Example #1
0
/**
 * BoZoN share page:
 * handles a user share request
 * @author: Bronco (bronco@warriordudimanche.net)
 **/
$id = strip_tags($_GET['f']);
$f = id2file($id);
# complete filepath including profile folder
if (!empty($f)) {
    set_time_limit(0);
    store_access_stat($f, $id);
    # password mode
    if (isset($_POST['password'])) {
        # the file id is a md5 password.original id
        $blured = blur_password($_POST['password']);
        $sub_id = str_replace($blured, '', $id);
        # here we try to recover the original id to compare
    }
    if (strlen($id) > 23 && !isset($_POST['password'])) {
        require THEME_PATH . '/header.php';
        echo '<div class="lock"><img src="' . THEME_PATH . '/img/locked_big.png"/>
				<form action="index.php?f=' . $id . '" method="post">
					<label>' . e('This share is protected, please type the correct password:'******'</label><br/>
					<input type="password" name="password" class="npt"/>
					<input type="submit" value="Ok" class="btn red"/>
				</form>
				</div>
				';
        require THEME_PATH . '/footer.php';
    } else {
Example #2
0
    $id = strip_tags($_GET['f']);
    $f = id2file($id);
    store_access_stat($f, $id);
    if (!empty($f)) {
        # password mode
        if (strlen($id) > 23 && !isset($_POST['password'])) {
            $message = '<div class="lock"><img src="img/locked_big.png"/>
				<form action="index.php?f=' . $id . '" method="post">
					<label>' . e('This share is protected, please type the correct password:'******'</label><br/>
					<input type="password" name="password" class="button red"/>
					<input type="submit" value="Ok" class="button"/>
				</form>
				</div>
				';
        } else {
            if (!isset($_POST['password']) || isset($_POST['password']) && blur_password($_POST['password']) == $id) {
                if (isset($_GET['thumbs'])) {
                    $f = get_thumbs_name($f);
                } else {
                    $f = $_SESSION['upload_path'] . $f;
                }
                # normal mode or access granted
                if ($f && is_file($f)) {
                    # file request => return file according to $behaviour var (see core.php)
                    $type = _mime_content_type($f);
                    $ext = strtolower(pathinfo($f, PATHINFO_EXTENSION));
                    if (is_in($ext, 'FILES_TO_ECHO') !== false) {
                        echo '<pre>' . htmlspecialchars(file_get_contents($f)) . '</pre>';
                    } else {
                        if (is_in($ext, 'FILES_TO_RETURN') !== false) {
                            header('Content-type: ' . $type . '; charset=utf-8');
Example #3
0
    $file_list = array();
    foreach ($_POST['item'] as $key => $item) {
        $file_list[] = id2file($item);
    }
    if (!is_dir($_SESSION['temp_folder'])) {
        mkdir($_SESSION['temp_folder']);
    }
    zip($file_list, $zipfile);
    header('location: ' . $zipfile);
    exit;
}
# Lock folder with password
if (!empty($_POST['pass']) && !empty($_POST['id']) && !empty($_POST['confirm']) && is_owner($_POST['id']) && $_POST['confirm'] == $_POST['pass']) {
    $id = $_POST['id'];
    $file = id2file($id);
    $password = blur_password($_POST['pass']);
    # turn normal share id into password hashed id
    $ids = unstore();
    unset($ids[$id]);
    $ids[$password . $id] = $file;
    store($ids);
    header('location:index.php?p=admin&token=' . TOKEN);
    exit;
}
# Handle folder share with users
if (!empty($_POST['share']) && is_owner($_POST['share'])) {
    $folder_id = $_POST['share'];
    $users = $auto_restrict['users'];
    unset($users[$_SESSION['login']]);
    $shared_with = load_folder_share();
    $sent = array_flip($_POST['users']);