Ticket #9: bearfile.php

File bearfile.php, 4.0 KB (added by Laurent Haond, 10 years ago)
Line 
1<?php
2/*
3 * bearfile - Simple web-based file uploader->notifier->downloader
4 * Copyright (C) 2008 Bearstech - http://bearstech.com/
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
19 */
20function bearfile($conf) {
21  $bfh = $conf;
22  $bfh['upload_max'] = bearfile_upload_max($conf);
23
24 
25  $u = $_FILES['u'];
26  if (isset($u))
27    return bearfile_upload($bfh, $u);
28
29  $f = $_REQUEST['f'];
30  $h = $_REQUEST['h'];
31  if (isset($f))
32    return bearfile_download($bfh, $f, $h);
33
34  return $bfh;
35}
36
37function bearfile_hash($bfh, $filename) {
38  $src  = "{$bfh['secret']} / $filename";
39  $hash = substr(md5($src), 0, 8);
40  return $hash;
41}
42
43function bearfile_cleanup($bfh, $filename) {
44  return preg_replace('/[^0-9a-z.\-]+/i', '_', strtolower($filename));
45}
46
47function bearfile_upload_max($bfh) {
48  $post_max = ini_get('post_max_size');       if (substr($post_max, -1) == 'M') $post_max *= 1024*1024;
49  $file_max = ini_get('upload_max_filesize'); if (substr($file_max, -1) == 'M') $file_max *= 1024*1024;
50  $disk_max = disk_free_space($bfh['store']);
51  $max = min($disk_max, min($post_max, $file_max));
52
53  return sprintf('%.1f', $max / (1024*1024));
54}
55
56function bearfile_upload($bfh, $up) {
57  $email = $_REQUEST['e'];
58  if ($bfh['maildom'] != '')
59    $email .= "@".$bfh['maildom'];
60  if (!isset($email) || !preg_match('/^[a-z0-9.\-+]+@[a-z0-9.\-+]+$/i', $email)) {
61    $bfh['error'] = 'Invalid or missing email address.';
62    return $bfh;
63  }
64
65  $name  = bearfile_cleanup($bfh, $up['name']);
66
67  $folder = $bfh['store'];
68  if (!file_exists($folder) && !mkdir($folder)) {
69    $bfh['error'] = 'Could not access storage, please contact your technical support.';
70    return $bfh;
71  }
72
73  list($name,$target) = bearfile_exist($folder,$name);
74
75  if ((!move_uploaded_file($up['tmp_name'], $target))) {
76    $bfh['error'] = 'Could not write file, please contact your technical support.';
77    return $bfh;
78  }
79  chmod($target, 0660);
80
81  $my   = "http".($_SERVER['HTTPS'] == 'on' ? 's' : '')."://".$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME']);
82  $my   = preg_replace('/\/$/', '', $my);
83  $hash = bearfile_hash($bfh, $name);
84  $msg  = <<<EOF
85You, or someone on your behalf, has uploaded a new file named '$name'.
86
87You can share this file by giving this link:
88
89  $my/$hash/$name
90
91EOF;
92  mail(
93    $email,
94    "File upload links ($name)",
95    $msg
96  );
97
98  $bfh['status'] = "Your file as been uploaded as <b>'$name'</b>.<br/>".
99                   "An email has been sent to <b>$email</b> with the relevant links.";
100  return $bfh;
101}
102
103function bearfile_download($bfh, $f, $h) {
104  $name = bearfile_cleanup($bfh, $f);
105  $hash = $h;
106
107  if (bearfile_hash($bfh, $name) != $hash) {
108    $bfh['error'] = "Unknown or invalid link.";
109    return $bfh;
110  }
111
112  $fh = fopen("{$bfh['store']}/$name", "r");
113  if (!$fh) {
114    $bfh['error'] = "Could not read from storage, please contact your technical support.";
115    return $bfh;
116  }
117
118  header('Content-Type: binary/octet-stream');
119  fpassthru($fh);
120  fclose($fh);
121  exit(0);
122}
123
124function bearfile_exist($folder,$name) {
125  $tmp_name = $name;
126  $i=2;
127  while(file_exists("$folder/$tmp_name")) {
128    if(strpos($name,'.')!==FALSE) {
129      preg_match('/^(.*)(\.[^\.]+)$/',$name,$match);
130      $tmp_name = $match[1].'-'.$i++.$match[2];
131    } else {
132      $tmp_name = $name.'-'.$i++;
133    }
134  }
135  $name = $tmp_name;
136  $target = "$folder/$name";
137  return array($name,$target);
138}
139
140?>