**/
set_time_limit(0);
# Avoid problems on big files #20 on github
$message = '';
$tree = false;
$feeds_div = '';
include 'core/core.php';
function burned($id)
{
if (substr($id, 0, 1) == '*') {
removeID($id);
}
}
if (!empty($_GET['f'])) {
$id = strip_tags($_GET['f']);
$f = id2file($id);
store_access_stat($f, $id);
if (!empty($f)) {
# password mode
if (strlen($id) > 23 && !isset($_POST['password'])) {
$message = '<div class="lock"><img src="img/locked_big.png"/>
<form action="index.php?f=' . $id . '" method="post">
<label>' . e('This share is protected, please type the correct password:'******'</label><br/>
<input type="password" name="password" class="button red"/>
<input type="submit" value="Ok" class="button"/>
</form>
</div>
';
} else {
if (!isset($_POST['password']) || isset($_POST['password']) && blur_password($_POST['password']) == $id) {
if (isset($_GET['thumbs'])) {
function is_owner($id = null)
{
if (!$id || empty($_SESSION['login'])) {
return false;
}
$file = explode('/', id2file($id));
$owner = $file[1];
return $_SESSION['login'] == $owner;
}
<?php
// demande d'une image (miniature, grandre miniature ou redimensionnée)
if (isset($_GET['image']) && !empty($_GET['f'])) {
switch ($_GET['image']) {
case 'thumbs':
$f = get_thumbs_name(id2file($_GET['f']));
$img_error = 'ERROR: Thumbnail not found';
break;
case 'gthumbs':
$f = get_thumbs_name_gallery(id2file($_GET['f']));
$img_error = 'ERROR: Thumbnail not found';
break;
case 'web':
$f = get_thumbs_name_web(id2file($_GET['f']));
$img_error = 'ERROR: Image not found';
break;
default:
$f = '';
$img_error = 'Unknow error';
break;
}
if (!file_exists($f)) {
exit($img_error);
}
$type = _mime_content_type($f);
header('Content-type: ' . $type . '; charset=utf-8');
header('Content-Transfer-Encoding: binary');
header('Content-Length: ' . filesize($f));
readfile($f);
exit;
$ids[$password . $id] = $file;
store($ids);
header('location:index.php?p=admin&token=' . TOKEN);
exit;
}
# Handle folder share with users
if (!empty($_POST['share']) && is_owner($_POST['share'])) {
$folder_id = $_POST['share'];
$users = $auto_restrict['users'];
unset($users[$_SESSION['login']]);
$shared_with = load_folder_share();
$sent = array_flip($_POST['users']);
foreach ($users as $login => $data) {
if (isset($sent[$login])) {
# User checked: add share
$shared_with[$login][$folder_id] = array('folder' => id2file($folder_id), 'from' => $_SESSION['login']);
} else {
# User not checked: remove share if exists
if (isset($shared_with[$login][$folder_id])) {
unset($shared_with[$login][$folder_id]);
}
}
}
save_folder_share($shared_with);
header('location:index.php?p=admin&token=' . TOKEN);
exit;
}
# Handle users rights
if (isset($_POST['user_right']) && is_allowed('change status rights')) {
foreach ($_POST['user_right'] as $key => $user_nb) {
$users_rights[$_POST['user_name'][$key]] = $user_nb;
<?php
/**
* BoZoN admin page:
* allows upload / delete / filter files
* @author: Bronco (bronco@warriordudimanche.net)
**/
include 'auto_restrict.php';
# Admin only!
include 'core.php';
# delete file
if (!empty($_GET['del']) && $_GET['del'] != '') {
$f = id2file($_GET['del']);
if (is_file($f)) {
unlink($f);
unset($ids[$_GET['del']]);
store(ID_FILE, $ids);
}
}
# search/filter
if (!empty($_GET['filter'])) {
$mask = strip_tags($_GET['filter']);
} else {
$mask = '';
}
if ($_FILES) {
include 'auto_dropzone.php';
exit;
}
?>
<!DOCTYPE html>
if (is_file('import.php')) {
header('location: import.php');
}
require 'core/core.php';
# thumbnail request
if (isset($_GET['thumbs']) && !empty($_GET['f'])) {
$f = get_thumbs_name(id2file($_GET['f']));
$type = _mime_content_type($f);
header('Content-type: ' . $type . '; charset=utf-8');
header('Content-Transfer-Encoding: binary');
header('Content-Length: ' . filesize($f));
readfile($f);
exit;
}
if (isset($_GET['gthumbs']) && !empty($_GET['f'])) {
$f = get_thumbs_name_gallery(id2file($_GET['f']));
$type = _mime_content_type($f);
header('Content-type: ' . $type . '; charset=utf-8');
header('Content-Transfer-Encoding: binary');
header('Content-Length: ' . filesize($f));
readfile($f);
exit;
}
# share request
if (!empty($_GET['f'])) {
require 'core/share.php';
exit;
}
# Try to login or logout ? => auto_restrict
if (!empty($_POST['pass']) && !empty($_POST['login']) || isset($_GET['logout']) || isset($_GET['deconnexion'])) {
require 'core/auto_restrict.php';
}
rename(get_thumbs_name($file), get_thumbs_name($destination));
# change path in id
$id = file2id($file);
$ids = unstore();
$ids[$id] = $destination;
store();
}
}
header('location:admin.php');
exit;
}
# Lock folder with password
if (!empty($_POST['password']) && !empty($_POST['id'])) {
$id = $_POST['id'];
$file = id2file($id);
$password = blur_password($_POST['password']);
# turn normal share id into password hashed id
$ids = unstore();
unset($ids[$id]);
$ids[$password] = $file;
store();
header('location:admin.php');
exit;
}
if ($_FILES) {
include 'core/auto_dropzone.php';
exit;
}
?>
<!DOCTYPE html>
function return_owner($id = null)
{
if (!$id) {
return false;
}
$file = explode('/', id2file($id));
if (!empty($file[1])) {
$owner = $file[1];
} else {
$owner = e('Deleted', false);
}
return $owner;
}
<?php
/**
* BoZoN user part:
* simply handles the get link.
* @author: Bronco (bronco@warriordudimanche.net)
**/
include 'core.php';
if (!empty($_GET['f'])) {
$f = id2file($_GET['f']);
if (is_file($f)) {
$type = mime_content_type($f);
$ext = strtolower(pathinfo($f, PATHINFO_EXTENSION));
if (is_in($ext, 'FILES_TO_ECHO') !== false) {
echo '<pre>' . htmlspecialchars(file_get_contents($f)) . '</pre>';
} else {
if (is_in($ext, 'FILES_TO_RETURN') !== false) {
header('Content-type: ' . $type);
readfile($f);
} else {
header('Content-type: ' . $type);
// lance le téléchargement des fichiers non affichables
header('Content-Disposition: attachment; filename="' . $f . '"');
readfile($f);
}
}
exit;
}
}
?>
<head>
function ids2files($ids)
{
$ids = explode(',', $ids);
$files = array();
foreach ($ids as $id) {
if ($id) {
$files[] = id2file($id);
}
}
return $files;
}
function ids2files($ids)
{
$files = explode(',', $ids);
for ($i = 0; $i < count($files); $i++) {
$files[$i] = id2file($files[$i]);
}
return $files;
}
for ($index = 0; $index < $_SESSION['stats_max_lines']; $index++) {
if (!empty($stats[$index])) {
$rss['items'][] = array('title' => $stats[$index]['file'], 'description' => '[ip:' . $stats[$index]['ip'] . '] ' . '[referrer:' . $stats[$index]['referrer'] . '] ' . '[host:' . $stats[$index]['host'] . '] ', 'pubDate' => makeRSSdate($stats[$index]['date']), 'link' => $_SESSION['home'] . '?f=' . $stats[$index]['id'], 'guid' => $_SESSION['home'] . '?f=' . $stats[$index]['id']);
}
}
array2feed($rss);
exit;
}
# ask for json format stats
if (isset($_GET['statjson']) && !empty($_GET['key']) && hash_user($_GET['key'])) {
$stats = load($_SESSION['stats_file']);
exit(json_encode($stats));
}
# zip and download a folder from visitor's share page
if (!empty($_GET['zipfolder']) && $_SESSION['zip']) {
$folder = id2file($_GET['zipfolder']);
if (!is_dir($_SESSION['temp_folder'])) {
mkdir($_SESSION['temp_folder']);
}
$zipfile = $_SESSION['temp_folder'] . return_owner($_GET['zipfolder']) . '-' . _basename($folder) . '.zip';
zip($folder, $zipfile);
header('location: ' . $zipfile);
exit;
}
if (is_user_connected()) {
# users list request
if (isset($_GET['users_list']) && is_allowed('user page')) {
$_GET['p'] = 'users';
unset($_GET['users_list']);
# To avoid useless changes in auto_restrict
}