From dbe0e45525f87a8e3f1942ded14ea1236affd1b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois?= Date: Sat, 19 Feb 2022 08:43:14 +0100 Subject: [PATCH] update --- src/Jirafeau/a.php | 206 +++++++++++++++++---------------------------- src/bash/filter.sh | 4 +- 2 files changed, 81 insertions(+), 129 deletions(-) diff --git a/src/Jirafeau/a.php b/src/Jirafeau/a.php index b3646b0..51bf444 100644 --- a/src/Jirafeau/a.php +++ b/src/Jirafeau/a.php @@ -3,9 +3,14 @@ * Kaz addon (see https://git.kaz.bzh/KAZ/depollueur for information) * create un archive for a set of file or update file deadline - a.php?u=month&h=HHHHHHHH => deadline + a.php?r=email => track + a.php?p=email => period + a.php?u=month&h=HHHHHHHH => update deadline a.php?g=l~k => zip - a.php?s=mel@domain.org => send status e-mail + a.php?time=month&key=password + POST file => upload + a.php?s=mel@domain.org => form + a.php?s=mel@domain.org&t=password + [action] => manage account + action: a=login a=logout a=r[on|off] a=p[minute|hour|day|week|month|quarter] */ use PHPMailer\PHPMailer\PHPMailer; use PHPMailer\PHPMailer\SMTP; @@ -62,7 +67,7 @@ define ('M_SEND_TOKEN', "Vous allez recevoir un lien d'accès temporaire & define ('M_INCONSISTENT_DATES', " (dates incohéantes avec ___FILENAME___ : ___DIRTIME___ != ___FILETIME___)"); -define ('A_ACTION', 'a'); // action : T_SEND, T_LOGOUT, A_RECORD+(on|off), A_PERIOD(minute|hour|day|week|month|quarter) +define ('A_ACTION', 'a'); // action : T_LOGIN, T_LOGOUT, A_RECORD+(on|off), A_PERIOD(minute|hour|day|week|month|quarter) define ('A_GET', 'g'); // get archive define ('A_HASH', 'h'); // file to update or delete define ('A_OPEN_TOKEN', 'o'); // ask token @@ -85,8 +90,8 @@ define ('T_SIGN', 'sign'); define ('T_NOT_FOUND', 'not_found'); define ('T_OLD', 'old'); define ('T_RENAME', 'rename'); -define ('T_SEND', 'send'); -define ('T_LOGOUT', 'lougout'); +define ('T_LOGIN', 'login'); +define ('T_LOGOUT', 'logout'); define ('T_SENDER', 'sender'); define ('T_TIME', 'time'); define ('T_ID', 'id'); @@ -113,6 +118,31 @@ $message = ''; /* Remove errors. */ @error_reporting (0); +// ======================================== +if (isset ($_REQUEST [A_RECORD]) && !empty ($_REQUEST [A_RECORD])) { + if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_RECORD])) + returnError (M_BAD_SENDER_NAME); + $content = getSenderTrack ($_REQUEST [A_RECORD]).NL; + header ('HTTP/1.0 200 OK'); + header ('Content-Length: ' . strlen ($content)); + header ('Content-Type: text/plain'); + echo $content; + exit; +} + +// ======================================== +if (isset ($_REQUEST [A_PERIOD]) && !empty ($_REQUEST [A_PERIOD])) { + if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_PERIOD])) + returnError (M_BAD_SENDER_NAME); + $content = getSenderPeriod ($_REQUEST [A_PERIOD]).NL; + header ('HTTP/1.0 200 OK'); + header ('Content-Length: ' . strlen ($content)); + header ('Content-Type: text/plain'); + echo $content; + exit; +} + +// ======================================== $doUpdate = false; if (isset ($_REQUEST [A_UPDATE]) && !empty ($_REQUEST [A_UPDATE])) { $doUpdate = true; @@ -211,27 +241,46 @@ function period2seconds ($periodName) { } // ======================================== -function setSenderFake ($error, $sender, $owner, $dirLink, $dirTime, $fileName, $fileTime) { - if (!$sender) - return; +function setSenderFake ($error, $sender, $owner, $dirLink, $fileLink) { + global $doLogout; + if (!file_exists (VAR_FAKE)) mkdir (VAR_FAKE, 0755); - file_put_contents (VAR_FAKE.$sender, - "time: ".time ().NL. - "date: ".date ("Y-m-d H:i:s").NL. - "error: ".$error.NL. - "sender: ".$sender.NL. - "owner: ".$owner.NL. - "dirLink: ".$dirLink.NL. - "dirTime: ".$dirTime.NL. - "fileTime: ".$fileTime.NL); - "fileName: ".$fileName.NL. - rmToken ($sender); -} -function getSenderFake ($sender) { + $dirTime = $fileTime = $fileName = $fileType = $ip = ''; + if (count ($dirLink) != 0) { + $dirTime = $dirLink ['upload_date'].date (" Y-m-d H:i:s", $dirLink ['upload_date']); + $ip = $dirLink ['ip']; + } if (!$sender) return; - return file_exists (VAR_FAKE.$sender); + if (count ($fileLink) != 0) { + $fileTime = $fileLink ['upload_date'].date (" Y-m-d H:i:s", $fileLink ['upload_date']); + $fileName = $link ['file_name']; + $fileType = $link ['mime_type']; + } + $content = + "time : ".time ().NL. + "date : ".date ("Y-m-d H:i:s").NL. + "error : ".$error.NL. + "sender : <".$sender.">".NL. + "owner : <".$owner.">".NL. + "dirLink : <".$dirLink.">".NL. + "dirTime : ".$dirTime.NL. + "dirIp : ".$ip.NL. + "fileTime: ".$fileTime.NL. + "fileType: <".$fileType.">".NL. + "fileName: <".$fileName.">".NL; + + $log = $ip.$sender; + if ($log) + file_put_contents (VAR_FAKE.$log, $content); + + // $doLogout = true; + // rmToken ($sender); +} +function getSenderFake ($sender) { + return false; + // return $sender && file_exists (VAR_FAKE.$sender); } // ======================================== @@ -594,7 +643,7 @@ if ($doDownload) { if (false) { - // log + // debug $message .= print_r ($archiveInfo, 1); $message .= print_r ($archiveContent, 1); @@ -622,30 +671,6 @@ if ($doDownload) { exit; } -// ======================================== -if (isset ($_REQUEST [A_RECORD]) && !empty ($_REQUEST [A_RECORD])) { - if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_RECORD])) - returnError (M_BAD_SENDER_NAME); - $content = getSenderTrack ($_REQUEST [A_RECORD]).NL; - header ('HTTP/1.0 200 OK'); - header ('Content-Length: ' . strlen ($content)); - header ('Content-Type: text/plain'); - echo $content; - exit; -} - -// ======================================== -if (isset ($_REQUEST [A_PERIOD]) && !empty ($_REQUEST [A_PERIOD])) { - if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_PERIOD])) - returnError (M_BAD_SENDER_NAME); - $content = getSenderPeriod ($_REQUEST [A_PERIOD]).NL; - header ('HTTP/1.0 200 OK'); - header ('Content-Length: ' . strlen ($content)); - header ('Content-Type: text/plain'); - echo $content; - exit; -} - // ======================================== // form $token = ''; @@ -657,7 +682,7 @@ if (isset ($_REQUEST [A_TOKEN]) && !empty ($_REQUEST [A_TOKEN])) { $refToken = getToken ($sender); $urlBase = $_SERVER ['HTTP_X_FORWARDED_PROTO']."://".$_SERVER ['HTTP_HOST']; -if (isset ($_REQUEST [A_ACTION]) && $_REQUEST [A_ACTION] == T_SEND && $sender) { +if (isset ($_REQUEST [A_ACTION]) && $_REQUEST [A_ACTION] == T_LOGIN && $sender) { require (JIRAFEAU_ROOT . 'lib/template/header.php'); if (getSenderFake ($sender)) echo "Ce compte ne peut plus se connecter. Veuillez contacter les administrateurs."; @@ -707,7 +732,7 @@ if (! ($sender && $token && $token == $refToken && - + @@ -739,9 +764,8 @@ function deleteAction ($linkName) { if (! count ($archiveInfo)) return; if ($sender != $archiveInfo [T_SENDER]) { - setSenderFake ("rmdir: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, $dirTime, null, null); + setSenderFake ("rmdir: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, null); $message .= "Tentative de supprimer un envoi dont vous n'êtes pas le propriétaire"; - $doLogout = true; return; } $fileToDelete = false; @@ -752,11 +776,10 @@ function deleteAction ($linkName) { continue; $fileTime = $fileLink ['upload_date']; if (! valideTime ($dirTime, $fileTime)) { - setSenderFake ("rmdir: newfile not same time", $sender, null, $dirLink, $dirTime, $fileLink ['file_name'], $fileTime); + setSenderFake ("rmdir: newfile not same time", $sender, null, $dirLink, $fileLink); $message .= "Cet envoi a été forgée". str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"], [$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES); - //$doLogout = true; return; } $fileToDelete = true; @@ -827,22 +850,20 @@ function deleteAction ($linkName) { $message .= "."; break; } - setSenderFake ("rm: dir not same time", $sender, null, $dirLink, $dirTime, $fileLink ['file_name'], $fileTime); + setSenderFake ("rm: dir not same time", $sender, null, $dirLink, $fileLink); $message .= "Cet envoi a été forgée. ". str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"], [$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES); - //$dologout = true; break; } if (valideTime ($dirTime, $fileTime)) { - setSenderFake ("rm: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, $dirTime, $fileLink ['file_name'], $fileTime); + setSenderFake ("rm: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, $fileLink); $message .= "Tentative de supprimer un envoi dont vous n'êtes pas le propriétaire.". str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"], [$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES); - //$doLogout = true; break; } - setSenderFake ("rm: find not owner", $archiveInfo [T_SENDER], $sender, $dirLink, $dirTime, $fileLink ['file_name'], $fileTime); + setSenderFake ("rm: find not owner", $archiveInfo [T_SENDER], $sender, $dirLink, $fileLink); $message .= "Quelqu'un avétait revandiqué cet envoi. (".$sender." != ".$archiveInfo [T_SENDER].")"; break; } @@ -1087,72 +1108,3 @@ require (JIRAFEAU_ROOT.'lib/template/footer.php'); exit; // ======================================== -// // $count = count ($lines)-1; -// // $content = ''; -// // for ($i = 0; $i < $count; $i++) -// // $content .= $lines [$i]; -// // if (isset ($archive [T_SIGN]) && $archive [T_SIGN] == md5 ($content)) -// // return $archive; -// // $message .= "bad signature 
".print_r ($lines, 1)."
"; -// // return []; - -// function getSecret () { -// if (!file_exists (VAR_PRIVATE."secret")) { -// mkdir (VAR_PERIOD, 0700); -// for ($s = '', $i = 0, $z = strlen ($a = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789')-1; -// $i != 32; -// $x = rand (0, $z), $s .= $a{$x}, $i++); -// file_put_contents (VAR_PRIVATE."secret", $s.NL); -// } -// return trim (file (VAR_PERIOD."secret")); -// } -// function crea-teArchive ($archive, $key, $maxtime, $ip) { -// if (!count ($archive)) -// return; -// $content = T_ID.': '.time (); -// if (isset ($archive [T_TIME])) -// $content .= "time: ".$archive [T_TIME].NL; -// if (isset ($archive [T_SENDER])) -// $content .= "src: ".$archive [T_SENDER].NL; -// foreach ([T_OLD, T_NEW] as $cat) -// if (isset ($archiveInfo [$cat])) -// foreach ($archiveInfo [$cat] as [$linkName, $cryptKey]) -// $content .= $cat.": ".$linkName." ".$cryptKey; -// $content .= T_SIGN.": ".md5 ($content).NL; -// $tmpFileName = tempnam (sys_get_temp_dir (), date ("newArchive-Ymd-H:i:s")."-"); -// file_put_contents ($tmpFileName, $content); - -// $file ['name'] = $tmpFileName; -// $file ['tmp_name'] = T_ARCHIVE_TITLE; -// $file ['error'] = UPLOAD_ERR_OK; -// $file ['type'] = T_ARCHIVE_MIME; -// $file ['size'] = filesize ($file ['tmp_name']); - -// $res = jirafeau_upload ( -// $file, -// false, -// $key, -// $maxtime, -// $ip, -// $cfg ['enable_crypt'], -// $cfg ['link_name_length'], -// $cfg ['file_hash'] -// ); -// unlink ($tmpFileName); -// } -// function checkNewArchive ($archive) { -// if (isset ($archiveInfo [T_NEW])) -// foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) { -// $fileLink = jirafeau_get_link ($fileName); -// if (! count ($link)) -// return false; -// //upload_date -// } - -// // all new never download -// // all new mtime < 60s -// } -// function checkReadArchive ($archive) { -// // md5 -// } -?> diff --git a/src/bash/filter.sh b/src/bash/filter.sh index 3ffc464..5957929 100644 --- a/src/bash/filter.sh +++ b/src/bash/filter.sh @@ -105,7 +105,7 @@ mkdir -p "${REP_PIECE_JOINTE}/" >"${ARCHIVE_CONTENT}" # Etape de rafraichissement des anciens fichiers inclus -echo -e "time: ${DATE_TEMPS}\nid: $(date +%s)" > "${ARCHIVE_CONTENT}" +echo "time: ${DATE_TEMPS}\nid: $(date +%s)" > "${ARCHIVE_CONTENT}" [ -n "${TRACK}" ] && echo "sender: ${MAIL_SOURCE}" >> "${ARCHIVE_CONTENT}" LOG_FIC "${SHRINK_CMD} -u \"${INSPECT_DIR}/in.$$\" 2>> \"${FIC_LOG}\" > \"${OLD_LINKS}\"" @@ -163,7 +163,7 @@ LOG_FIC "${SHRINK_CMD} -s ${MAX_KEEP_IN_MAIL} -d ${REP_PIECE_JOINTE} ${INSPECT_D done # Création de l'archive NB_ATTACH=$(grep -e "^old: " -e "^new: " "${ARCHIVE_CONTENT}" | wc -l) - if [ -n "${TRACK}" ] || [ "${NB_ATTACH}" -gt 1 ]; then + if [ \( -n "${TRACK}" -a "${NB_ATTACH}" -gt 0 \) -o "${NB_ATTACH}" -gt 1 ]; then PASSWORD=$(apg -n 1 -m 12) PASSWORD_MD5=$(echo -n ${PASSWORD} | ${MD5_CMD} | cut -d \ -f 1) LOG_FIC " - \"${JIRAFEAU_CMD}\" -f \"${JIRAFEAU_LOCAL}\" -s \"${MAX_UPLOAD_SIZE}\" -c \"${ARCHIVE_MIME}\" -n \"${ARCHIVE_TITLE}\" send \"${ARCHIVE_CONTENT}\" \"${PASSWORD}\" 2>> \"${FIC_LOG}\" > \"${ONE_LINK}\""