protected function action() { $dec_link = Utils_MegaCrypter::decryptLink($this->request->getVar('link')); if ($this->_isBackdoor()) { $this->setViewData(['backdoor' => Utils_MegaApi::MEGA_HOST . "/#!{$dec_link['file_id']}!{$dec_link['file_key']}"]); } else { if ($dec_link['zombie']) { throw new Exception(__METHOD__ . ' Zombie link!'); } else { if (empty($dec_link['referer']) || !preg_match('/\\.[^.]+$/', $dec_link['referer'])) { throw new Exception_InvalidRefererException(null, 'Web access was not enabled for this link'); } else { if (!empty($dec_link['referer']) && !$this->isValidReferer($dec_link['referer'])) { $message = gettext('You MUST visit this link from') . ' [ <a href="http://' . $dec_link['referer'] . '" rel="nofollow"><em>' . $dec_link['referer'] . '</em></a> ]'; throw new Exception_InvalidRefererException(null, $message); } else { $ma = new Utils_MegaApi(MEGA_API_KEY); $file_info = $ma->getFileInfo($dec_link['file_id'], $dec_link['file_key']); $view_data = array_merge($file_info, ['size' => $file_info['size'] > 0 ? Utils_MiscTools::formatBytes($file_info['size']) : false]); if (Utils_MiscTools::isStreameableFile($view_data['name'])) { $view_data['stream'] = true; } if ($dec_link['extra_info']) { $view_data['extra'] = $dec_link['extra_info']; } if ($dec_link['expire']) { $view_data['expire'] = $dec_link['expire'] - time(); } $view_data['pass'] = (bool) $dec_link['pass']; if ($dec_link['pass'] || $dec_link['hide_name']) { $view_data['name'] = Utils_MiscTools::hideFileName($view_data['name']); $view_data['name_trunc'] = $view_data['name']; } else { $view_data['name_trunc'] = Utils_MiscTools::truncateText($view_data['name'], self::FILE_NAME_MAX_LENGTH); } $view_data['referer'] = $this->request->getServerVar('HTTP_REFERER'); $view_data['domain_lock'] = $dec_link['referer']; $this->setViewData($view_data); } } } } }
private function _actionInfo($post_data) { $dec_link = $this->_decryptLink($post_data->link); $ma = new Utils_MegaApi(MEGA_API_KEY); $file_info = $ma->getFileInfo($dec_link['file_id'], $dec_link['file_key']); $data = ['name' => $dec_link['hide_name'] ? Utils_MiscTools::hideFileName($file_info['name'], ($dec_link['zombie'] ? $dec_link['zombie'] : null) . base64_decode(GENERIC_PASSWORD)) : $file_info['name'], 'path' => isset($file_info['path']) ? $file_info['path'] : false, 'size' => $file_info['size'], 'key' => isset($file_info['key']) ? $file_info['key'] : $dec_link['file_key'], 'extra' => $dec_link['extra_info'], 'expire' => $dec_link['expire'] ? $dec_link['expire'] . '#' . ($dec_link['no_expire_token'] ? base64_encode(hash('sha256', base64_decode($dec_link['secret']), true)) : self::NO_EXP_TOK_NOT_ALLOWED) : false]; if ($dec_link['pass']) { list($iterations, $pass, $pass_salt) = explode('#', $dec_link['pass']); $b64p = base64_decode($pass); $iv = openssl_random_pseudo_bytes(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)); $data['name'] = $this->_encryptApiField($data['name'], $b64p, $iv); if ($data['path']) { $data['path'] = $this->_encryptApiField($data['path'], $b64p, $iv); } $data['key'] = $this->_encryptApiField(Utils_MiscTools::urlBase64Decode($data['key']), $b64p, $iv); if ($data['extra']) { $data['extra'] = $this->_encryptApiField($data['extra'], $b64p, $iv); } $data['pass'] = $iterations . '#' . base64_encode(hash_hmac('sha256', $b64p, $iv, true)) . '#' . $pass_salt . '#' . base64_encode($iv); } else { $data['pass'] = false; } return $data; }