function json_root($path = null)
{
$cryt = new SimpleCrypt();
$mounted_path_decrypted = $cryt->decrypt(base64_decode($_GET["mounted-path"]));
$source_path = $_GET["browse-tree"];
$mountedpath = $_GET["mounted-path"];
$path_requested = $_POST["dir"];
$path_requested = str_replace('//', '/', $path_requested);
$tpl = new templates();
$settings = $tpl->_ENGINE_parse_body('{settings}');
$directory = $tpl->_ENGINE_parse_body('{directory}');
writelogs("Requested {$path_requested} ({$source_path} on {$mounted_path_decrypted}))", __FUNCTION__, __FILE__);
$array = DirCaches($source_path, $mounted_path_decrypted);
$page = CurrentPageName();
if ($path_requested != $source_path) {
writelogs("{$path_requested}<>{$source_path}", __FUNCTION__, __FILE__);
if (substr($path_requested, strlen($path_requested) - 1, 1) == '/') {
writelogs("strip slash of {$path_requested}", __FUNCTION__, __FILE__);
$path_requested = substr($path_requested, 0, strlen($path_requested) - 1);
}
$path_requested = str_replace($source_path, '', $path_requested);
if (substr($path_requested, 0, 1) == '/') {
$path_requested = substr($path_requested, 1, strlen($path_requested));
}
writelogs("path_requested={$path_requested}", __FUNCTION__, __FILE__);
writelogs("DirSubCaches({$source_path},{$path_requested},{$mounted_path_decrypted})", __FUNCTION__, __FILE__);
$path = DirSubCaches($source_path, $path_requested, $mounted_path_decrypted);
} else {
if (is_array($array)) {
while (list($num, $line) = each($array)) {
$path_array = explode('/', $num);
$path[$path_array[0]] = $path_array[0];
}
$newpath = "P:";
}
}
if (!is_array($path)) {
return null;
}
echo "<ul class=\"jqueryFileTree\" style=\"display: none;\">";
echo "<li class=\"file ext_settings\"><a href=\"#\" rel=\"" . htmlentities($_POST['dir']) . "\">" . htmlentities("{$directory} " . basename($_POST['dir']) . " - {$settings}") . "</a></li>";
while (list($num, $val) = each($path)) {
if (trim($val) != null) {
writelogs($val);
echo "<li class=\"directory collapsed\"><a href=\"#\" rel=\"" . htmlentities($_POST['dir'] . '/' . $val) . "/\">" . htmlentities($val) . "</a></li>";
}
}
if (!is_array($arr)) {
return null;
}
$res = implode("\n", $arr);
if (substr($res, strlen($res) - 1, 1) == ',') {
$res = substr($res, 0, strlen($res) - 1);
}
}
public static function encodeCssId($id)
{
return SimpleCrypt::crypt($id);
}
/**
* Encrypt the value before storing it in the database
*/
public function GetSQLValues($value)
{
$oSimpleCrypt = new SimpleCrypt();
$encryptedValue = $oSimpleCrypt->Encrypt(self::$sKey, $value);
$aValues = array();
$aValues[$this->Get("sql")] = $encryptedValue;
return $aValues;
}
function dowloadfile(){
if(!isset($_GET["xapian-file"])){return;}
if(($_COOKIE["uid"]==null) OR ($_COOKIE["uid"]==-100)){
$ldap=new clladp();
$pass=$ldap->ldap_password;
}else{
$ct=new user($_COOKIE["uid"]);
$pass=$ct->password;
}
$cr=new SimpleCrypt($pass);
$crypted=base64_decode($_GET["xapian-file"]);
$path=$cr->decrypt(base64_decode($_GET["xapian-file"]));
writelogs("Receive crypted file: $path ",__FUNCTION__,__FILE__,__LINE__);
if(!is_file($path)){die();}
if(strpos($path,'..')>0){die('HACK: ..');}
$file=basename($path);
$sock=new sockets();
$content_type=base64_decode($sock->getFrameWork("cmd.php?mime-type=".base64_encode($path)));
header('Content-type: '.$content_type);
header('Content-Transfer-Encoding: binary');
header("Content-Disposition: attachment; filename=\"$file\"");
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date dans le passé
$fsize = filesize($path);
header("Content-Length: ".$fsize);
ob_clean();
flush();
readfile($path);
}
function download_file()
{
$ldap = new clladp();
$cr = new SimpleCrypt($ldap->ldap_password);
$path = $cr->decrypt(base64_decode($_GET["download-file"]));
$file = basename($path);
$sock = new sockets();
$datas = base64_decode($sock->getFrameWork("cmd.php?file-content=" . base64_encode($path)));
$content_type = base64_decode($sock->getFrameWork("cmd.php?mime-type=" . base64_encode($path)));
header('Content-Type: ' . $content_type);
header("Content-Disposition: inline; filename=\"{$file}\"");
echo $datas;
}
/**
* Computes the hashed version of a password using a unique salt
* for this password. A unique salt is generated if needed
* @return string
*/
protected function ComputeHash($sClearTextPwd)
{
if ($this->m_sSalt == null) {
$this->m_sSalt = SimpleCrypt::GetNewSalt();
}
return hash('sha256', $this->m_sSalt . $sClearTextPwd);
}
<?php
include_once 'ressources/class.sockets.inc';
include_once 'ressources/logs.inc';
include_once 'ressources/class.crypt.php';
include_once 'ressources/class.user.inc';
if (isset($_GET["path"])) {
$sock = new sockets();
if (strpos($_GET["path"], '..') > 0) {
die('HACK: ..');
}
$path = "{$_GET["org"]}/{$_GET["path"]}";
$sock->download_attach($path, $_GET["file"]);
}
if (isset($_GET["xapian-file"])) {
if ($_SESSION["uid"] == null) {
die;
}
$ct = new user($_SESSION["uid"]);
$crypt = new SimpleCrypt($ct->password);
$sock = new sockets();
$sock->download_srvfile($crypt->decrypt($_GET["xapian-file"]));
}
$fsize = filesize($path);
header("Content-Length: " . $fsize);
ob_clean();
flush();
readfile($path);
//$sock->download_attach($path,$_GET["file"]);
}
if (isset($_GET["xapian-file"])) {
if ($_SESSION["uid"] == null or $_SESSION["uid"] == -100) {
$ldap = new clladp();
$pass = $ldap->ldap_password;
} else {
$ct = new user($_SESSION["uid"]);
$pass = $ct->password;
}
$cr = new SimpleCrypt($pass);
$crypted = base64_decode($_GET["xapian-file"]);
$path = $cr->decrypt(base64_decode($_GET["xapian-file"]));
writelogs("Receive crypted file: {$path} ", __FUNCTION__, __FILE__, __LINE__);
if (!is_file($path)) {
die;
}
if (strpos($path, '..') > 0) {
die('HACK: ..');
}
$file = basename($path);
$sock = new sockets();
$content_type = base64_decode($sock->getFrameWork("cmd.php?mime-type=" . base64_encode($path)));
header('Content-type: ' . $content_type);
header('Content-Transfer-Encoding: binary');
header("Content-Disposition: attachment; filename=\"{$file}\"");
function FormatResponse($ligne, $users, $pass)
{
$f = new filesClass();
$crypt = new SimpleCrypt($pass);
$uri = "<a href=\"download.attach.php?xapian-file=" . $crypt->encrypt($ligne["PATH"]) . "\">";
$text_deco = "text-decoration:underline";
if (!$users->AllowXapianDownload) {
$text_deco = null;
}
$ligne["PATH"] = str_replace("'", '`', $ligne["PATH"]);
$title = substr($ligne["DATA"], 0, 60);
$title = "{$uri}<span style='color:#0000CC;{$text_deco};font-size:medium'>{$ligne["PERCENT"]}% {$title}</span></a>";
$body = $ligne["DATA"];
$body = wordwrap($body, 100, "<br />\n");
$img = "img/file_ico/unknown.gif";
$file = basename($ligne["PATH"]);
$ext = $f->Get_extension(strtolower($file));
if (is_file("img/file_ico/{$ext}.gif")) {
$img = "img/file_ico/{$ext}.gif";
}
$html = "\n\t\n\t<table style='width:99%;margin-top:6px'>\n\t<tr>\n\t\t<td>\n\t\t<table style='width:100%'>\n\t\t<tr>\n\t\t\t<td valign='top' width=1%><img src='{$img}'></td>\n\t\t\t<td valign='top' width=1%>" . imgtootltip("folderopen.gif", "{path}:{$ligne["PATH"]}<br>{size}:{$ligne["SIZE"]}<br>{date}:{$ligne["TIME"]}") . "</td>\n\t\t\t<td valing='top'>{$title}</td>\n\t\t</tr>\n\t\t</table>\n\t</tr>\n\t<tr>\n\t<td><span style='font-size:small;color:#676767;'>« <strong>{$file}</strong> » - {$ligne["TIME"]}</span></td>\n\t</tr>\n\t<tr>\n\t<td style='font-size:11px;'>{$body}</td>\n\t</tr>\n\t<tr>\n\t<td style='font-size:small;color:green;' align='left'>{$ligne["TYPE"]} ({$ligne["SIZE"]})</td>\n\t</tr>\t\n\t</table>\n\t";
return $html;
}
function download_file(){
$ldap=new clladp();
$cr=new SimpleCrypt($ldap->ldap_password);
$path=$cr->decrypt(base64_decode($_GET["download-file"]));
$file=basename($path);
$sock=new sockets();
$content_type=base64_decode($sock->getFrameWork("cmd.php?mime-type=".urlencode(base64_encode($path))));
header('Content-type: '.$content_type);
header('Content-Transfer-Encoding: binary');
header("Content-Disposition: attachment; filename=\"$file\"");
header("Pragma: public");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date dans le passé
$fsize = filesize($path);
header("Content-Length: ".$fsize);
ob_clean();
flush();
readfile($path);
}