public function resetDownloadCounter($hash, $userId)
{
$data = $this->loadShare($hash);
$repoId = $data["REPOSITORY"];
$repo = ConfService::getRepositoryById($repoId);
if ($repo == null) {
throw new Exception("Cannot find associated share");
}
$this->testUserCanEditShare($repo->getOwner());
PublicletCounter::reset($hash);
}
function switchAction($action, $httpVars, $fileVars)
{
if (!isset($this->actions[$action])) {
return;
}
parent::accessPreprocess($action, $httpVars, $fileVars);
$loggedUser = AuthService::getLoggedUser();
if (!ENABLE_USERS) {
return;
}
if ($action == "edit") {
if (isset($httpVars["sub_action"])) {
$action = $httpVars["sub_action"];
}
}
$mess = ConfService::getMessages();
switch ($action) {
//------------------------------------
// BASIC LISTING
//------------------------------------
case "ls":
$rootNodes = array("files" => array("LABEL" => $mess["ajxp_shared.3"], "ICON" => "html.png", "DESCRIPTION" => $mess["ajxp_shared.28"]), "repositories" => array("LABEL" => $mess["ajxp_shared.2"], "ICON" => "document_open_remote.png", "DESCRIPTION" => $mess["ajxp_shared.29"]), "users" => array("LABEL" => $mess["ajxp_shared.1"], "ICON" => "user_shared.png", "DESCRIPTION" => $mess["ajxp_shared.30"]));
$dir = isset($httpVars["dir"]) ? $httpVars["dir"] : "";
$splits = explode("/", $dir);
if (count($splits)) {
if ($splits[0] == "") {
array_shift($splits);
}
if (count($splits)) {
$strippedDir = strtolower(urldecode($splits[0]));
} else {
$strippedDir = "";
}
}
if (array_key_exists($strippedDir, $rootNodes)) {
AJXP_XMLWriter::header();
if ($strippedDir == "users") {
$this->listUsers();
} else {
if ($strippedDir == "repositories") {
$this->listRepositories();
} else {
if ($strippedDir == "files") {
$this->listSharedFiles();
}
}
}
AJXP_XMLWriter::close();
exit(1);
} else {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendFilesListComponentConfig('<columns switchGridMode="filelist"><column messageId="ajxp_shared.8" attributeName="ajxp_label" sortType="String"/><column messageId="ajxp_shared.31" attributeName="description" sortType="String"/></columns>');
foreach ($rootNodes as $key => $data) {
print '<tree text="' . $data["LABEL"] . '" icon="' . $data["ICON"] . '" filename="/' . $key . '" parentname="/" description="' . $data["DESCRIPTION"] . '" />';
}
AJXP_XMLWriter::close();
}
break;
case "stat":
header("Content-type:application/json");
print '{"mode":true}';
break;
case "delete":
$mime = $httpVars["ajxp_mime"];
$selection = new UserSelection();
$selection->initFromHttpVars();
$files = $selection->getFiles();
AJXP_XMLWriter::header();
foreach ($files as $index => $element) {
$element = basename($element);
if ($mime == "shared_repository") {
$repo = ConfService::getRepositoryById($element);
if (!$repo->hasOwner() || $repo->getOwner() != $loggedUser->getId()) {
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_shared.12"]);
break;
} else {
$res = ConfService::deleteRepository($element);
if ($res == -1) {
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_conf.51"]);
break;
} else {
if ($index == count($files) - 1) {
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.59"], null);
AJXP_XMLWriter::reloadDataNode();
}
}
}
} else {
if ($mime == "shared_user") {
$confDriver = ConfService::getConfStorageImpl();
$object = $confDriver->createUserObject($element);
if (!$object->hasParent() || $object->getParent() != $loggedUser->getId()) {
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_shared.12"]);
break;
} else {
$res = AuthService::deleteUser($element);
if ($index == count($files) - 1) {
AJXP_XMLWriter::sendMessage($mess["ajxp_conf.60"], null);
AJXP_XMLWriter::reloadDataNode();
}
}
} else {
if ($mime == "shared_file") {
$publicletData = $this->loadPublicletData(PUBLIC_DOWNLOAD_FOLDER . "/" . $element . ".php");
if (isset($publicletData["OWNER_ID"]) && $publicletData["OWNER_ID"] == $loggedUser->getId()) {
require_once INSTALL_PATH . "/server/classes/class.PublicletCounter.php";
PublicletCounter::delete($element);
unlink(PUBLIC_DOWNLOAD_FOLDER . "/" . $element . ".php");
if ($index == count($files) - 1) {
AJXP_XMLWriter::sendMessage($mess["ajxp_shared.13"], null);
AJXP_XMLWriter::reloadDataNode();
}
} else {
AJXP_XMLWriter::sendMessage(null, $mess["ajxp_shared.12"]);
break;
}
}
}
}
}
AJXP_XMLWriter::close();
break;
case "clear_expired":
$deleted = $this->clearExpiredFiles();
AJXP_XMLWriter::header();
if (count($deleted)) {
AJXP_XMLWriter::sendMessage(sprintf($mess["ajxp_shared.23"], count($deleted) . ""), null);
AJXP_XMLWriter::reloadDataNode();
} else {
AJXP_XMLWriter::sendMessage($mess["ajxp_shared.24"], null);
}
AJXP_XMLWriter::close();
break;
case "reset_download_counter":
$selection = new UserSelection();
$selection->initFromHttpVars();
$elements = $selection->getFiles();
require_once INSTALL_PATH . "/server/classes/class.PublicletCounter.php";
foreach ($elements as $element) {
PublicletCounter::reset(str_replace(".php", "", basename($element)));
}
AJXP_XMLWriter::header();
AJXP_XMLWriter::reloadDataNode();
AJXP_XMLWriter::close();
break;
default:
break;
}
return;
}
public function switchAction($action, $httpVars, $fileVars)
{
if (!isset($this->actions[$action])) {
return;
}
parent::accessPreprocess($action, $httpVars, $fileVars);
$loggedUser = AuthService::getLoggedUser();
if (!AuthService::usersEnabled()) {
return;
}
if ($action == "edit") {
if (isset($httpVars["sub_action"])) {
$action = $httpVars["sub_action"];
}
}
$mess = ConfService::getMessages();
switch ($action) {
//------------------------------------
// BASIC LISTING
//------------------------------------
case "ls":
$rootNodes = array("files" => array("LABEL" => $mess["ajxp_shared.3"], "ICON" => "html.png", "DESCRIPTION" => $mess["ajxp_shared.28"]), "repositories" => array("LABEL" => $mess["ajxp_shared.2"], "ICON" => "document_open_remote.png", "DESCRIPTION" => $mess["ajxp_shared.29"]), "users" => array("LABEL" => $mess["ajxp_shared.1"], "ICON" => "user_shared.png", "DESCRIPTION" => $mess["ajxp_shared.30"]));
$dir = isset($httpVars["dir"]) ? $httpVars["dir"] : "";
$splits = explode("/", $dir);
if (count($splits)) {
if ($splits[0] == "") {
array_shift($splits);
}
if (count($splits)) {
$strippedDir = strtolower(urldecode($splits[0]));
} else {
$strippedDir = "";
}
}
if (array_key_exists($strippedDir, $rootNodes)) {
AJXP_XMLWriter::header();
if ($strippedDir == "users") {
$this->listUsers();
} else {
if ($strippedDir == "repositories") {
$this->listRepositories();
} else {
if ($strippedDir == "files") {
$this->listSharedFiles();
}
}
}
AJXP_XMLWriter::close();
} else {
AJXP_XMLWriter::header();
AJXP_XMLWriter::sendFilesListComponentConfig('<columns switchGridMode="filelist"><column messageId="ajxp_shared.8" attributeName="ajxp_label" sortType="String"/><column messageId="ajxp_shared.31" attributeName="description" sortType="String"/></columns>');
foreach ($rootNodes as $key => $data) {
print '<tree text="' . $data["LABEL"] . '" icon="' . $data["ICON"] . '" filename="/' . $key . '" parentname="/" description="' . $data["DESCRIPTION"] . '" />';
}
AJXP_XMLWriter::close();
}
break;
case "stat":
header("Content-type:application/json");
print '{"mode":true}';
break;
case "delete":
$mime = $httpVars["ajxp_mime"];
$selection = new UserSelection();
$selection->initFromHttpVars($httpVars);
$files = $selection->getFiles();
AJXP_XMLWriter::header();
foreach ($files as $index => $element) {
$element = basename($element);
$ar = explode("shared_", $mime);
$mime = array_pop($ar);
ShareCenter::deleteSharedElement($mime, $element, $loggedUser);
if ($mime == "repository") {
$out = $mess["ajxp_conf.59"];
} else {
if ($mime == "user") {
$out = $mess["ajxp_conf.60"];
} else {
if ($mime == "file") {
$out = $mess["ajxp_shared.13"];
}
}
}
}
AJXP_XMLWriter::sendMessage($out, null);
AJXP_XMLWriter::reloadDataNode();
AJXP_XMLWriter::close();
break;
case "clear_expired":
$deleted = $this->clearExpiredFiles();
AJXP_XMLWriter::header();
if (count($deleted)) {
AJXP_XMLWriter::sendMessage(sprintf($mess["ajxp_shared.23"], count($deleted) . ""), null);
AJXP_XMLWriter::reloadDataNode();
} else {
AJXP_XMLWriter::sendMessage($mess["ajxp_shared.24"], null);
}
AJXP_XMLWriter::close();
break;
case "reset_download_counter":
$selection = new UserSelection();
$selection->initFromHttpVars($httpVars);
$elements = $selection->getFiles();
foreach ($elements as $element) {
PublicletCounter::reset(str_replace(".php", "", basename($element)));
}
AJXP_XMLWriter::header();
AJXP_XMLWriter::reloadDataNode();
AJXP_XMLWriter::close();
break;
default:
break;
}
return;
}
/**
* Set the counter value to 0.
* @param string $hash
* @param string $userId
* @throws Exception
*/
public function resetDownloadCounter($hash, $userId)
{
$data = $this->loadShare($hash);
$repoId = $data["REPOSITORY"];
$repo = ConfService::getRepositoryById($repoId);
if ($repo == null) {
$mess = ConfService::getMessages();
throw new Exception(str_replace('%s', 'Cannot find associated repository', $mess["share_center.219"]));
}
$this->testUserCanEditShare($repo->getOwner(), $repo->options);
PublicletCounter::reset($hash);
}
/** Cypher the publiclet object data and write to disk.
* @param Array $data The publiclet data array to write
The data array must have the following keys:
- DRIVER The driver used to get the file's content
- OPTIONS The driver options to be successfully constructed (usually, the user and password)
- FILE_PATH The path to the file's content
- PASSWORD If set, the written publiclet will ask for this password before sending the content
- ACTION If set, action to perform
- USER If set, the AJXP user
- EXPIRE_TIME If set, the publiclet will deny downloading after this time, and probably self destruct.
* - AUTHOR_WATCH If set, will post notifications for the publiclet author each time the file is loaded
* @param AbstractAccessDriver $accessDriver
* @param Repository $repository
* @return array An array containing the hash (0) and the generated url (1)
*/
public function writePubliclet(&$data, $accessDriver, $repository)
{
$downloadFolder = ConfService::getCoreConf("PUBLIC_DOWNLOAD_FOLDER");
if (!is_dir($downloadFolder)) {
return "ERROR : Public URL folder does not exist!";
}
if (!function_exists("mcrypt_create_iv")) {
return "ERROR : MCrypt must be installed to use publiclets!";
}
$this->initPublicFolder($downloadFolder);
$data["PLUGIN_ID"] = $accessDriver->getId();
$data["BASE_DIR"] = $accessDriver->getBaseDir();
//$data["REPOSITORY"] = $repository;
if (AuthService::usersEnabled()) {
$data["OWNER_ID"] = AuthService::getLoggedUser()->getId();
}
$storeCreds = false;
if ($repository->getOption("META_SOURCES")) {
$options["META_SOURCES"] = $repository->getOption("META_SOURCES");
foreach ($options["META_SOURCES"] as $metaSource) {
if (isset($metaSource["USE_SESSION_CREDENTIALS"]) && $metaSource["USE_SESSION_CREDENTIALS"] === true) {
$storeCreds = true;
break;
}
}
}
if ($storeCreds || $accessDriver->hasMixin("credentials_consumer")) {
$cred = AJXP_Safe::tryLoadingCredentialsFromSources(array(), $repository);
if (isset($cred["user"]) && isset($cred["password"])) {
$data["SAFE_USER"] = $cred["user"];
$data["SAFE_PASS"] = $cred["password"];
}
}
// Force expanded path in publiclet
$copy = clone $repository;
$copy->addOption("PATH", $repository->getOption("PATH"));
$data["REPOSITORY"] = $copy;
if ($data["ACTION"] == "") {
$data["ACTION"] = "download";
}
// Create a random key
$data["FINAL_KEY"] = md5(mt_rand() . time());
// Cypher the data with a random key
$outputData = serialize($data);
// Hash the data to make sure it wasn't modified
$hash = $this->computeHash($outputData, $downloadFolder);
// md5($outputData);
$outputData = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $hash, $outputData, MCRYPT_MODE_ECB));
$fileData = "<" . "?" . "php \n" . ' require_once("' . str_replace("\\", "/", AJXP_INSTALL_PATH) . '/publicLet.inc.php"); ' . "\n" . ' $id = str_replace(".php", "", basename(__FILE__)); ' . "\n" . ' $cypheredData = base64_decode("' . $outputData . '"); ' . "\n" . ' $inputData = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $id, $cypheredData, MCRYPT_MODE_ECB), "\\0"); ' . "\n" . ' if (!ShareCenter::checkHash($inputData, $id)) { header("HTTP/1.0 401 Not allowed, script was modified"); exit(); } ' . "\n" . ' // Ok extract the data ' . "\n" . ' $data = unserialize($inputData); ShareCenter::loadPubliclet($data); ';
if (@file_put_contents($downloadFolder . "/" . $hash . ".php", $fileData) === FALSE) {
return "Can't write to PUBLIC URL";
}
@chmod($downloadFolder . "/" . $hash . ".php", 0755);
PublicletCounter::reset($hash);
$url = $this->buildPublicletLink($hash);
$this->logInfo("New Share", array("file" => "'" . $copy->display . ":/" . $data['FILE_PATH'] . "'", "url" => $url, "expiration" => $data['EXPIRE_TIME'], "limit" => $data['DOWNLOAD_LIMIT'], "repo_uuid" => $copy->uuid));
AJXP_Controller::applyHook("node.share.create", array('type' => 'file', 'repository' => &$copy, 'accessDriver' => &$accessDriver, 'data' => &$data, 'url' => $url));
return array($hash, $url);
}
/** Cypher the publiclet object data and write to disk.
@param $data The publiclet data array to write
The data array must have the following keys:
- DRIVER The driver used to get the file's content
- OPTIONS The driver options to be successfully constructed (usually, the user and password)
- FILE_PATH The path to the file's content
- PASSWORD If set, the written publiclet will ask for this password before sending the content
- ACTION If set, action to perform
- USER If set, the AJXP user
- EXPIRE_TIME If set, the publiclet will deny downloading after this time, and probably self destruct.
@return the URL to the downloaded file
*/
function writePubliclet($data)
{
if (!defined('PUBLIC_DOWNLOAD_FOLDER') || !is_dir(PUBLIC_DOWNLOAD_FOLDER)) {
return "ERROR : Public URL folder does not exist!";
}
if (!function_exists("mcrypt_create_iv")) {
return "ERROR : MCrypt must be installed to use publiclets!";
}
if ($data["PASSWORD"] && !is_file(PUBLIC_DOWNLOAD_FOLDER . "/allz.css")) {
@copy(INSTALL_PATH . "/" . AJXP_THEME_FOLDER . "/css/allz.css", PUBLIC_DOWNLOAD_FOLDER . "/allz.css");
@copy(INSTALL_PATH . "/" . AJXP_THEME_FOLDER . "/images/actions/22/dialog_ok_apply.png", PUBLIC_DOWNLOAD_FOLDER . "/dialog_ok_apply.png");
@copy(INSTALL_PATH . "/" . AJXP_THEME_FOLDER . "/images/actions/16/public_url.png", PUBLIC_DOWNLOAD_FOLDER . "/public_url.png");
}
if (!is_file(PUBLIC_DOWNLOAD_FOLDER . "/index.html")) {
@copy(INSTALL_PATH . "/server/index.html", PUBLIC_DOWNLOAD_FOLDER . "/index.html");
}
$data["PLUGIN_ID"] = $this->id;
$data["BASE_DIR"] = $this->baseDir;
$data["REPOSITORY"] = $this->repository;
if (AuthService::usersEnabled()) {
$data["OWNER_ID"] = AuthService::getLoggedUser()->getId();
}
// Force expanded path in publiclet
$data["REPOSITORY"]->addOption("PATH", $this->repository->getOption("PATH"));
if ($data["ACTION"] == "") {
$data["ACTION"] = "download";
}
// Create a random key
$data["FINAL_KEY"] = md5(mt_rand() . time());
// Cypher the data with a random key
$outputData = serialize($data);
// Hash the data to make sure it wasn't modified
$hash = md5($outputData);
// The initialisation vector is only required to avoid a warning, as ECB ignore IV
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);
// We have encoded as base64 so if we need to store the result in a database, it can be stored in text column
$outputData = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $hash, $outputData, MCRYPT_MODE_ECB, $iv));
// Okay, write the file:
$fileData = "<" . "?" . "php \n" . ' require_once("' . str_replace("\\", "/", INSTALL_PATH) . '/publicLet.inc.php"); ' . "\n" . ' $id = str_replace(".php", "", basename(__FILE__)); ' . "\n" . ' $cypheredData = base64_decode("' . $outputData . '"); ' . "\n" . ' $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); ' . "\n" . ' $inputData = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $id, $cypheredData, MCRYPT_MODE_ECB, $iv)); ' . "\n" . ' if (md5($inputData) != $id) { header("HTTP/1.0 401 Not allowed, script was modified"); exit(); } ' . "\n" . ' // Ok extract the data ' . "\n" . ' $data = unserialize($inputData); AbstractAccessDriver::loadPubliclet($data); ?' . '>';
if (@file_put_contents(PUBLIC_DOWNLOAD_FOLDER . "/" . $hash . ".php", $fileData) === FALSE) {
return "Can't write to PUBLIC URL";
}
require_once INSTALL_PATH . "/server/classes/class.PublicletCounter.php";
PublicletCounter::reset($hash);
if (defined('PUBLIC_DOWNLOAD_URL') && PUBLIC_DOWNLOAD_URL != "") {
return rtrim(PUBLIC_DOWNLOAD_URL, "/") . "/" . $hash . ".php";
} else {
$http_mode = !empty($_SERVER['HTTPS']) ? 'https://' : 'http://';
$fullUrl = $http_mode . $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']);
return str_replace("\\", "/", $fullUrl . rtrim(str_replace(INSTALL_PATH, "", PUBLIC_DOWNLOAD_FOLDER), "/") . "/" . $hash . ".php");
}
}
public function switchAction($action, $httpVars, $fileVars)
{
parent::accessPreprocess($action, $httpVars, $fileVars);
if (!AuthService::usersEnabled()) {
return;
}
if ($action == "edit") {
if (isset($httpVars["sub_action"])) {
$action = $httpVars["sub_action"];
}
}
$mess = ConfService::getMessages();
switch ($action) {
//------------------------------------
// BASIC LISTING
//------------------------------------
case "ls":
$rootNodes = array("users" => array("LABEL" => $mess["user_dash.1"], "ICON" => "user_shared.png", "ICON-CLASS" => "icon-book", "DESCRIPTION" => $mess["user_dash.30"]), "files" => array("LABEL" => $mess["user_dash.34"], "ICON" => "user_shared.png", "ICON-CLASS" => "mdi mdi-share-variant", "DESCRIPTION" => $mess["user_dash.35"]), "settings" => array("LABEL" => $mess["user_dash.36"], "ICON" => "user_shared.png", "ICON-CLASS" => "icon-cog", "DESCRIPTION" => $mess["user_dash.37"]), "repositories" => array("LABEL" => $mess["user_dash.36"], "ICON" => "user_shared.png", "ICON-CLASS" => "icon-cog", "DESCRIPTION" => $mess["user_dash.37"]), "teams" => array("LABEL" => "Teams", "ICON" => "user_shared.png", "ICON-CLASS" => "icon-group", "DESCRIPTION" => "My Teams"));
$dir = isset($httpVars["dir"]) ? $httpVars["dir"] : "";
$splits = explode("/", $dir);
if (count($splits)) {
if ($splits[0] == "") {
array_shift($splits);
}
if (count($splits)) {
$strippedDir = strtolower(urldecode($splits[0]));
} else {
$strippedDir = "";
}
}
if (array_key_exists($strippedDir, $rootNodes)) {
AJXP_XMLWriter::header();
if ($strippedDir == "users") {
$this->listUsers();
} else {
if ($strippedDir == "teams") {
$this->listTeams();
} else {
if ($strippedDir == "repositories") {
$this->listRepositories();
} else {
if ($strippedDir == "files") {
$this->listSharedFiles("files");
}
}
}
}
AJXP_XMLWriter::close();
} else {
AJXP_XMLWriter::header();
/*
AJXP_XMLWriter::sendFilesListComponentConfig('<columns switchGridMode="filelist"><column messageId="user_dash.8" attributeName="ajxp_label" sortType="String"/><column messageId="user_dash.31" attributeName="description" sortType="String"/></columns>');
foreach ($rootNodes as $key => $data) {
$l = $data["LABEL"];
print '<tree text="'.$l.'" icon="'.$data["ICON"].'" filename="/'.$key.'" parentname="/" description="'.$data["DESCRIPTION"].'" />';
}
*/
AJXP_XMLWriter::close();
}
break;
case "stat":
header("Content-type:application/json");
print '{"mode":true}';
break;
case "delete":
$mime = $httpVars["ajxp_mime"];
$selection = new UserSelection();
$selection->initFromHttpVars($httpVars);
$files = $selection->getFiles();
AJXP_XMLWriter::header();
$minisites = $this->listSharedFiles("minisites");
/**
* @var ShareCenter $shareCenter
*/
$shareCenter = AJXP_PluginsService::findPluginById("action.share");
foreach ($files as $index => $element) {
$element = basename($element);
$ar = explode("shared_", $mime);
$mime = array_pop($ar);
if ($mime == "repository" && isset($minisites[$element])) {
$mime = "minisite";
$element = $minisites[$element];
}
$shareCenter->getShareStore()->deleteShare($mime, $element);
if ($mime == "repository" || $mime == "minisite") {
$out = $mess["ajxp_conf.59"];
} else {
if ($mime == "user") {
$out = $mess["ajxp_conf.60"];
} else {
if ($mime == "file") {
$out = $mess["user_dash.13"];
}
}
}
}
AJXP_XMLWriter::sendMessage($out, null);
AJXP_XMLWriter::reloadDataNode();
AJXP_XMLWriter::close();
break;
case "clear_expired":
/**
* @var ShareCenter $shareCenter
*/
$shareCenter = AJXP_PluginsService::getInstance()->findPluginById("action.share");
$deleted = $shareCenter->getShareStore()->clearExpiredFiles(true);
AJXP_XMLWriter::header();
if (count($deleted)) {
AJXP_XMLWriter::sendMessage(sprintf($mess["user_dash.23"], count($deleted) . ""), null);
AJXP_XMLWriter::reloadDataNode();
} else {
AJXP_XMLWriter::sendMessage($mess["user_dash.24"], null);
}
AJXP_XMLWriter::close();
break;
case "reset_download_counter":
$selection = new UserSelection();
$selection->initFromHttpVars($httpVars);
$elements = $selection->getFiles();
foreach ($elements as $element) {
PublicletCounter::reset(str_replace(".php", "", basename($element)));
}
AJXP_XMLWriter::header();
AJXP_XMLWriter::reloadDataNode();
AJXP_XMLWriter::close();
break;
default:
break;
}
return;
}
public function resetDownloadCounter($hash, $userId)
{
$data = $this->loadShare($hash);
// TODO We must check that the user has the right to do that!
PublicletCounter::reset($hash);
}
/** Cypher the publiclet object data and write to disk.
* @param Array $data The publiclet data array to write
The data array must have the following keys:
- DRIVER The driver used to get the file's content
- OPTIONS The driver options to be successfully constructed (usually, the user and password)
- FILE_PATH The path to the file's content
- PASSWORD If set, the written publiclet will ask for this password before sending the content
- ACTION If set, action to perform
- USER If set, the AJXP user
- EXPIRE_TIME If set, the publiclet will deny downloading after this time, and probably self destruct.
* @param AbstractAccessDriver $accessDriver
* @param Repository $repository
* @return the URL to the downloaded file
*/
function writePubliclet($data, $accessDriver, $repository)
{
$downloadFolder = ConfService::getCoreConf("PUBLIC_DOWNLOAD_FOLDER");
if (!is_dir($downloadFolder)) {
return "ERROR : Public URL folder does not exist!";
}
if (!function_exists("mcrypt_create_iv")) {
return "ERROR : MCrypt must be installed to use publiclets!";
}
$this->initPublicFolder($downloadFolder);
$data["PLUGIN_ID"] = $accessDriver->getId();
$data["BASE_DIR"] = $accessDriver->getBaseDir();
$data["REPOSITORY"] = $repository;
if (AuthService::usersEnabled()) {
$data["OWNER_ID"] = AuthService::getLoggedUser()->getId();
}
if ($accessDriver->hasMixin("credentials_consumer")) {
$cred = AJXP_Safe::tryLoadingCredentialsFromSources(array(), $repository);
if (isset($cred["user"]) && isset($cred["password"])) {
$data["SAFE_USER"] = $cred["user"];
$data["SAFE_PASS"] = $cred["password"];
}
}
// Force expanded path in publiclet
$data["REPOSITORY"]->addOption("PATH", $repository->getOption("PATH"));
if ($data["ACTION"] == "") {
$data["ACTION"] = "download";
}
// Create a random key
$data["FINAL_KEY"] = md5(mt_rand() . time());
// Cypher the data with a random key
$outputData = serialize($data);
// Hash the data to make sure it wasn't modified
$hash = md5($outputData);
// The initialisation vector is only required to avoid a warning, as ECB ignore IV
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);
// We have encoded as base64 so if we need to store the result in a database, it can be stored in text column
$outputData = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $hash, $outputData, MCRYPT_MODE_ECB, $iv));
// Okay, write the file:
$fileData = "<" . "?" . "php \n" . ' require_once("' . str_replace("\\", "/", AJXP_INSTALL_PATH) . '/publicLet.inc.php"); ' . "\n" . ' $id = str_replace(".php", "", basename(__FILE__)); ' . "\n" . ' $cypheredData = base64_decode("' . $outputData . '"); ' . "\n" . ' $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); ' . "\n" . ' $inputData = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $id, $cypheredData, MCRYPT_MODE_ECB, $iv), "\\0"); ' . "\n" . ' if (md5($inputData) != $id) { header("HTTP/1.0 401 Not allowed, script was modified"); exit(); } ' . "\n" . ' // Ok extract the data ' . "\n" . ' $data = unserialize($inputData); ShareCenter::loadPubliclet($data); ?' . '>';
if (@file_put_contents($downloadFolder . "/" . $hash . ".php", $fileData) === FALSE) {
return "Can't write to PUBLIC URL";
}
@chmod($downloadFolder . "/" . $hash . ".php", 0755);
PublicletCounter::reset($hash);
return $this->buildPublicletLink($hash);
}
