public function resetDownloadCounter($hash, $userId) { $data = $this->loadShare($hash); $repoId = $data["REPOSITORY"]; $repo = ConfService::getRepositoryById($repoId); if ($repo == null) { throw new Exception("Cannot find associated share"); } $this->testUserCanEditShare($repo->getOwner()); PublicletCounter::reset($hash); }
function switchAction($action, $httpVars, $fileVars) { if (!isset($this->actions[$action])) { return; } parent::accessPreprocess($action, $httpVars, $fileVars); $loggedUser = AuthService::getLoggedUser(); if (!ENABLE_USERS) { return; } if ($action == "edit") { if (isset($httpVars["sub_action"])) { $action = $httpVars["sub_action"]; } } $mess = ConfService::getMessages(); switch ($action) { //------------------------------------ // BASIC LISTING //------------------------------------ case "ls": $rootNodes = array("files" => array("LABEL" => $mess["ajxp_shared.3"], "ICON" => "html.png", "DESCRIPTION" => $mess["ajxp_shared.28"]), "repositories" => array("LABEL" => $mess["ajxp_shared.2"], "ICON" => "document_open_remote.png", "DESCRIPTION" => $mess["ajxp_shared.29"]), "users" => array("LABEL" => $mess["ajxp_shared.1"], "ICON" => "user_shared.png", "DESCRIPTION" => $mess["ajxp_shared.30"])); $dir = isset($httpVars["dir"]) ? $httpVars["dir"] : ""; $splits = explode("/", $dir); if (count($splits)) { if ($splits[0] == "") { array_shift($splits); } if (count($splits)) { $strippedDir = strtolower(urldecode($splits[0])); } else { $strippedDir = ""; } } if (array_key_exists($strippedDir, $rootNodes)) { AJXP_XMLWriter::header(); if ($strippedDir == "users") { $this->listUsers(); } else { if ($strippedDir == "repositories") { $this->listRepositories(); } else { if ($strippedDir == "files") { $this->listSharedFiles(); } } } AJXP_XMLWriter::close(); exit(1); } else { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendFilesListComponentConfig('<columns switchGridMode="filelist"><column messageId="ajxp_shared.8" attributeName="ajxp_label" sortType="String"/><column messageId="ajxp_shared.31" attributeName="description" sortType="String"/></columns>'); foreach ($rootNodes as $key => $data) { print '<tree text="' . $data["LABEL"] . '" icon="' . $data["ICON"] . '" filename="/' . $key . '" parentname="/" description="' . $data["DESCRIPTION"] . '" />'; } AJXP_XMLWriter::close(); } break; case "stat": header("Content-type:application/json"); print '{"mode":true}'; break; case "delete": $mime = $httpVars["ajxp_mime"]; $selection = new UserSelection(); $selection->initFromHttpVars(); $files = $selection->getFiles(); AJXP_XMLWriter::header(); foreach ($files as $index => $element) { $element = basename($element); if ($mime == "shared_repository") { $repo = ConfService::getRepositoryById($element); if (!$repo->hasOwner() || $repo->getOwner() != $loggedUser->getId()) { AJXP_XMLWriter::sendMessage(null, $mess["ajxp_shared.12"]); break; } else { $res = ConfService::deleteRepository($element); if ($res == -1) { AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.51"]); break; } else { if ($index == count($files) - 1) { AJXP_XMLWriter::sendMessage($mess["ajxp_conf.59"], null); AJXP_XMLWriter::reloadDataNode(); } } } } else { if ($mime == "shared_user") { $confDriver = ConfService::getConfStorageImpl(); $object = $confDriver->createUserObject($element); if (!$object->hasParent() || $object->getParent() != $loggedUser->getId()) { AJXP_XMLWriter::sendMessage(null, $mess["ajxp_shared.12"]); break; } else { $res = AuthService::deleteUser($element); if ($index == count($files) - 1) { AJXP_XMLWriter::sendMessage($mess["ajxp_conf.60"], null); AJXP_XMLWriter::reloadDataNode(); } } } else { if ($mime == "shared_file") { $publicletData = $this->loadPublicletData(PUBLIC_DOWNLOAD_FOLDER . "/" . $element . ".php"); if (isset($publicletData["OWNER_ID"]) && $publicletData["OWNER_ID"] == $loggedUser->getId()) { require_once INSTALL_PATH . "/server/classes/class.PublicletCounter.php"; PublicletCounter::delete($element); unlink(PUBLIC_DOWNLOAD_FOLDER . "/" . $element . ".php"); if ($index == count($files) - 1) { AJXP_XMLWriter::sendMessage($mess["ajxp_shared.13"], null); AJXP_XMLWriter::reloadDataNode(); } } else { AJXP_XMLWriter::sendMessage(null, $mess["ajxp_shared.12"]); break; } } } } } AJXP_XMLWriter::close(); break; case "clear_expired": $deleted = $this->clearExpiredFiles(); AJXP_XMLWriter::header(); if (count($deleted)) { AJXP_XMLWriter::sendMessage(sprintf($mess["ajxp_shared.23"], count($deleted) . ""), null); AJXP_XMLWriter::reloadDataNode(); } else { AJXP_XMLWriter::sendMessage($mess["ajxp_shared.24"], null); } AJXP_XMLWriter::close(); break; case "reset_download_counter": $selection = new UserSelection(); $selection->initFromHttpVars(); $elements = $selection->getFiles(); require_once INSTALL_PATH . "/server/classes/class.PublicletCounter.php"; foreach ($elements as $element) { PublicletCounter::reset(str_replace(".php", "", basename($element))); } AJXP_XMLWriter::header(); AJXP_XMLWriter::reloadDataNode(); AJXP_XMLWriter::close(); break; default: break; } return; }
public function switchAction($action, $httpVars, $fileVars) { if (!isset($this->actions[$action])) { return; } parent::accessPreprocess($action, $httpVars, $fileVars); $loggedUser = AuthService::getLoggedUser(); if (!AuthService::usersEnabled()) { return; } if ($action == "edit") { if (isset($httpVars["sub_action"])) { $action = $httpVars["sub_action"]; } } $mess = ConfService::getMessages(); switch ($action) { //------------------------------------ // BASIC LISTING //------------------------------------ case "ls": $rootNodes = array("files" => array("LABEL" => $mess["ajxp_shared.3"], "ICON" => "html.png", "DESCRIPTION" => $mess["ajxp_shared.28"]), "repositories" => array("LABEL" => $mess["ajxp_shared.2"], "ICON" => "document_open_remote.png", "DESCRIPTION" => $mess["ajxp_shared.29"]), "users" => array("LABEL" => $mess["ajxp_shared.1"], "ICON" => "user_shared.png", "DESCRIPTION" => $mess["ajxp_shared.30"])); $dir = isset($httpVars["dir"]) ? $httpVars["dir"] : ""; $splits = explode("/", $dir); if (count($splits)) { if ($splits[0] == "") { array_shift($splits); } if (count($splits)) { $strippedDir = strtolower(urldecode($splits[0])); } else { $strippedDir = ""; } } if (array_key_exists($strippedDir, $rootNodes)) { AJXP_XMLWriter::header(); if ($strippedDir == "users") { $this->listUsers(); } else { if ($strippedDir == "repositories") { $this->listRepositories(); } else { if ($strippedDir == "files") { $this->listSharedFiles(); } } } AJXP_XMLWriter::close(); } else { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendFilesListComponentConfig('<columns switchGridMode="filelist"><column messageId="ajxp_shared.8" attributeName="ajxp_label" sortType="String"/><column messageId="ajxp_shared.31" attributeName="description" sortType="String"/></columns>'); foreach ($rootNodes as $key => $data) { print '<tree text="' . $data["LABEL"] . '" icon="' . $data["ICON"] . '" filename="/' . $key . '" parentname="/" description="' . $data["DESCRIPTION"] . '" />'; } AJXP_XMLWriter::close(); } break; case "stat": header("Content-type:application/json"); print '{"mode":true}'; break; case "delete": $mime = $httpVars["ajxp_mime"]; $selection = new UserSelection(); $selection->initFromHttpVars($httpVars); $files = $selection->getFiles(); AJXP_XMLWriter::header(); foreach ($files as $index => $element) { $element = basename($element); $ar = explode("shared_", $mime); $mime = array_pop($ar); ShareCenter::deleteSharedElement($mime, $element, $loggedUser); if ($mime == "repository") { $out = $mess["ajxp_conf.59"]; } else { if ($mime == "user") { $out = $mess["ajxp_conf.60"]; } else { if ($mime == "file") { $out = $mess["ajxp_shared.13"]; } } } } AJXP_XMLWriter::sendMessage($out, null); AJXP_XMLWriter::reloadDataNode(); AJXP_XMLWriter::close(); break; case "clear_expired": $deleted = $this->clearExpiredFiles(); AJXP_XMLWriter::header(); if (count($deleted)) { AJXP_XMLWriter::sendMessage(sprintf($mess["ajxp_shared.23"], count($deleted) . ""), null); AJXP_XMLWriter::reloadDataNode(); } else { AJXP_XMLWriter::sendMessage($mess["ajxp_shared.24"], null); } AJXP_XMLWriter::close(); break; case "reset_download_counter": $selection = new UserSelection(); $selection->initFromHttpVars($httpVars); $elements = $selection->getFiles(); foreach ($elements as $element) { PublicletCounter::reset(str_replace(".php", "", basename($element))); } AJXP_XMLWriter::header(); AJXP_XMLWriter::reloadDataNode(); AJXP_XMLWriter::close(); break; default: break; } return; }
/** * Set the counter value to 0. * @param string $hash * @param string $userId * @throws Exception */ public function resetDownloadCounter($hash, $userId) { $data = $this->loadShare($hash); $repoId = $data["REPOSITORY"]; $repo = ConfService::getRepositoryById($repoId); if ($repo == null) { $mess = ConfService::getMessages(); throw new Exception(str_replace('%s', 'Cannot find associated repository', $mess["share_center.219"])); } $this->testUserCanEditShare($repo->getOwner(), $repo->options); PublicletCounter::reset($hash); }
/** Cypher the publiclet object data and write to disk. * @param Array $data The publiclet data array to write The data array must have the following keys: - DRIVER The driver used to get the file's content - OPTIONS The driver options to be successfully constructed (usually, the user and password) - FILE_PATH The path to the file's content - PASSWORD If set, the written publiclet will ask for this password before sending the content - ACTION If set, action to perform - USER If set, the AJXP user - EXPIRE_TIME If set, the publiclet will deny downloading after this time, and probably self destruct. * - AUTHOR_WATCH If set, will post notifications for the publiclet author each time the file is loaded * @param AbstractAccessDriver $accessDriver * @param Repository $repository * @return array An array containing the hash (0) and the generated url (1) */ public function writePubliclet(&$data, $accessDriver, $repository) { $downloadFolder = ConfService::getCoreConf("PUBLIC_DOWNLOAD_FOLDER"); if (!is_dir($downloadFolder)) { return "ERROR : Public URL folder does not exist!"; } if (!function_exists("mcrypt_create_iv")) { return "ERROR : MCrypt must be installed to use publiclets!"; } $this->initPublicFolder($downloadFolder); $data["PLUGIN_ID"] = $accessDriver->getId(); $data["BASE_DIR"] = $accessDriver->getBaseDir(); //$data["REPOSITORY"] = $repository; if (AuthService::usersEnabled()) { $data["OWNER_ID"] = AuthService::getLoggedUser()->getId(); } $storeCreds = false; if ($repository->getOption("META_SOURCES")) { $options["META_SOURCES"] = $repository->getOption("META_SOURCES"); foreach ($options["META_SOURCES"] as $metaSource) { if (isset($metaSource["USE_SESSION_CREDENTIALS"]) && $metaSource["USE_SESSION_CREDENTIALS"] === true) { $storeCreds = true; break; } } } if ($storeCreds || $accessDriver->hasMixin("credentials_consumer")) { $cred = AJXP_Safe::tryLoadingCredentialsFromSources(array(), $repository); if (isset($cred["user"]) && isset($cred["password"])) { $data["SAFE_USER"] = $cred["user"]; $data["SAFE_PASS"] = $cred["password"]; } } // Force expanded path in publiclet $copy = clone $repository; $copy->addOption("PATH", $repository->getOption("PATH")); $data["REPOSITORY"] = $copy; if ($data["ACTION"] == "") { $data["ACTION"] = "download"; } // Create a random key $data["FINAL_KEY"] = md5(mt_rand() . time()); // Cypher the data with a random key $outputData = serialize($data); // Hash the data to make sure it wasn't modified $hash = $this->computeHash($outputData, $downloadFolder); // md5($outputData); $outputData = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $hash, $outputData, MCRYPT_MODE_ECB)); $fileData = "<" . "?" . "php \n" . ' require_once("' . str_replace("\\", "/", AJXP_INSTALL_PATH) . '/publicLet.inc.php"); ' . "\n" . ' $id = str_replace(".php", "", basename(__FILE__)); ' . "\n" . ' $cypheredData = base64_decode("' . $outputData . '"); ' . "\n" . ' $inputData = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $id, $cypheredData, MCRYPT_MODE_ECB), "\\0"); ' . "\n" . ' if (!ShareCenter::checkHash($inputData, $id)) { header("HTTP/1.0 401 Not allowed, script was modified"); exit(); } ' . "\n" . ' // Ok extract the data ' . "\n" . ' $data = unserialize($inputData); ShareCenter::loadPubliclet($data); '; if (@file_put_contents($downloadFolder . "/" . $hash . ".php", $fileData) === FALSE) { return "Can't write to PUBLIC URL"; } @chmod($downloadFolder . "/" . $hash . ".php", 0755); PublicletCounter::reset($hash); $url = $this->buildPublicletLink($hash); $this->logInfo("New Share", array("file" => "'" . $copy->display . ":/" . $data['FILE_PATH'] . "'", "url" => $url, "expiration" => $data['EXPIRE_TIME'], "limit" => $data['DOWNLOAD_LIMIT'], "repo_uuid" => $copy->uuid)); AJXP_Controller::applyHook("node.share.create", array('type' => 'file', 'repository' => &$copy, 'accessDriver' => &$accessDriver, 'data' => &$data, 'url' => $url)); return array($hash, $url); }
/** Cypher the publiclet object data and write to disk. @param $data The publiclet data array to write The data array must have the following keys: - DRIVER The driver used to get the file's content - OPTIONS The driver options to be successfully constructed (usually, the user and password) - FILE_PATH The path to the file's content - PASSWORD If set, the written publiclet will ask for this password before sending the content - ACTION If set, action to perform - USER If set, the AJXP user - EXPIRE_TIME If set, the publiclet will deny downloading after this time, and probably self destruct. @return the URL to the downloaded file */ function writePubliclet($data) { if (!defined('PUBLIC_DOWNLOAD_FOLDER') || !is_dir(PUBLIC_DOWNLOAD_FOLDER)) { return "ERROR : Public URL folder does not exist!"; } if (!function_exists("mcrypt_create_iv")) { return "ERROR : MCrypt must be installed to use publiclets!"; } if ($data["PASSWORD"] && !is_file(PUBLIC_DOWNLOAD_FOLDER . "/allz.css")) { @copy(INSTALL_PATH . "/" . AJXP_THEME_FOLDER . "/css/allz.css", PUBLIC_DOWNLOAD_FOLDER . "/allz.css"); @copy(INSTALL_PATH . "/" . AJXP_THEME_FOLDER . "/images/actions/22/dialog_ok_apply.png", PUBLIC_DOWNLOAD_FOLDER . "/dialog_ok_apply.png"); @copy(INSTALL_PATH . "/" . AJXP_THEME_FOLDER . "/images/actions/16/public_url.png", PUBLIC_DOWNLOAD_FOLDER . "/public_url.png"); } if (!is_file(PUBLIC_DOWNLOAD_FOLDER . "/index.html")) { @copy(INSTALL_PATH . "/server/index.html", PUBLIC_DOWNLOAD_FOLDER . "/index.html"); } $data["PLUGIN_ID"] = $this->id; $data["BASE_DIR"] = $this->baseDir; $data["REPOSITORY"] = $this->repository; if (AuthService::usersEnabled()) { $data["OWNER_ID"] = AuthService::getLoggedUser()->getId(); } // Force expanded path in publiclet $data["REPOSITORY"]->addOption("PATH", $this->repository->getOption("PATH")); if ($data["ACTION"] == "") { $data["ACTION"] = "download"; } // Create a random key $data["FINAL_KEY"] = md5(mt_rand() . time()); // Cypher the data with a random key $outputData = serialize($data); // Hash the data to make sure it wasn't modified $hash = md5($outputData); // The initialisation vector is only required to avoid a warning, as ECB ignore IV $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); // We have encoded as base64 so if we need to store the result in a database, it can be stored in text column $outputData = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $hash, $outputData, MCRYPT_MODE_ECB, $iv)); // Okay, write the file: $fileData = "<" . "?" . "php \n" . ' require_once("' . str_replace("\\", "/", INSTALL_PATH) . '/publicLet.inc.php"); ' . "\n" . ' $id = str_replace(".php", "", basename(__FILE__)); ' . "\n" . ' $cypheredData = base64_decode("' . $outputData . '"); ' . "\n" . ' $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); ' . "\n" . ' $inputData = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $id, $cypheredData, MCRYPT_MODE_ECB, $iv)); ' . "\n" . ' if (md5($inputData) != $id) { header("HTTP/1.0 401 Not allowed, script was modified"); exit(); } ' . "\n" . ' // Ok extract the data ' . "\n" . ' $data = unserialize($inputData); AbstractAccessDriver::loadPubliclet($data); ?' . '>'; if (@file_put_contents(PUBLIC_DOWNLOAD_FOLDER . "/" . $hash . ".php", $fileData) === FALSE) { return "Can't write to PUBLIC URL"; } require_once INSTALL_PATH . "/server/classes/class.PublicletCounter.php"; PublicletCounter::reset($hash); if (defined('PUBLIC_DOWNLOAD_URL') && PUBLIC_DOWNLOAD_URL != "") { return rtrim(PUBLIC_DOWNLOAD_URL, "/") . "/" . $hash . ".php"; } else { $http_mode = !empty($_SERVER['HTTPS']) ? 'https://' : 'http://'; $fullUrl = $http_mode . $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']); return str_replace("\\", "/", $fullUrl . rtrim(str_replace(INSTALL_PATH, "", PUBLIC_DOWNLOAD_FOLDER), "/") . "/" . $hash . ".php"); } }
public function switchAction($action, $httpVars, $fileVars) { parent::accessPreprocess($action, $httpVars, $fileVars); if (!AuthService::usersEnabled()) { return; } if ($action == "edit") { if (isset($httpVars["sub_action"])) { $action = $httpVars["sub_action"]; } } $mess = ConfService::getMessages(); switch ($action) { //------------------------------------ // BASIC LISTING //------------------------------------ case "ls": $rootNodes = array("users" => array("LABEL" => $mess["user_dash.1"], "ICON" => "user_shared.png", "ICON-CLASS" => "icon-book", "DESCRIPTION" => $mess["user_dash.30"]), "files" => array("LABEL" => $mess["user_dash.34"], "ICON" => "user_shared.png", "ICON-CLASS" => "mdi mdi-share-variant", "DESCRIPTION" => $mess["user_dash.35"]), "settings" => array("LABEL" => $mess["user_dash.36"], "ICON" => "user_shared.png", "ICON-CLASS" => "icon-cog", "DESCRIPTION" => $mess["user_dash.37"]), "repositories" => array("LABEL" => $mess["user_dash.36"], "ICON" => "user_shared.png", "ICON-CLASS" => "icon-cog", "DESCRIPTION" => $mess["user_dash.37"]), "teams" => array("LABEL" => "Teams", "ICON" => "user_shared.png", "ICON-CLASS" => "icon-group", "DESCRIPTION" => "My Teams")); $dir = isset($httpVars["dir"]) ? $httpVars["dir"] : ""; $splits = explode("/", $dir); if (count($splits)) { if ($splits[0] == "") { array_shift($splits); } if (count($splits)) { $strippedDir = strtolower(urldecode($splits[0])); } else { $strippedDir = ""; } } if (array_key_exists($strippedDir, $rootNodes)) { AJXP_XMLWriter::header(); if ($strippedDir == "users") { $this->listUsers(); } else { if ($strippedDir == "teams") { $this->listTeams(); } else { if ($strippedDir == "repositories") { $this->listRepositories(); } else { if ($strippedDir == "files") { $this->listSharedFiles("files"); } } } } AJXP_XMLWriter::close(); } else { AJXP_XMLWriter::header(); /* AJXP_XMLWriter::sendFilesListComponentConfig('<columns switchGridMode="filelist"><column messageId="user_dash.8" attributeName="ajxp_label" sortType="String"/><column messageId="user_dash.31" attributeName="description" sortType="String"/></columns>'); foreach ($rootNodes as $key => $data) { $l = $data["LABEL"]; print '<tree text="'.$l.'" icon="'.$data["ICON"].'" filename="/'.$key.'" parentname="/" description="'.$data["DESCRIPTION"].'" />'; } */ AJXP_XMLWriter::close(); } break; case "stat": header("Content-type:application/json"); print '{"mode":true}'; break; case "delete": $mime = $httpVars["ajxp_mime"]; $selection = new UserSelection(); $selection->initFromHttpVars($httpVars); $files = $selection->getFiles(); AJXP_XMLWriter::header(); $minisites = $this->listSharedFiles("minisites"); /** * @var ShareCenter $shareCenter */ $shareCenter = AJXP_PluginsService::findPluginById("action.share"); foreach ($files as $index => $element) { $element = basename($element); $ar = explode("shared_", $mime); $mime = array_pop($ar); if ($mime == "repository" && isset($minisites[$element])) { $mime = "minisite"; $element = $minisites[$element]; } $shareCenter->getShareStore()->deleteShare($mime, $element); if ($mime == "repository" || $mime == "minisite") { $out = $mess["ajxp_conf.59"]; } else { if ($mime == "user") { $out = $mess["ajxp_conf.60"]; } else { if ($mime == "file") { $out = $mess["user_dash.13"]; } } } } AJXP_XMLWriter::sendMessage($out, null); AJXP_XMLWriter::reloadDataNode(); AJXP_XMLWriter::close(); break; case "clear_expired": /** * @var ShareCenter $shareCenter */ $shareCenter = AJXP_PluginsService::getInstance()->findPluginById("action.share"); $deleted = $shareCenter->getShareStore()->clearExpiredFiles(true); AJXP_XMLWriter::header(); if (count($deleted)) { AJXP_XMLWriter::sendMessage(sprintf($mess["user_dash.23"], count($deleted) . ""), null); AJXP_XMLWriter::reloadDataNode(); } else { AJXP_XMLWriter::sendMessage($mess["user_dash.24"], null); } AJXP_XMLWriter::close(); break; case "reset_download_counter": $selection = new UserSelection(); $selection->initFromHttpVars($httpVars); $elements = $selection->getFiles(); foreach ($elements as $element) { PublicletCounter::reset(str_replace(".php", "", basename($element))); } AJXP_XMLWriter::header(); AJXP_XMLWriter::reloadDataNode(); AJXP_XMLWriter::close(); break; default: break; } return; }
public function resetDownloadCounter($hash, $userId) { $data = $this->loadShare($hash); // TODO We must check that the user has the right to do that! PublicletCounter::reset($hash); }
/** Cypher the publiclet object data and write to disk. * @param Array $data The publiclet data array to write The data array must have the following keys: - DRIVER The driver used to get the file's content - OPTIONS The driver options to be successfully constructed (usually, the user and password) - FILE_PATH The path to the file's content - PASSWORD If set, the written publiclet will ask for this password before sending the content - ACTION If set, action to perform - USER If set, the AJXP user - EXPIRE_TIME If set, the publiclet will deny downloading after this time, and probably self destruct. * @param AbstractAccessDriver $accessDriver * @param Repository $repository * @return the URL to the downloaded file */ function writePubliclet($data, $accessDriver, $repository) { $downloadFolder = ConfService::getCoreConf("PUBLIC_DOWNLOAD_FOLDER"); if (!is_dir($downloadFolder)) { return "ERROR : Public URL folder does not exist!"; } if (!function_exists("mcrypt_create_iv")) { return "ERROR : MCrypt must be installed to use publiclets!"; } $this->initPublicFolder($downloadFolder); $data["PLUGIN_ID"] = $accessDriver->getId(); $data["BASE_DIR"] = $accessDriver->getBaseDir(); $data["REPOSITORY"] = $repository; if (AuthService::usersEnabled()) { $data["OWNER_ID"] = AuthService::getLoggedUser()->getId(); } if ($accessDriver->hasMixin("credentials_consumer")) { $cred = AJXP_Safe::tryLoadingCredentialsFromSources(array(), $repository); if (isset($cred["user"]) && isset($cred["password"])) { $data["SAFE_USER"] = $cred["user"]; $data["SAFE_PASS"] = $cred["password"]; } } // Force expanded path in publiclet $data["REPOSITORY"]->addOption("PATH", $repository->getOption("PATH")); if ($data["ACTION"] == "") { $data["ACTION"] = "download"; } // Create a random key $data["FINAL_KEY"] = md5(mt_rand() . time()); // Cypher the data with a random key $outputData = serialize($data); // Hash the data to make sure it wasn't modified $hash = md5($outputData); // The initialisation vector is only required to avoid a warning, as ECB ignore IV $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); // We have encoded as base64 so if we need to store the result in a database, it can be stored in text column $outputData = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $hash, $outputData, MCRYPT_MODE_ECB, $iv)); // Okay, write the file: $fileData = "<" . "?" . "php \n" . ' require_once("' . str_replace("\\", "/", AJXP_INSTALL_PATH) . '/publicLet.inc.php"); ' . "\n" . ' $id = str_replace(".php", "", basename(__FILE__)); ' . "\n" . ' $cypheredData = base64_decode("' . $outputData . '"); ' . "\n" . ' $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); ' . "\n" . ' $inputData = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $id, $cypheredData, MCRYPT_MODE_ECB, $iv), "\\0"); ' . "\n" . ' if (md5($inputData) != $id) { header("HTTP/1.0 401 Not allowed, script was modified"); exit(); } ' . "\n" . ' // Ok extract the data ' . "\n" . ' $data = unserialize($inputData); ShareCenter::loadPubliclet($data); ?' . '>'; if (@file_put_contents($downloadFolder . "/" . $hash . ".php", $fileData) === FALSE) { return "Can't write to PUBLIC URL"; } @chmod($downloadFolder . "/" . $hash . ".php", 0755); PublicletCounter::reset($hash); return $this->buildPublicletLink($hash); }