jappixmini: include jappix source

2025-07-09 18:08:49 +00:00 · 2012-04-18 01:12:24 +02:00 · 2012-04-18 01:12:24 +02:00 · 302b2820d1
commit 302b2820d1
parent 61eb1f0d18
231 changed files with 96082 additions and 2 deletions
--- a/jappixmini/jappix/php/send.php
+++ b/jappixmini/jappix/php/send.php
@ -0,0 +1,130 @@
+<?php
+
+/*
+
+Jappix - An open social platform
+This is the Jappix Out of Band file send script
+
+-------------------------------------------------
+
+License: AGPL
+Author: Vanaryon
+Last revision: 14/01/12
+
+*/
+
+// PHP base
+define('JAPPIX_BASE', '..');
+
+// Get the needed files
+require_once('./functions.php');
+require_once('./read-main.php');
+require_once('./read-hosts.php');
+
+// Optimize the page rendering
+hideErrors();
+compressThis();
+
+// Not allowed for a special node
+if(isStatic())
+	exit;
+
+// Action on an existing file
+if(isset($_GET['id']) && !empty($_GET['id'])) {
+	$file_id = $_GET['id'];
+	$file_path = JAPPIX_BASE.'/store/send/'.$file_id;
+	
+	// Get file name
+	if(isset($_GET['name']) && !empty($_GET['name']))
+		$file_name = $_GET['name'];
+	else
+		$file_name = $file_id;
+	
+	// Hack?
+	if(!isSafe($file_id)) {
+		header('Status: 406 Not Acceptable', true, 406);
+		exit('HTTP/1.1 406 Not Acceptable');
+	}
+	
+	// File does not exist
+	if(!file_exists($file_path)) {
+		header('Status: 404 Not Found', true, 404);
+		exit('HTTP/1.1 404 Not Found');
+	}
+	
+	// Remove a file
+	if(isset($_GET['action']) && ($_GET['action'] == 'remove')) {
+		header('Status: 204 No Content', true, 204);
+		unlink($file_path);
+	}
+	
+	// Receive a file
+	header("Content-disposition: attachment; filename=\"$file_name\"");
+	header("Content-Type: application/force-download");
+	header("Content-Length: ".filesize($file_path));
+	header("Pragma: no-cache");
+	header("Cache-Control: must-revalidate, post-check=0, pre-check=0, public");
+	header("Expires: 0");
+	readfile($file_path);
+	unlink($file_path);
+}
+
+// Send a file
+else if((isset($_FILES['file']) && !empty($_FILES['file'])) && (isset($_POST['id']) && !empty($_POST['id'])) && (isset($_POST['location']) && !empty($_POST['location']))) {
+	header('Content-Type: text/xml; charset=utf-8');
+	
+	// Get the file name
+	$tmp_filename = $_FILES['file']['tmp_name'];
+	$filename = $_FILES['file']['name'];
+	
+	// Get the location
+	if(HOST_UPLOAD)
+		$location = HOST_UPLOAD;
+	else
+		$location = $_POST['location'];
+	
+	// Get the file new name
+	$ext = getFileExt($filename);
+	$new_name = preg_replace('/(^)(.+)(\.)(.+)($)/i', '$2', $filename);
+	
+	// Define some vars
+	$name = sha1(time().$filename);
+	$path = JAPPIX_BASE.'/store/send/'.$name.'.'.$ext;
+	
+	// Forbidden file?
+	if(!isSafe($filename) || !isSafe($name.'.'.$ext)) {
+		exit(
+'<jappix xmlns=\'jappix:file:send\'>
+	<error>forbidden-type</error>
+	<id>'.htmlspecialchars($_POST['id']).'</id>
+</jappix>'
+		);
+	}
+	
+	// File upload error?
+	if(!is_uploaded_file($tmp_filename) || !move_uploaded_file($tmp_filename, $path)) {
+		exit(
+'<jappix xmlns=\'jappix:file:send\'>
+	<error>move-error</error>
+	<id>'.htmlspecialchars($_POST['id']).'</id>
+</jappix>'
+		);
+	}
+	
+	// Return the path to the file
+	exit(
+'<jappix xmlns=\'jappix:file:send\'>
+	<url>'.htmlspecialchars($location.'php/send.php?id='.urlencode($name).'.'.urlencode($ext).'&name='.urlencode($filename)).'</url>
+	<desc>'.htmlspecialchars($new_name).'</desc>
+	<id>'.htmlspecialchars($_POST['id']).'</id>
+</jappix>'
+	);
+}
+
+// Error?
+else {
+	header('Status: 400 Bad Request', true, 400);
+	exit('HTTP/1.1 400 Bad Request');
+}
+
+?>