
|
"fileType: <".$fileType.">".NL. |
|
|
|
"fileName: <".$fileName.">".NL; |
|
|
|
|
|
|
|
$log = $ip.$sender; |
|
|
|
if ($log) |
|
|
|
file_put_contents (VAR_FAKE.$log, $content); |
|
|
|
|
|
|
|
// $doLogout = true; |
|
|
|
// rmToken ($sender); |
|
|
|
} |
|
|
|
function getSenderFake ($sender) { |
|
|
|
return false; |
|
|
|
// return $sender && file_exists (VAR_FAKE.$sender); |
|
|
|
} |
|
|
|
|
|
|
|
// ======================================== |
|
|
@ -594,7 +643,7 @@ if ($doDownload) { |
|
|
|
|
|
|
|
|
|
|
|
if (false) { |
|
|
|
// log |
|
|
|
// debug |
|
|
|
$message .= print_r ($archiveInfo, 1); |
|
|
|
$message .= print_r ($archiveContent, 1); |
|
|
|
|
|
|
@ -622,30 +671,6 @@ if ($doDownload) { |
|
|
|
exit; |
|
|
|
} |
|
|
|
|
|
|
|
// ======================================== |
|
|
|
if (isset ($_REQUEST [A_RECORD]) && !empty ($_REQUEST [A_RECORD])) { |
|
|
|
if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_RECORD])) |
|
|
|
returnError (M_BAD_SENDER_NAME); |
|
|
|
$content = getSenderTrack ($_REQUEST [A_RECORD]).NL; |
|
|
|
header ('HTTP/1.0 200 OK'); |
|
|
|
header ('Content-Length: ' . strlen ($content)); |
|
|
|
header ('Content-Type: text/plain'); |
|
|
|
echo $content; |
|
|
|
exit; |
|
|
|
} |
|
|
|
|
|
|
|
// ======================================== |
|
|
|
if (isset ($_REQUEST [A_PERIOD]) && !empty ($_REQUEST [A_PERIOD])) { |
|
|
|
if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_PERIOD])) |
|
|
|
returnError (M_BAD_SENDER_NAME); |
|
|
|
$content = getSenderPeriod ($_REQUEST [A_PERIOD]).NL; |
|
|
|
header ('HTTP/1.0 200 OK'); |
|
|
|
header ('Content-Length: ' . strlen ($content)); |
|
|
|
header ('Content-Type: text/plain'); |
|
|
|
echo $content; |
|
|
|
exit; |
|
|
|
} |
|
|
|
|
|
|
|
// ======================================== |
|
|
|
// form |
|
|
|
$token = ''; |
|
|
@ -657,7 +682,7 @@ if (isset ($_REQUEST [A_TOKEN]) && !empty ($_REQUEST [A_TOKEN])) { |
|
|
|
|
|
|
|
$refToken = getToken ($sender); |
|
|
|
$urlBase = $_SERVER ['HTTP_X_FORWARDED_PROTO']."://".$_SERVER ['HTTP_HOST']; |
|
|
|
if (isset ($_REQUEST [A_ACTION]) && $_REQUEST [A_ACTION] == T_SEND && $sender) { |
|
|
|
if (isset ($_REQUEST [A_ACTION]) && $_REQUEST [A_ACTION] == T_LOGIN && $sender) { |
|
|
|
require (JIRAFEAU_ROOT . 'lib/template/header.php'); |
|
|
|
if (getSenderFake ($sender)) |
|
|
|
echo "Ce compte ne peut plus se connecter. Veuillez contacter les administrateurs."; |
|
|
@ -707,7 +732,7 @@ if (! ($sender && $token && $token == $refToken && |
|
|
|
</tr> |
|
|
|
<tr class="nav"> |
|
|
|
<td class="nav next"> |
|
|
|
<input type="hidden" name="<?php echo A_ACTION; ?>" value="<?php echo T_SEND; ?>" /> |
|
|
|
<input type="hidden" name="<?php echo A_ACTION; ?>" value="<?php echo T_LOGIN; ?>" /> |
|
|
|
<input type="submit" value="<?php echo M_SEND; ?>" /> |
|
|
|
</td> |
|
|
|
</tr> |
|
|
@ -739,9 +764,8 @@ function deleteAction ($linkName) { |
|
|
|
if (! count ($archiveInfo)) |
|
|
|
return; |
|
|
|
if ($sender != $archiveInfo [T_SENDER]) { |
|
|
|
setSenderFake ("rmdir: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, $dirTime, null, null); |
|
|
|
setSenderFake ("rmdir: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, null); |
|
|
|
$message .= "Tentative de supprimer un envoi dont vous n'êtes pas le propriétaire"; |
|
|
|
$doLogout = true; |
|
|
|
return; |
|
|
|
} |
|
|
|
$fileToDelete = false; |
|
|
@ -752,11 +776,10 @@ function deleteAction ($linkName) { |
|
|
|
continue; |
|
|
|
$fileTime = $fileLink ['upload_date']; |
|
|
|
if (! valideTime ($dirTime, $fileTime)) { |
|
|
|
setSenderFake ("rmdir: newfile not same time", $sender, null, $dirLink, $dirTime, $fileLink ['file_name'], $fileTime); |
|
|
|
setSenderFake ("rmdir: newfile not same time", $sender, null, $dirLink, $fileLink); |
|
|
|
$message .= "Cet envoi a été forgée". |
|
|
|
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"], |
|
|
|
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES); |
|
|
|
//$doLogout = true; |
|
|
|
return; |
|
|
|
} |
|
|
|
$fileToDelete = true; |
|
|
@ -827,22 +850,20 @@ function deleteAction ($linkName) { |
|
|
|
$message .= "."; |
|
|
|
break; |
|
|
|
} |
|
|
|
setSenderFake ("rm: dir not same time", $sender, null, $dirLink, $dirTime, $fileLink ['file_name'], $fileTime); |
|
|
|
setSenderFake ("rm: dir not same time", $sender, null, $dirLink, $fileLink); |
|
|
|
$message .= "Cet envoi a été forgée. ". |
|
|
|
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"], |
|
|
|
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES); |
|
|
|
//$dologout = true; |
|
|
|
break; |
|
|
|
} |
|
|
|
if (valideTime ($dirTime, $fileTime)) { |
|
|
|
setSenderFake ("rm: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, $dirTime, $fileLink ['file_name'], $fileTime); |
|
|
|
setSenderFake ("rm: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, $fileLink); |
|
|
|
$message .= "Tentative de supprimer un envoi dont vous n'êtes pas le propriétaire.". |
|
|
|
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"], |
|
|
|
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES); |
|
|
|
//$doLogout = true; |
|
|
|
break; |
|
|
|
} |
|
|
|
setSenderFake ("rm: find not owner", $archiveInfo [T_SENDER], $sender, $dirLink, $dirTime, $fileLink ['file_name'], $fileTime); |
|
|
|
setSenderFake ("rm: find not owner", $archiveInfo [T_SENDER], $sender, $dirLink, $fileLink); |
|
|
|
$message .= "Quelqu'un avétait revandiqué cet envoi. (".$sender." != ".$archiveInfo [T_SENDER].")"; |
|
|
|
break; |
|
|
|
} |
|
|
@ -1087,72 +1108,3 @@ require (JIRAFEAU_ROOT.'lib/template/footer.php'); |
|
|
|
exit; |
|
|
|
|
|
|
|
// ======================================== |
|
|
|
// // $count = count ($lines)-1; |
|
|
|
// // $content = ''; |
|
|
|
// // for ($i = 0; $i < $count; $i++) |
|
|
|
// // $content .= $lines [$i]; |
|
|
|
// // if (isset ($archive [T_SIGN]) && $archive [T_SIGN] == md5 ($content)) |
|
|
|
// // return $archive; |
|
|
|
// // $message .= "bad signature <pre>".print_r ($lines, 1)."</pre>"; |
|
|
|
// // return []; |
|
|
|
|
|
|
|
// function getSecret () { |
|
|
|
// if (!file_exists (VAR_PRIVATE."secret")) { |
|
|
|
// mkdir (VAR_PERIOD, 0700); |
|
|
|
// for ($s = '', $i = 0, $z = strlen ($a = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789')-1; |
|
|
|
// $i != 32; |
|
|
|
// $x = rand (0, $z), $s .= $a{$x}, $i++); |
|
|
|
// file_put_contents (VAR_PRIVATE."secret", $s.NL); |
|
|
|
// } |
|
|
|
// return trim (file (VAR_PERIOD."secret")); |
|
|
|
// } |
|
|
|
// function crea-teArchive ($archive, $key, $maxtime, $ip) { |
|
|
|
// if (!count ($archive)) |
|
|
|
// return; |
|
|
|
// $content = T_ID.': '.time (); |
|
|
|
// if (isset ($archive [T_TIME])) |
|
|
|
// $content .= "time: ".$archive [T_TIME].NL; |
|
|
|
// if (isset ($archive [T_SENDER])) |
|
|
|
// $content .= "src: ".$archive [T_SENDER].NL; |
|
|
|
// foreach ([T_OLD, T_NEW] as $cat) |
|
|
|
// if (isset ($archiveInfo [$cat])) |
|
|
|
// foreach ($archiveInfo [$cat] as [$linkName, $cryptKey]) |
|
|
|
// $content .= $cat.": ".$linkName." ".$cryptKey; |
|
|
|
// $content .= T_SIGN.": ".md5 ($content).NL; |
|
|
|
// $tmpFileName = tempnam (sys_get_temp_dir (), date ("newArchive-Ymd-H:i:s")."-"); |
|
|
|
// file_put_contents ($tmpFileName, $content); |
|
|
|
|
|
|
|
// $file ['name'] = $tmpFileName; |
|
|
|
// $file ['tmp_name'] = T_ARCHIVE_TITLE; |
|
|
|
// $file ['error'] = UPLOAD_ERR_OK; |
|
|
|
// $file ['type'] = T_ARCHIVE_MIME; |
|
|
|
// $file ['size'] = filesize ($file ['tmp_name']); |
|
|
|
|
|
|
|
// $res = jirafeau_upload ( |
|
|
|
// $file, |
|
|
|
// false, |
|
|
|
// $key, |
|
|
|
// $maxtime, |
|
|
|
// $ip, |
|
|
|
// $cfg ['enable_crypt'], |
|
|
|
// $cfg ['link_name_length'], |
|
|
|
// $cfg ['file_hash'] |
|
|
|
// ); |
|
|
|
// unlink ($tmpFileName); |
|
|
|
// } |
|
|
|
// function checkNewArchive ($archive) { |
|
|
|
// if (isset ($archiveInfo [T_NEW])) |
|
|
|
// foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) { |
|
|
|
// $fileLink = jirafeau_get_link ($fileName); |
|
|
|
// if (! count ($link)) |
|
|
|
// return false; |
|
|
|
// //upload_date |
|
|
|
// } |
|
|
|
|
|
|
|
// // all new never download |
|
|
|
// // all new mtime < 60s |
|
|
|
// } |
|
|
|
// function checkReadArchive ($archive) { |
|
|
|
// // md5 |
|
|
|
// } |
|
|
|
?> |
|
|
|