function check_keys($keys)
{
$values = array();
foreach ($keys as $key) {
json_fail(101, "parameter '{$key}' is missing", !array_key_exists($key, $_REQUEST));
$values[] = $_REQUEST[$key];
}
return $values;
}
function use_request_param($key, $default = null)
{
if (!array_key_exists($key, $_REQUEST)) {
json_fail(101, "parameter '{$key}' is missing", $default === null);
return $default;
}
$value = $_REQUEST[$key];
unset($_REQUEST[$key]);
return $value;
}
function use_request_params($keys)
{
if (!is_array($keys)) {
$keys = func_get_args();
}
$values = array();
foreach ($keys as $key) {
json_fail(101, "parameter '{$key}' is missing", !array_key_exists($key, $_REQUEST));
$values[] = $_REQUEST[$key];
unset($_REQUEST[$key]);
}
return $values;
}
if (!$result) {
$msg = $mysqli->error;
$success = False;
} else {
$result->execute();
$result->bind_result($count);
$result->fetch();
$result->close();
if ($count == 0) {
$query = "INSERT INTO USER \n\t\t\t\t\t(name, gender, password) \n\t\t\t\t\tVALUES (?,?,?)";
$result = $mysqli->prepare($query);
if (!$result) {
$msg = $mysqli->error;
$success = False;
}
$result->bind_param('sss', $_GET['name'], $_GET['gender'], $_GET['password']);
$result->execute();
$result->close();
} else {
$msg = "User exists.";
$success = False;
}
}
} else {
$msg = "GET failed";
}
if ($success) {
echo json_success();
} else {
echo json_fail($msg);
}
private function on_download()
{
json_fail(1, "downloads disabled", !$this->options["download"]["enabled"]);
$as = use_request_param("as");
$type = use_request_param("type");
$hrefs = use_request_param("hrefs");
$archive = new Archive($this->app);
$hrefs = explode("|:|", trim($hrefs));
set_time_limit(0);
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=\"{$as}\"");
header("Connection: close");
$rc = $archive->output($type, $hrefs);
json_fail(2, "packaging failed", $rc !== 0);
exit;
}
public function apply()
{
$options = $this->app->get_options();
list($action) = use_request_params(array("action"));
if ($action === "get") {
$response = array();
if (array_key_exists("options", $_REQUEST)) {
use_request_params("options");
$response["options"] = $this->app->get_options();
}
if (array_key_exists("types", $_REQUEST)) {
use_request_params("types");
$response["types"] = $this->app->get_types();
}
if (array_key_exists("langs", $_REQUEST)) {
use_request_params("langs");
$response["langs"] = $this->app->get_l10n_list();
}
if (array_key_exists("l10n", $_REQUEST)) {
list($iso_codes) = use_request_params("l10nCodes", "l10n");
$iso_codes = explode(":", $iso_codes);
$response["l10n"] = $this->app->get_l10n($iso_codes);
}
if (array_key_exists("checks", $_REQUEST)) {
use_request_params("checks");
$response["checks"] = $this->app->get_server_checks();
}
if (array_key_exists("server", $_REQUEST)) {
use_request_params("server");
$response["server"] = $this->app->get_server_details();
}
if (array_key_exists("custom", $_REQUEST)) {
list($abs_href) = use_optional_request_params("customHref", "custom");
$response["custom"] = $this->app->get_customizations($abs_href);
}
if (array_key_exists("entries", $_REQUEST)) {
list($abs_href, $what) = use_optional_request_params("entriesHref", "entriesWhat", "entries");
$what = is_numeric($what) ? intval($what, 10) : 1;
$response["entries"] = $this->app->get_entries($abs_href, $what);
}
if (count($_REQUEST)) {
$response["unused"] = $_REQUEST;
}
json_exit($response);
} else {
if ($action === "getThumbHref") {
if (!$options["thumbnails"]["enabled"]) {
json_fail(1, "thumbnails disabled");
}
normalized_require_once("/server/php/inc/Thumb.php");
if (!Thumb::is_supported()) {
json_fail(2, "thumbnails not supported");
}
list($type, $src_abs_href, $mode, $width, $height) = use_request_params(array("type", "href", "mode", "width", "height"));
$thumb = new Thumb($this->app);
$thumb_href = $thumb->thumb($type, $src_abs_href, $mode, $width, $height);
if ($thumb_href === null) {
json_fail(3, "thumbnail creation failed");
}
json_exit(array("absHref" => $thumb_href));
} else {
if ($action === "createArchive") {
json_fail(1, "downloads disabled", !$options["download"]["enabled"]);
list($execution, $format, $hrefs) = use_request_params(array("execution", "format", "hrefs"));
normalized_require_once("/server/php/inc/Archive.php");
$archive = new Archive($this->app);
$hrefs = explode(":", trim($hrefs));
$target = $archive->create($execution, $format, $hrefs);
if (!is_string($target)) {
json_fail($target, "package creation failed");
}
json_exit(array("id" => basename($target), "size" => filesize($target)));
} else {
if ($action === "getArchive") {
json_fail(1, "downloads disabled", !$options["download"]["enabled"]);
list($id, $as) = use_request_params(array("id", "as"));
json_fail(2, "file not found", !preg_match("/^package-/", $id));
$target = $this->app->get_cache_abs_path() . "/" . $id;
json_fail(3, "file not found", !file_exists($target));
header("Content-Type: application/octet-stream");
header("Content-Length: " . filesize($target));
header("Content-Disposition: attachment; filename=\"{$as}\"");
header("Connection: close");
register_shutdown_function("delete_tempfile", $target);
readfile($target);
} else {
if ($action === "upload") {
list($href) = use_request_params(array("href"));
json_fail(1, "wrong HTTP method", strtolower($_SERVER["REQUEST_METHOD"]) !== "post");
json_fail(2, "something went wrong", !array_key_exists("userfile", $_FILES));
$userfile = $_FILES["userfile"];
json_fail(3, "something went wrong [" . $userfile["error"] . "]", $userfile["error"] !== 0);
json_fail(4, "folders not supported", file_get_contents($userfile["tmp_name"]) === "null");
$upload_dir = $this->app->get_abs_path($href);
$code = $this->app->get_http_code($href);
json_fail(5, "upload dir no h5ai folder or ignored", $code !== App::$MAGIC_SEQUENCE || $this->app->is_ignored($upload_dir));
$dest = $upload_dir . "/" . utf8_encode($userfile["name"]);
json_fail(6, "already exists", file_exists($dest));
json_fail(7, "can't move uploaded file", !move_uploaded_file($userfile["tmp_name"], $dest));
json_exit();
} else {
if ($action === "delete") {
json_fail(1, "deletion disabled", !$options["delete"]["enabled"]);
list($hrefs) = use_request_params(array("hrefs"));
$hrefs = explode(":", trim($hrefs));
$errors = array();
foreach ($hrefs as $href) {
$d = normalize_path(dirname($href), true);
$n = basename($href);
$code = $this->app->get_http_code($d);
if ($code == App::$MAGIC_SEQUENCE && !$this->app->is_ignored($n)) {
$abs_path = $this->app->get_abs_path($href);
if (!unlink($abs_path)) {
$errors[] = $href;
}
}
}
if (count($errors)) {
json_fail(2, "deletion failed for some");
} else {
json_exit();
}
} else {
if ($action === "rename") {
json_fail(1, "renaming disabled", !$options["rename"]["enabled"]);
list($href, $name) = use_request_params(array("href", "name"));
$d = normalize_path(dirname($href), true);
$n = basename($href);
$code = $this->app->get_http_code($d);
if ($code == App::$MAGIC_SEQUENCE && !$this->app->is_ignored($n)) {
$abs_path = $this->app->get_abs_path($href);
$folder = normalize_path(dirname($abs_path));
if (!rename($abs_path, $folder . "/" . $name)) {
json_fail(2, "renaming failed");
}
}
json_exit();
}
}
}
}
}
}
}
}
<?php
function normalize_path($path, $trailing_slash = false)
{
$path = str_replace("\\", "/", $path);
return preg_match("#^(\\w:)?/\$#", $path) ? $path : preg_replace('#/$#', '', $path) . ($trailing_slash ? "/" : "");
}
define("APP_ABS_PATH", normalize_path(dirname(dirname(dirname(dirname(__FILE__))))));
define("APP_ABS_HREF", normalize_path(dirname(dirname(dirname(getenv("SCRIPT_NAME")))), true));
define("ABS_HREF", normalize_path(preg_replace('/[^\\/]*$/', '', getenv("REQUEST_URI")), true));
function normalized_require_once($lib)
{
require_once APP_ABS_PATH . $lib;
}
normalized_require_once("/server/php/inc/util.php");
normalized_require_once("/server/php/inc/App.php");
normalized_require_once("/server/php/inc/Entry.php");
$app = new App(APP_ABS_PATH, APP_ABS_HREF, ABS_HREF);
// if (count($_REQUEST)) {
if (array_key_exists("action", $_REQUEST)) {
header("Content-type: application/json");
normalized_require_once("/server/php/inc/Api.php");
$api = new Api($app);
$api->apply();
json_fail(100, "unsupported request");
} else {
$HREF = $app->get_app_abs_href();
$JSON = $app->get_generic_json();
$FALLBACK = $app->get_no_js_fallback();
}
private function on_new_folder()
{
$h5ai_path = '';
$filename = '';
json_fail(1, "folder creation disabled", !$this->options["new_folder"]["enabled"]);
$href = use_request_param("href");
$name = use_request_param("name");
$d = normalize_path(dirname($href), true);
$n = basename($href);
if ($this->app->is_managed_url($d) && !$this->app->is_hidden($n)) {
$path = $this->app->to_path($href);
$folder = normalize_path(dirname($path));
if (!mkdir($path . "/" . $name)) {
json_fail(2, "folder creation failed" . " PATH: {$path} | FOLDER: {$folder} | NAME: {$name}");
}
$filename = $path . "/" . $name . "/" . ".htaccess";
$h5ai_path = "DirectoryIndex " . INDEX_HREF;
if (!($handle = fopen($filename, 'w'))) {
json_fail(3, "Cannot open file ({$filename})");
}
if (fwrite($handle, $h5ai_path) === FALSE) {
json_fail(3, "Cannot write to file ({$filename})");
}
fclose($handle);
}
json_exit("Success, wrote ( {$h5ai_path} ) to file ( {$filename} ). {$href}/{$name}");
}
