header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $expires) . ' GMT');
}
}
// Initialize the vars
$type = '';
$file = '';
// Read the type var
if (isset($_GET['t']) && !empty($_GET['t']) && preg_match('/^(css|stylesheets|js|javascripts|img|images|snd|sounds|fonts|store)$/', $_GET['t'])) {
$type = $_GET['t'];
}
// Read the files var
if (isset($_GET['f']) && !empty($_GET['f']) && isSafe($_GET['f'])) {
$file = $_GET['f'];
}
// Read the group var (only for text files)
if (isset($_GET['g']) && !empty($_GET['g']) && preg_match('/^(\\S+)\\.xml$/', $_GET['g']) && preg_match('/^(css|stylesheets|js|javascripts)$/', $type) && isSafe($_GET['g']) && file_exists(JAPPIX_BASE . '/app/bundles/' . $_GET['g'])) {
$xml_data = file_get_contents(JAPPIX_BASE . '/app/bundles/' . $_GET['g']);
// Any data?
if ($xml_data) {
$xml_read = new SimpleXMLElement($xml_data);
$xml_parse = $xml_read->{$type};
// Files were added to the list before (with file var)?
if ($file) {
$file .= '~' . $xml_parse;
} else {
$file = $xml_parse;
}
}
}
// We check if the data was submitted
if ($file && $type) {
function removeElements()
{
// Initialize the match
$elements_removed = false;
$elements_remove = array();
// Try to get the elements to remove
foreach ($_POST as $post_key => $post_value) {
// Is a safe file?
if (preg_match('/^element_(.+)$/i', $post_key) && isSafe($post_value)) {
// Update the marker
$elements_removed = true;
// Get the real path
$post_element = JAPPIX_BASE . '/store/' . $post_value;
// Remove the current element
if (is_dir($post_element)) {
removeDir($post_element);
} else {
if (file_exists($post_element)) {
unlink($post_element);
}
}
}
}
// Show a notification message
if ($elements_removed) {
echo '<p class="info smallspace success">' . T_("The selected elements have been removed.") . '</p>';
} else {
echo '<p class="info smallspace fail">' . T_("You must select elements to remove!") . '</p>';
}
}
// Not allowed for a special node
if (isStatic()) {
exit;
}
// Action on an existing file
if (isset($_GET['id']) && !empty($_GET['id'])) {
$file_id = $_GET['id'];
$file_path = JAPPIX_BASE . '/tmp/send/' . $file_id;
// Get file name
if (isset($_GET['name']) && !empty($_GET['name'])) {
$file_name = $_GET['name'];
} else {
$file_name = $file_id;
}
// Hack?
if (!isSafe($file_id)) {
header('Status: 406 Not Acceptable', true, 406);
exit('HTTP/1.1 406 Not Acceptable');
}
// File does not exist
if (!file_exists($file_path)) {
header('Status: 404 Not Found', true, 404);
exit('HTTP/1.1 404 Not Found');
}
// Remove a file
if (isset($_GET['action']) && $_GET['action'] == 'remove') {
header('Status: 204 No Content', true, 204);
unlink($file_path);
exit('File Removed.');
}
// Receive a file
header('Cache-Control: maxage=' . $expires);
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $expires) . ' GMT');
}
// Initialize the vars
$type = '';
$file = '';
// Read the type var
if (isset($_GET['t']) && !empty($_GET['t']) && preg_match('/^(css|js|img|snd|store)$/', $_GET['t'])) {
$type = $_GET['t'];
}
// Read the files var
if (isset($_GET['f']) && !empty($_GET['f']) && isSafe($_GET['f'])) {
$file = $_GET['f'];
}
// Read the group var (only for text files)
if (isset($_GET['g']) && !empty($_GET['g']) && preg_match('/^(\\S+)\\.xml$/', $_GET['g']) && preg_match('/^(css|js)$/', $type) && isSafe($_GET['g']) && file_exists('../xml/' . $_GET['g'])) {
$xml_data = file_get_contents('../xml/' . $_GET['g']);
// Any data?
if ($xml_data) {
$xml_read = new SimpleXMLElement($xml_data);
$xml_parse = $xml_read->{$type};
// Files were added to the list before (with file var)?
if ($file) {
$file .= '~' . $xml_parse;
} else {
$file = $xml_parse;
}
}
}
// We check if the data was submitted
if ($file && $type) {
if (HOST_UPLOAD) {
$location = HOST_UPLOAD . '/';
} else {
$location = $_POST['location'];
}
// Get the file new name
$ext = getFileExt($filename);
$new_name = preg_replace('/(^)(.+)(\\.)(.+)($)/i', '$2', $filename);
// Define some vars
$content_dir = JAPPIX_BASE . '/store/share/' . $user;
$security_file = $content_dir . '/index.html';
$name = sha1_file($tmp_filename);
$path = $content_dir . '/' . $name . '.' . $ext;
$thumb_xml = '';
// Forbidden file?
if (!isSafe($user) || !isSafeAllowed($filename) || !isSafeAllowed($name . '.' . $ext)) {
exit('<jappix xmlns=\'jappix:file:post\'>
<error>forbidden-type</error>
</jappix>');
}
// Create the user directory
if (!is_dir($content_dir)) {
mkdir($content_dir, 0777, true);
chmod($content_dir, 0777);
}
// Create (or re-create) the security file
if (!file_exists($security_file)) {
file_put_contents($security_file, securityHTML(), LOCK_EX);
}
// Not already there? (sometimes users upload same file twice, no need to compute it 2 times)
$file_first_upload = !file_exists($path);
*/
// PHP base
define('JAPPIX_BASE', '..');
// Get the needed files
require_once './functions.php';
require_once './read-main.php';
require_once './read-hosts.php';
// Optimize the page rendering
hideErrors();
compressThis();
// Not allowed for a special node
if (isStatic() || isUpload()) {
exit;
}
// Send the HTML file to be downloaded
if (isset($_GET['id']) && !empty($_GET['id']) && isSafe($_GET['id'])) {
// We define the variables
$filename = $_GET['id'];
$content_dir = '../store/logs/';
$filepath = $content_dir . $filename . '.html';
// We set special headers
header("Content-disposition: attachment; filename=\"{$filename}.html\"");
header("Content-Type: application/force-download");
header("Content-Transfer-Encoding: text/html\n");
header("Content-Length: " . filesize($filepath));
header("Pragma: no-cache");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0, public");
header("Expires: 0");
readfile($filepath);
// We delete the stored log file
unlink($filepath);
/*
Jappix - An open social platform
This is the design configuration POST handler (manager)
-------------------------------------------------
License: AGPL
Author: Valérian Saliou
*/
// Someone is trying to hack us?
if (!defined('JAPPIX_BASE')) {
exit;
}
// Handle the remove GET
if (isset($_GET['k']) && !empty($_GET['k'])) {
$kill_logo = JAPPIX_BASE . '/store/logos/' . $_GET['k'] . '.png';
if (isSafe($kill_logo) && file_exists($kill_logo)) {
unlink($kill_logo);
echo '<p class="info smallspace success">' . T_("The selected elements have been removed.") . '</p>';
}
} else {
if (isset($_POST['remove'])) {
removeElements();
} else {
if (isset($_POST['logo_upload'])) {
// Avoid errors
$logos_arr_1_name = $logos_arr_1_tmp = $logos_arr_2_name = $logos_arr_2_tmp = $logos_arr_3_name = $logos_arr_3_tmp = $logos_arr_4_name = $logos_arr_4_tmp = '';
if (isset($_FILES['logo_own_1_location'])) {
$logos_arr_1_name = $_FILES['logo_own_1_location']['name'];
$logos_arr_1_tmp = $_FILES['logo_own_1_location']['tmp_name'];
}
if (isset($_FILES['logo_own_2_location'])) {
// Add the music title
$name_music .= $_POST['music_title'];
// Add the album name?
if (isset($_POST['music_album']) && !empty($_POST['music_album'])) {
// Add a form var
$music_album = $_POST['music_album'];
// Add the current POST var to the global string
$name_music .= ' [' . $_POST['music_album'] . ']';
}
// Add the extension
$name_music .= '.' . $ext_music;
}
// Music path with new name
$path_music = JAPPIX_BASE . '/store/music/' . $name_music;
// An error occured?
if (!isSafe($name_music) || $_FILES['music_file']['error'] || !move_uploaded_file($temp_music, $path_music)) {
?>
<p class="info smallspace fail"><?php
_e("The music could not be received, please retry!");
?>
</p>
<?php
} else {
if (!preg_match('/^(.+)(\\.(og(g|a)|mp3|wav))$/i', $name_music)) {
// Remove the image file
if (file_exists($path_music)) {
unlink($path_music);
}
?>
*/
// Someone is trying to hack us?
if (!defined('JAPPIX_BASE')) {
exit;
}
// Handle the remove POST
if (isset($_POST['remove'])) {
removeElements();
} else {
if (isset($_POST['upload'])) {
// Get the file path
$name_background_image = $_FILES['background_image_upload']['name'];
$temp_background_image = $_FILES['background_image_upload']['tmp_name'];
$path_background_image = JAPPIX_BASE . '/store/backgrounds/' . $name_background_image;
// An error occured?
if (!isSafe($name_background_image) || $_FILES['background_image_upload']['error'] || !move_uploaded_file($temp_background_image, $path_background_image)) {
?>
<p class="info smallspace fail"><?php
_e("The image could not be received, would you mind retry?");
?>
</p>
<?php
} else {
if (!isImage($name_background_image)) {
// Remove the image file
if (file_exists($path_background_image)) {
unlink($path_background_image);
}
?>
function isSafeAllowed($path)
{
return isSafe($path) && isAllowedExt($path);
}
function getFiles($h, $l, $t, $g, $f)
{
// Define the good path to the Get API
if (hasStatic()) {
$path_to = HOST_STATIC . '/';
} else {
$path_to = JAPPIX_BASE . '/';
}
if (!multiFiles()) {
$values = array();
if ($h) {
$values[] = 'h=' . $h;
}
if ($l) {
$values[] = 'l=' . $l;
}
if ($t) {
$values[] = 't=' . $t;
}
if ($g) {
$values[] = 'g=' . $g;
}
if ($f) {
$values[] = 'f=' . $f;
}
return $path_to . 'php/get.php?' . implode('&', $values);
}
if ($g && !empty($g) && preg_match('/^(\\S+)\\.xml$/', $g) && preg_match('/^(css|js)$/', $t) && isSafe($g) && file_exists('xml/' . $g)) {
$xml_data = file_get_contents('xml/' . $g);
// Any data?
if ($xml_data) {
$xml_read = new SimpleXMLElement($xml_data);
$xml_parse = $xml_read->{$t};
// Files were added to the list before (with file var)?
if ($f) {
$f .= '~' . $xml_parse;
} else {
$f = $xml_parse;
}
}
}
// Explode the f string
if (strpos($f, '~') != false) {
$array = explode('~', $f);
} else {
$array = array($f);
}
$a = array();
foreach ($array as $file) {
$a[] = $path_to . $t . '/' . $file;
}
if (count($a) == 1) {
return $a[0];
}
return $a;
}
$tmp_filename = $_FILES['file']['tmp_name'];
$filename = $_FILES['file']['name'];
// Get the location
if (HOST_UPLOAD) {
$location = HOST_UPLOAD;
} else {
$location = $_POST['location'];
}
// Get the file new name
$ext = getFileExt($filename);
$new_name = preg_replace('/(^)(.+)(\\.)(.+)($)/i', '$2', $filename);
// Define some vars
$name = sha1(time() . $filename);
$path = JAPPIX_BASE . '/store/send/' . $name . '.' . $ext;
// Forbidden file?
if (!isSafe($filename) || !isSafe($name . '.' . $ext)) {
exit('<jappix xmlns=\'jappix:file:send\'>
<error>forbidden-type</error>
<id>' . htmlspecialchars($_POST['id']) . '</id>
</jappix>');
}
// File upload error?
if (!is_uploaded_file($tmp_filename) || !move_uploaded_file($tmp_filename, $path)) {
exit('<jappix xmlns=\'jappix:file:send\'>
<error>move-error</error>
<id>' . htmlspecialchars($_POST['id']) . '</id>
</jappix>');
}
// Return the path to the file
exit('<jappix xmlns=\'jappix:file:send\'>
<url>' . htmlspecialchars($location . 'php/send.php?id=' . urlencode($name) . '.' . urlencode($ext) . '&name=' . urlencode($filename)) . '</url>
header('Content-Type: text/xml; charset=utf-8');
// Everything is okay
if (isset($_FILES['file']) && !empty($_FILES['file']) && (isset($_POST['user']) && !empty($_POST['user'])) && (isset($_POST['location']) && !empty($_POST['location']))) {
// Get the user name
$user = $_POST['user'];
// Get the file name
$tmp_filename = $_FILES['file']['tmp_name'];
$filename = $_FILES['file']['name'];
// Get the location
if (HOST_UPLOAD) {
$location = HOST_UPLOAD;
} else {
$location = $_POST['location'];
}
// Forbidden file?
if (!isSafe($filename)) {
exit('<jappix xmlns=\'jappix:file:post\'>
<error>forbidden-type</error>
</jappix>');
}
// Get the file new name
$ext = getFileExt($filename);
$new_name = preg_replace('/(^)(.+)(\\.)(.+)($)/i', '$2', $filename);
// Define some vars
$content_dir = JAPPIX_BASE . '/store/share/' . $user;
$security_file = $content_dir . '/index.html';
$name = sha1(time() . $filename);
$path = $content_dir . '/' . $name . '.' . $ext;
$thumb_xml = '';
// Create the user directory
if (!is_dir($content_dir)) {