diff options
Diffstat (limited to 'application/models')
-rw-r--r-- | application/models/file_mod.php | 419 | ||||
-rw-r--r-- | application/models/index.html | 10 |
2 files changed, 429 insertions, 0 deletions
diff --git a/application/models/file_mod.php b/application/models/file_mod.php new file mode 100644 index 000000000..c85bfe56d --- /dev/null +++ b/application/models/file_mod.php @@ -0,0 +1,419 @@ +<?php +/* + * Copyright 2009-2010 Florian "Bluewind" Pritz <bluewind@server-speed.net> + * + * Licensed under GPLv3 + * (see COPYING for full license text) + * + */ + +class File_mod extends CI_Model { + + function __construct() + { + parent::__construct(); + } + + // Returns an unused ID + // TODO: make threadsafe + function new_id() + { + $id = $this->random_id(3,6); + + if ($this->id_exists($id) || $id == 'file') { + return $this->new_id(); + } else { + return $id; + } + } + + function id_exists($id) + { + if(!$id) { + return false; + } + + $sql = ' + SELECT id + FROM `files` + WHERE `id` = ? + LIMIT 1'; + $query = $this->db->query($sql, array($id)); + + if ($query->num_rows() == 1) { + return true; + } else { + return false; + } + } + + function get_filedata($id) + { + $sql = ' + SELECT hash, filename, mimetype, date + FROM `files` + WHERE `id` = ? + LIMIT 1'; + $query = $this->db->query($sql, array($id)); + + if ($query->num_rows() == 1) { + $return = $query->result_array(); + return $return[0]; + } else { + return false; + } + } + + // return the folder in which the file with $hash is stored + function folder($hash) { + return $this->config->item('upload_path').'/'.substr($hash, 0, 3); + } + + // Returns the full path to the file with $hash + function file($hash) { + return $this->folder($hash).'/'.$hash; + } + + function hash_password($password) + { + return sha1($this->config->item('passwordsalt').$password); + } + + // Returns the password submitted by the user + function get_password() + { + $password = $this->input->post('password'); + if ($password !== false && $password !== "") { + return $this->hash_password($password); + } elseif (isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] !== '') { + return $this->hash_password($_SERVER['PHP_AUTH_PW']); + } + return 'NULL'; + } + + // Add a hash to the DB + // TODO: Should only update not insert; see new_id() + function add_file($hash, $id, $filename) + { + $mimetype = exec(FCPATH.'scripts/mimetype -b --orig-name '.escapeshellarg($filename).' '.escapeshellarg($this->file($hash))); + $query = $this->db->query(' + INSERT INTO `files` (`hash`, `id`, `filename`, `password`, `date`, `mimetype`) + VALUES (?, ?, ?, ?, ?, ?)', + array($hash, $id, $filename, $this->get_password(), time(), $mimetype)); + } + + function show_url($id, $mode) + { + $data = array(); + $redirect = false; + + if ($mode) { + $data['url'] = site_url($id).'/'.$mode; + } else { + $data['url'] = site_url($id).'/'; + + $filedata = $this->get_filedata($id); + $file = $this->file($filedata['hash']); + $type = $filedata['mimetype'] ? $filedata['mimetype'] : exec(FCPATH.'scripts/mimetype -b --orig-name '.escapeshellarg($filedata['filename']).' '.escapeshellarg($file)); + $mode = $this->mime2extension($type); + $mode = $this->filename2extension($filedata['filename']) ? $this->filename2extension($filedata['filename']) : $mode; + + // If we detected a highlightable file redirect, + // otherwise show the URL because browsers would just show a DL dialog + if ($mode) { + $redirect = true; + } + } + + if ($this->var->cli_client) { + echo $data['url']."\n"; + } else { + if ($redirect) { + redirect($data['url']); + } else { + $this->load->view('file/header', $data); + $this->load->view('file/show_url', $data); + $this->load->view('file/footer', $data); + } + } + } + + function non_existent() + { + $data["title"] = "Not Found"; + $this->output->set_status_header(404); + $this->load->view('file/header', $data); + $this->load->view('file/non_existent', $data); + $this->load->view('file/footer', $data); + } + + // download a given ID + // TODO: make smaller + function download() + { + $data = array(); + $id = $this->uri->segment(1); + $mode = $this->uri->segment(2); + + $filedata = $this->get_filedata($id); + $file = $this->file($filedata['hash']); + + if (file_exists($file)) { + $oldest_time = (time()-$this->config->item('upload_max_age')); + if (filesize($file) > $this->config->item("small_upload_size") && $filedata["date"] < $oldest_time) { + if (filemtime($file) < $oldest_time) { + unlink($file); + $this->db->query('DELETE FROM files WHERE hash = ?', array($filedata['hash'])); + } else { + $this->db->query('DELETE FROM files WHERE id = ? LIMIT 1', array($id)); + } + $this->non_existent(); + return; + } + // MODIFIED SINCE SUPPORT -- START + // helps to keep traffic low when reloading an image + $filedate = filectime($file); + $etag = strtolower(md5_file($file)); + $modified = true; + + // No need to check because different files have different IDs/hashes + if(isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) { + $modified = false; + } + + if(isset($_SERVER['HTTP_IF_NONE_MATCH'])) { + $oldtag = trim(strtolower($_SERVER['HTTP_IF_NONE_MATCH']), '"'); + if($oldtag == $etag) { + $modified = false; + } else { + $modified = true; + } + } + // MODIFIED SINCE SUPPORT -- END + + if (!$modified) { + header("HTTP/1.1 304 Not Modified"); + header('Etag: "'.$etag.'"'); + } else { + $type = $filedata['mimetype'] ? $filedata['mimetype'] : exec(FCPATH.'scripts/mimetype -b --orig-name '.escapeshellarg($filedata['filename']).' '.escapeshellarg($file)); + + // /$mode at the end of the URL overwrites autodetection + if (!$mode && substr_count(ltrim($this->uri->uri_string(), "/"), '/') >= 1) { + $mode = $this->mime2extension($type); + $mode = $this->filename2extension($filedata['filename']) ? $this->filename2extension($filedata['filename']) : $mode; + } + $mode = $this->extension_aliases($mode); + + // TODO: cleanup conditions + if ($mode && $mode != 'plain' && $mode != 'qr' + && $this->mime2extension($type) + && filesize($file) <= $this->config->item('upload_max_text_size') + ) { + $data['title'] = $filedata['filename']; + $data['raw_link'] = site_url($id); + $data['new_link'] = site_url(); + $data['plain_link'] = site_url($id.'/plain'); + $data['auto_link'] = site_url($id).'/'; + $data['rmd_link'] = site_url($id.'/rmd'); + $data['delete_link'] = site_url("file/delete/".$id); + + header("Content-Type: text/html\n"); + if ($mode) { + $data['current_highlight'] = $mode; + } else { + $data['current_highlight'] = $this->mime2extension($type); + } + if (filesize($file) > $this->config->item("small_upload_size")) { + $data['timeout'] = date("r", $filedata["date"]+$this->config->item("upload_max_age")); + } else { + $data['timeout'] = "never"; + } + echo $this->load->view('file/html_header', $data, true); + $this->load->library("MemcacheLibrary"); + if (! $cached = $this->memcachelibrary->get($filedata['hash'].'_'.$mode)) { + ob_start(); + if ($mode == "rmd") { + echo '<td class="markdownrender">'."\n"; + passthru('/usr/bin/perl /usr/bin/perlbin/vendor/Markdown.pl '.escapeshellarg($file)); + } else { + echo '<td class="numbers"><pre>'; + // generate line numbers (links) + passthru('/usr/bin/perl -ne \'print "<a href=\"#n$.\" class=\"no\" id=\"n$.\">$.</a>\n"\' '.escapeshellarg($file)); + echo '</pre></td><td class="code">'."\n"; + $this->load->library('geshi'); + $this->geshi->initialize(array('set_language' => $mode, 'set_source' => file_get_contents($file), 'enable_classes' => 'true')); + echo $this->geshi->output(); + } + $cached = ob_get_contents(); + ob_end_clean(); + $this->memcachelibrary->set($filedata['hash'].'_'.$mode, $cached, 100); + } + echo $cached; + echo $this->load->view('file/html_footer', $data, true); + } else { + if ($mode == 'plain') { + header("Content-Type: text/plain\n"); + } elseif ($mode == "qr") { + header("Content-disposition: inline; filename=\"".$id."_qr.png\"\n"); + header("Content-Type: image/png\n"); + passthru('/usr/bin/qrencode -s 10 -o - '.escapeshellarg(site_url($id).'/')); + exit(); + } else { + header("Content-Type: ".$type."\n"); + } + header("Content-disposition: inline; filename=\"".$filedata['filename']."\"\n"); + header("Content-Length: ".filesize($file)."\n"); + header("Last-Modified: ".date('D, d M Y H:i:s', $filedate)." GMT"); + header('Etag: "'.$etag.'"'); + $fp = fopen($file,"r"); + while (!feof($fp)) { + echo fread($fp,4096); + } + fclose($fp); + } + } + exit(); + } else { + if (isset($filedata["hash"])) { + $this->db->query('DELETE FROM files WHERE hash = ?', array($filedata['hash'])); + } + $this->non_existent(); + } + } + + private function unused_file($hash) + { + $sql = ' + SELECT id + FROM `files` + WHERE `hash` = ? + LIMIT 1'; + $query = $this->db->query($sql, array($hash)); + + if ($query->num_rows() == 0) { + return true; + } else { + return false; + } + } + + function delete_id($id) + { + $filedata = $this->get_filedata($id); + $password = $this->get_password(); + + if ($password == "NULL") { + return false; + } + + if(!$this->id_exists($id)) { + return false; + } + + $sql = ' + DELETE + FROM `files` + WHERE `id` = ? + AND password = ? + LIMIT 1'; + $this->db->query($sql, array($id, $password)); + + if($this->id_exists($id)) { + return false; + } + + if($this->unused_file($filedata['hash'])) { + unlink($this->file($filedata['hash'])); + @rmdir($this->folder($filedata['hash'])); + } + return true; + } + + // Generate a random ID + private function random_id($min_length, $max_length) + { + $random = ''; + $char_list = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; + $char_list .= "abcdefghijklmnopqrstuvwxyz"; + $char_list .= "1234567890"; + $length = rand()%($max_length-$min_length) + $min_length; + + for($i = 0; $i < $max_length; $i++) { + if (strlen($random) == $length) break; + $random .= substr($char_list,(rand()%(strlen($char_list))), 1); + } + return $random; + } + + // Map MIME types to extensions needed for highlighting + function mime2extension($type) + { + $typearray = array( + 'text/plain' => 'text', + 'text/x-python' => 'python', + 'text/x-csrc' => 'c', + 'text/x-chdr' => 'c', + 'text/x-c++hdr' => 'c', + 'text/x-c++src' => 'cpp', + 'text/x-patch' => 'diff', + 'text/x-lua' => 'lua', + 'text/x-java' => 'java', + 'text/x-haskell' => 'haskell', + 'text/x-literate-haskell' => 'haskell', + 'text/x-subviewer' => 'bash', + 'text/x-makefile' => 'make', + #'text/x-log' => 'log', + 'text/html' => 'xml', + 'text/css' => 'css', + 'message/rfc822' => 'email', + #'image/svg+xml' => 'xml', + 'application/x-perl' => 'perl', + 'application/xml' => 'xml', + 'application/javascript' => 'javascript', + 'application/x-desktop' => 'text', + 'application/x-m4' => 'text', + 'application/x-awk' => 'text', + 'application/x-java' => 'java', + 'application/x-php' => 'php', + 'application/x-ruby' => 'ruby', + 'application/x-shellscript' => 'bash', + 'application/x-x509-ca-cert' => 'text', + 'application/mbox' => 'email', + 'application/x-genesis-rom' => 'text', + 'application/x-applix-spreadsheet' => 'actionscript' + ); + if (array_key_exists($type, $typearray)) return $typearray[$type]; + + if (strpos($type, 'text/') === 0) return 'text'; + + # default + return false; + } + + // Map special filenames to extensions + function filename2extension($name) + { + $namearray = array( + 'PKGBUILD' => 'bash', + '.vimrc' => 'vim' + ); + if (array_key_exists($name, $namearray)) return $namearray[$name]; + + return false; + } + + // Handle alias extensions + function extension_aliases($alias) + { + if ($alias === false) return false; + $aliasarray = array( + 'py' => 'python' + ); + if (array_key_exists($alias, $aliasarray)) return $aliasarray[$alias]; + + return $alias; + } + +} + +# vim: set noet: diff --git a/application/models/index.html b/application/models/index.html new file mode 100644 index 000000000..c942a79ce --- /dev/null +++ b/application/models/index.html @@ -0,0 +1,10 @@ +<html> +<head> + <title>403 Forbidden</title> +</head> +<body> + +<p>Directory access is forbidden.</p> + +</body> +</html>
\ No newline at end of file |