/** * _dispatcher_processUpload * * @param $name * @param $tmp_name * @param $size * @param $actionId * @param &$uploadMessages * @param &$tStack * @return bool */ function _dispatcher_processUpload($name, $tmp_name, $size, $actionId, &$uploadMessages, &$tStack) { global $cfg; $filename = tfb_cleanFileName(stripslashes($name)); if ($filename === false) { // invalid file array_push($uploadMessages, "The type of file " . stripslashes($name) . " is not allowed."); array_push($uploadMessages, "\nvalid file-extensions: "); array_push($uploadMessages, $cfg["file_types_label"]); return false; } else { // file is valid if (substr($filename, -5) == ".wget") { // is enabled ? if ($cfg["enable_wget"] == 0) { AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to upload wget-file " . $filename); array_push($uploadMessages, "wget is disabled : " . $filename); return false; } else { if ($cfg["enable_wget"] == 1) { if (!$cfg['isAdmin']) { AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to upload wget-file " . $filename); array_push($uploadMessages, "wget is disabled for users : " . $filename); return false; } } } } else { if (substr($filename, -4) == ".nzb") { // is enabled ? if ($cfg["enable_nzbperl"] == 0) { AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to upload nzb-file " . $filename); array_push($uploadMessages, "nzbperl is disabled : " . $filename); return false; } else { if ($cfg["enable_nzbperl"] == 1) { if (!$cfg['isAdmin']) { AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to upload nzb-file " . $filename); array_push($uploadMessages, "nzbperl is disabled for users : " . $filename); return false; } } } } } if ($size <= $cfg["upload_limit"] && $size > 0) { //FILE IS BEING UPLOADED if (@is_file($cfg["transfer_file_path"] . $filename)) { // Error array_push($uploadMessages, "the file " . $filename . " already exists on the server."); return false; } else { if (@move_uploaded_file($tmp_name, $cfg["transfer_file_path"] . $filename)) { @chmod($cfg["transfer_file_path"] . $filename, 0644); AuditAction($cfg["constants"]["file_upload"], $filename); // inject injectTransfer($filename); // instant action ? if ($actionId > 1) { array_push($tStack, $filename); } // return return true; } else { array_push($uploadMessages, "File not uploaded, file could not be found or could not be moved: " . $cfg["transfer_file_path"] . $filename); return false; } } } else { array_push($uploadMessages, "File not uploaded, file size limit is " . $cfg["upload_limit"] . ". file has " . $size); return false; } } }
/** * Inject Transfer * * @param $transferFile * @param $username * @param $options * @param array $extra * @return mixed */ function _inject($transferFile, $username, $options = '', $extra = array()) { global $cfg; // check file if (!@is_file($transferFile)) { $this->_outputError("transfer-file " . $transferFile . " is no file.\n"); return false; } // check username if (!IsUser($username)) { $this->_outputError("username " . $username . " is no valid user.\n"); return false; } // parse options $optionsSet = $this->_parseOptions(array('d' => 0, 's' => 0, 'p' => 1), $options, $extra); if ($optionsSet === false) { return false; } $profile = isset($optionsSet['p']) ? $optionsSet['p'][0] : null; $this->_outputMessage("Inject " . $transferFile . " for user " . $username . (!empty($profile) ? " using profile " . $profile : '') . " ...\n"); // set user $cfg["user"] = $username; // set filename $transfer = basename($transferFile); $transfer = tfb_cleanFileName($transfer); // only inject valid transfers $msgs = array(); if ($transfer !== false) { $targetFile = $cfg["transfer_file_path"] . $transfer; if (@is_file($targetFile)) { array_push($msgs, "transfer " . $transfer . ", already exists."); } else { $this->_outputMessage("copy " . $transferFile . " to " . $targetFile . " ...\n"); if (@copy($transferFile, $targetFile)) { // chmod @chmod($cfg["transfer_file_path"] . $transfer, 0644); // make owner entry AuditAction($cfg["constants"]["file_upload"], $transfer); // inject $this->_outputMessage("injecting " . $transfer . " ...\n"); injectTransfer($transfer); // delete source-file if (isset($optionsSet['d'])) { $this->_outputMessage("deleting source-file " . $transferFile . " ...\n"); @unlink($transferFile); } // start if (isset($optionsSet['s'])) { // build args for _transferStart $newOptions = $this->_buildOptions('p', $optionsSet); // Pass-thru option 'p'. return $this->_transferStart($transfer, $newOptions[0], $newOptions[1]); } else { return true; } } else { array_push($msgs, "File could not be copied: " . $transferFile); } } } else { array_push($msgs, "The type of file you are injecting is not allowed."); array_push($msgs, "valid file-extensions: "); array_push($msgs, $cfg["file_types_label"]); } if (count($msgs) == 0) { $this->_outputMessage("done.\n"); return true; } else { $this->_outputError("failed: " . implode("\n", $msgs) . "\n"); return false; } }
/** * download and save a torrent-file * * @return boolean */ function _saveTorrent($url, $title) { global $cfg; $content = SimpleHTTP::getTorrent($url); if (SimpleHTTP::getState() == SIMPLEHTTP_STATE_OK) { // filename $filename = SimpleHTTP::getFilename(); if ($filename != "") { $filename = strpos($filename, ".torrent") !== false ? tfb_cleanFileName($filename) : tfb_cleanFileName($filename . ".torrent"); } if ($filename == "" || $filename === false || transferExists($filename)) { $filename = tfb_cleanFileName($title . ".torrent"); if ($filename === false || transferExists($filename)) { $filename = tfb_cleanFileName($url . ".torrent"); if ($filename === false || transferExists($filename)) { $filename = tfb_cleanFileName(md5($url . strval(@microtime())) . ".torrent"); if ($filename === false || transferExists($filename)) { // Error $msg = "failed to get a valid transfer-filename for " . $url; array_push($this->messages, $msg); AuditAction($cfg["constants"]["error"], "Rssd downloadMetafile-Error : " . $msg); $this->_outputError($msg . "\n"); return false; } } } } // file $file = $this->_dirSave . $filename; // check if file already exists if (@is_file($file)) { // Error $msg = "the file " . $file . " already exists in " . $this->_dirSave; array_push($this->messages, $msg); AuditAction($cfg["constants"]["error"], "Rssd downloadMetafile-Error : " . $msg); $this->_outputError($msg . "\n"); return false; } // write file $handle = false; $handle = @fopen($file, "w"); if (!$handle) { $msg = "cannot open " . $file . " for writing."; array_push($this->messages, $msg); AuditAction($cfg["constants"]["error"], "Rssd downloadMetafile-Error : " . $msg); $this->_outputError($msg . "\n"); return false; } $result = @fwrite($handle, $content); @fclose($handle); if ($result === false) { $msg = "cannot write content to " . $file . "."; array_push($this->messages, $msg); AuditAction($cfg["constants"]["error"], "Rssd downloadMetafile-Error : " . $msg); $this->_outputError($msg . "\n"); return false; } // add to file-array array_push($this->_filesSaved, array('url' => $url, 'title' => $title, 'filename' => $filename, 'file' => $file)); // output $this->_outputMessage("torrent saved : \n url: " . $url . "\n file: " . $file . "\n"); // return return true; } else { // last op was not ok $msgs = SimpleHTTP::getMessages(); $this->_outputError("could not download torrent with title " . $title . " from url " . $url . " : \n" . implode("\n", $msgs)); return false; } }
/** * Function with which metafiles are uploaded and injected * * @deprecated */ function compat_tf_processUpload() { global $cfg; $filename = ""; $uploadMessages = array(); if (isset($_FILES['upload_file']) && !empty($_FILES['upload_file']['name'])) { $filename = stripslashes($_FILES['upload_file']['name']); $filename = tfb_cleanFileName($filename); if ($filename === false) { // invalid file array_push($uploadMessages, "The type of file you are uploading is not allowed."); array_push($uploadMessages, "\nvalid file-extensions: "); array_push($uploadMessages, $cfg["file_types_label"]); } else { // file is valid if (substr($filename, -5) == ".wget") { // is enabled ? if ($cfg["enable_wget"] == 0) { AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to upload wget-file " . $filename); @error("wget is disabled", "", ""); } else { if ($cfg["enable_wget"] == 1) { if (!$cfg['isAdmin']) { AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to upload wget-file " . $filename); @error("wget is disabled for users", "", ""); } } } } else { if (substr($filename, -4) == ".nzb") { // is enabled ? if ($cfg["enable_nzbperl"] == 0) { AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to upload nzb-file " . $filename); @error("nzbperl is disabled", "", ""); } else { if ($cfg["enable_nzbperl"] == 1) { if (!$cfg['isAdmin']) { AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to upload nzb-file " . $filename); @error("nzbperl is disabled for users", "", ""); } } } } } if ($_FILES['upload_file']['size'] <= $cfg["upload_limit"] && $_FILES['upload_file']['size'] > 0) { //FILE IS BEING UPLOADED if (@is_file($cfg["transfer_file_path"] . $filename)) { // Error array_push($uploadMessages, "the file " . $filename . " already exists on the server."); } else { if (@move_uploaded_file($_FILES['upload_file']['tmp_name'], $cfg["transfer_file_path"] . $filename)) { @chmod($cfg["transfer_file_path"] . $filename, 0644); AuditAction($cfg["constants"]["file_upload"], $filename); // inject injectTransfer($filename); // instant action ? $actionId = tfb_getRequestVar('aid'); if ($actionId > 1) { $ch = ClientHandler::getInstance(getTransferClient($filename)); switch ($actionId) { case 3: $ch->start($filename, false, true); break; case 2: $ch->start($filename, false, false); break; } if (count($ch->messages) > 0) { $uploadMessages = array_merge($uploadMessages, $ch->messages); } } } else { array_push($uploadMessages, "File not uploaded, file could not be found or could not be moved: " . $cfg["transfer_file_path"] . $filename); } } } else { array_push($uploadMessages, "File not uploaded, file size limit is " . $cfg["upload_limit"] . ". file has " . $_FILES['upload_file']['size']); } } } if (count($uploadMessages) > 0) { AuditAction($cfg["constants"]["error"], $cfg["constants"]["file_upload"] . " :: " . $filename); @error("There were Problems", "", "", $uploadMessages); } }
AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to use maketorrent"); @error("maketorrent is disabled", "index.php?iid=index", ""); } // check the needed bins // python if (@file_exists($cfg['pythonCmd']) !== true) { @error("Required binary could not be found", "", "", $cfg['isAdmin'] ? array('python is required for maketorrent', 'Specified python-binary does not exist: ' . $cfg['pythonCmd'], 'Check Settings on Admin-Server-Settings Page') : array('Please contact an Admin')); } /******************************************************************************* * create + page ******************************************************************************/ // file + torrent vars $path = tfb_getRequestVarRaw('path'); $torrent = ""; if (!empty($path)) { $torrent = tfb_cleanFileName(StripFolders($path) . ".torrent"); if ($torrent === false) { @error("Invalid torrent-name", "", "", array($path)); } } // only valid dirs + entries with permission if (!(tfb_isValidPath($cfg["path"] . $path) && hasPermission($path, $cfg["user"], 'w'))) { AuditAction($cfg["constants"]["error"], "ILLEGAL MAKETORRENT: " . $cfg["user"] . " tried to maketorrent with " . $path); @error("Illegal maketorrent. Action has been logged.", "", ""); } // check if there is a var sent for client, if not use default $client = isset($_REQUEST["client"]) ? tfb_getRequestVar('client') : $cfg["dir_maketorrent_default"]; // client-generic vars $tfile = tfb_getRequestVar('torrent'); $comment = tfb_getRequestVar('comments'); $alert = isset($_POST["alert"]) ? 1 : 0;
/** * setVarsFromUrl * * @param $transferUrl */ function setVarsFromUrl($transferUrl) { global $cfg; $this->url = $transferUrl; $transfer = strrchr($transferUrl, '/'); if ($transfer[0] == '/') { $transfer = substr($transfer, 1); } $transfer = tfb_cleanFileName($transfer . ".wget"); $this->_setVarsForTransfer($transfer); if (empty($this->owner) || strtolower($this->owner) == "n/a") { $this->owner = $cfg['user']; } }