summaryrefslogtreecommitdiffstats
path: root/application
diff options
context:
space:
mode:
Diffstat (limited to 'application')
-rw-r--r--application/config/.gitignore3
-rw-r--r--application/config/autoload.php4
-rw-r--r--application/config/config.php66
-rw-r--r--application/config/constants.php2
-rw-r--r--application/config/example/.gitignore1
-rw-r--r--application/config/example/config-local.php13
-rw-r--r--application/config/example/database.php (renamed from application/config/database.php)18
-rw-r--r--application/config/example/index.html10
-rw-r--r--application/config/example/memcached.php17
-rw-r--r--application/config/migration.php6
-rw-r--r--application/config/routes.php5
-rw-r--r--application/controllers/file.php891
-rw-r--r--application/controllers/user.php504
-rw-r--r--application/controllers/welcome.php27
-rw-r--r--application/core/MY_Controller.php103
-rw-r--r--application/errors/error_general.php44
-rw-r--r--application/errors/error_php.php3
-rw-r--r--application/helpers/filebin_helper.php374
-rw-r--r--application/libraries/Duser/Duser.php112
-rw-r--r--application/libraries/Duser/drivers/Duser_db.php83
-rw-r--r--application/libraries/Duser/drivers/Duser_fluxbb.php53
-rw-r--r--application/libraries/Duser/drivers/Duser_ldap.php68
-rw-r--r--application/libraries/MY_Session.php38
-rw-r--r--application/migrations/001_add_files.php27
-rw-r--r--application/migrations/002_add_users.php46
-rw-r--r--application/migrations/003_add_referrers.php33
-rw-r--r--application/migrations/004_add_filesize.php22
-rw-r--r--application/migrations/005_drop_file_password.php21
-rw-r--r--application/migrations/006_add_username_index.php21
-rw-r--r--application/migrations/007_repurpose_invitations.php37
-rw-r--r--application/migrations/008_add_profiles.php31
-rw-r--r--application/migrations/009_add_apikeys.php24
-rw-r--r--application/migrations/010_files_innodb.php16
-rw-r--r--application/models/mfile.php510
-rw-r--r--application/models/muser.php283
-rw-r--r--application/third_party/PasswordHash.php253
-rw-r--r--application/views/contact.php1
-rw-r--r--application/views/file/client.php48
-rw-r--r--application/views/file/deleted.php11
-rw-r--r--application/views/file/file_info.php30
-rw-r--r--application/views/file/html_footer.php6
-rw-r--r--application/views/file/html_header.php94
-rw-r--r--application/views/file/nav_history.php18
-rw-r--r--application/views/file/non_existent.php3
-rw-r--r--application/views/file/show_url.php8
-rw-r--r--application/views/file/upload_form.php82
-rw-r--r--application/views/file/upload_history.php31
-rw-r--r--application/views/file/upload_history_thumbnails.php28
-rw-r--r--application/views/file_plaintext/client.php12
-rw-r--r--application/views/file_plaintext/deleted.php8
-rw-r--r--application/views/file_plaintext/footer.php0
-rw-r--r--application/views/file_plaintext/header.php0
-rw-r--r--application/views/file_plaintext/html_footer.php1
-rw-r--r--application/views/file_plaintext/html_header.php1
-rw-r--r--application/views/file_plaintext/non_existent.php1
-rw-r--r--application/views/file_plaintext/show_url.php3
-rw-r--r--application/views/file_plaintext/upload_form.php19
-rw-r--r--application/views/file_plaintext/upload_history.php21
-rw-r--r--application/views/footer.php26
-rw-r--r--application/views/header.php97
-rw-r--r--application/views/user/apikeys.php36
-rw-r--r--application/views/user/hash_password.php33
-rw-r--r--application/views/user/index.php3
-rw-r--r--application/views/user/invite.php37
-rw-r--r--application/views/user/login.php26
-rw-r--r--application/views/user/nav.php11
-rw-r--r--application/views/user/profile.php32
-rw-r--r--application/views/user/register.php41
-rw-r--r--application/views/user/registered.php3
-rw-r--r--application/views/user/reset_password_form.php27
-rw-r--r--application/views/user/reset_password_link_sent.php3
-rw-r--r--application/views/user/reset_password_success.php3
-rw-r--r--application/views/user/reset_password_username_form.php15
-rw-r--r--application/views/welcome_message.php88
74 files changed, 4542 insertions, 134 deletions
diff --git a/application/config/.gitignore b/application/config/.gitignore
new file mode 100644
index 000000000..45e1c5158
--- /dev/null
+++ b/application/config/.gitignore
@@ -0,0 +1,3 @@
+config-local.php
+database.php
+memcached.php
diff --git a/application/config/autoload.php b/application/config/autoload.php
index 53129c9c6..a471f3ab2 100644
--- a/application/config/autoload.php
+++ b/application/config/autoload.php
@@ -52,7 +52,7 @@ $autoload['packages'] = array();
| $autoload['libraries'] = array('database', 'session', 'xmlrpc');
*/
-$autoload['libraries'] = array();
+$autoload['libraries'] = array('database');
/*
@@ -64,7 +64,7 @@ $autoload['libraries'] = array();
| $autoload['helper'] = array('url', 'file');
*/
-$autoload['helper'] = array();
+$autoload['helper'] = array('url');
/*
diff --git a/application/config/config.php b/application/config/config.php
index 1ec65435e..5d6ea5d1f 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -248,7 +248,7 @@ $config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = FALSE;
-$config['sess_use_database'] = FALSE;
+$config['sess_use_database'] = true;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
@@ -293,7 +293,7 @@ $config['global_xss_filtering'] = FALSE;
| 'csrf_cookie_name' = The cookie name
| 'csrf_expire' = The number in seconds the token should expire.
*/
-$config['csrf_protection'] = FALSE;
+$config['csrf_protection'] = FALSE; // our controller enables this later
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
@@ -357,6 +357,68 @@ $config['rewrite_short_tags'] = FALSE;
*/
$config['proxy_ips'] = '';
+/*
+|--------------------------------------------------------------------------
+| Filebin
+|-------------------------------------------------------------------------
+|
+| upload_path should NOT be readable/served by the server, but only by
+| the script
+| sizes are in bytes
+| max_age in seconds
+|
+ */
+
+$config['upload_path'] = FCPATH.'data/uploads';
+$config['upload_max_size'] = 256*1024*1024;
+$config['upload_max_text_size'] = 2*1024*1024;
+
+// 0 disables deletion
+$config['upload_max_age'] = 60*60*24*5; // 5 days
+$config['actions_max_age'] = 60*60*24*5; // 5 days
+
+// won't be deleted
+$config['small_upload_size'] = 1024*10; // 10KB
+
+// possible values:
+// - apc: needs the apc module and is only useful on long running php processes
+// - file: you will have to clean up the cache directory yourself (application/cache/)
+// - memcached: config in application/config/memcached.php; you need the memcached module (with the D)
+// - dummy: disables caching
+$config['cache_backend'] = "dummy";
+
+// for possible drivers look into ./application/libraries/Duser/drivers/
+$config['authentication_driver'] = 'db';
+
+// This is only used it the driver is set to ldap
+if (extension_loaded("ldap")) {
+ $config['auth_ldap'] = array(
+ "host" => 'ldaps://ldap.example.com',
+ "port" => 636,
+ "basedn" => "dc=example,dc=com",
+ "scope" => "one", // possible values: base, one, subtree
+ "options" => array(
+ // key/values pairs for ldap_set_option
+ // http://php.net/manual/en/function.ldap-set-option.php
+ LDAP_OPT_PROTOCOL_VERSION => 3
+ ),
+ // Please note that php-ldap converts attributes to lowercase
+ "userid_field" => "uidnumber", // This has to be a unique integer
+ "username_field" => "uid" // This is the value the user supplies on the login form
+ );
+}
+
+// This is only used it the driver is set to fluxbb
+$config['auth_fluxbb'] = array(
+ 'database' => 'fluxbb'
+);
+
+// possible values: production, development
+$config['environment'] = "production";
+
+if (file_exists(FCPATH.'application/config/config-local.php')) {
+ include FCPATH.'application/config/config-local.php';
+}
/* End of file config.php */
/* Location: ./application/config/config.php */
diff --git a/application/config/constants.php b/application/config/constants.php
index 4a879d360..1185dbca0 100644
--- a/application/config/constants.php
+++ b/application/config/constants.php
@@ -1,5 +1,7 @@
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+putenv('HOME='.FCPATH);
+
/*
|--------------------------------------------------------------------------
| File and Directory Modes
diff --git a/application/config/example/.gitignore b/application/config/example/.gitignore
new file mode 100644
index 000000000..f9be8dfe0
--- /dev/null
+++ b/application/config/example/.gitignore
@@ -0,0 +1 @@
+!*
diff --git a/application/config/example/config-local.php b/application/config/example/config-local.php
new file mode 100644
index 000000000..d092d4206
--- /dev/null
+++ b/application/config/example/config-local.php
@@ -0,0 +1,13 @@
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+
+/*
+ * Use this file to override any settings from config.php
+ */
+
+// set this to a 32char random string
+$config['encryption_key'] = '';
+
+// shouldn't be served by the webserver
+$config['upload_path'] = FCPATH.'data/uploads';
+
+$config['contact_me_url'] = '';
diff --git a/application/config/database.php b/application/config/example/database.php
index b4b34bf66..51b666b38 100644
--- a/application/config/database.php
+++ b/application/config/example/database.php
@@ -48,18 +48,18 @@
$active_group = 'default';
$active_record = TRUE;
-$db['default']['hostname'] = 'localhost';
-$db['default']['username'] = '';
-$db['default']['password'] = '';
-$db['default']['database'] = '';
-$db['default']['dbdriver'] = 'mysql';
-$db['default']['dbprefix'] = '';
+$db['default']['hostname'] = "localhost";
+$db['default']['username'] = "";
+$db['default']['password'] = "";
+$db['default']['database'] = "";
+$db['default']['dbdriver'] = "mysqli";
+$db['default']['dbprefix'] = "";
$db['default']['pconnect'] = TRUE;
$db['default']['db_debug'] = TRUE;
$db['default']['cache_on'] = FALSE;
-$db['default']['cachedir'] = '';
-$db['default']['char_set'] = 'utf8';
-$db['default']['dbcollat'] = 'utf8_general_ci';
+$db['default']['cachedir'] = "";
+$db['default']['char_set'] = "utf8";
+$db['default']['dbcollat'] = "utf8_bin";
$db['default']['swap_pre'] = '';
$db['default']['autoinit'] = TRUE;
$db['default']['stricton'] = FALSE;
diff --git a/application/config/example/index.html b/application/config/example/index.html
new file mode 100644
index 000000000..c942a79ce
--- /dev/null
+++ b/application/config/example/index.html
@@ -0,0 +1,10 @@
+<html>
+<head>
+ <title>403 Forbidden</title>
+</head>
+<body>
+
+<p>Directory access is forbidden.</p>
+
+</body>
+</html> \ No newline at end of file
diff --git a/application/config/example/memcached.php b/application/config/example/memcached.php
new file mode 100644
index 000000000..29b145ec8
--- /dev/null
+++ b/application/config/example/memcached.php
@@ -0,0 +1,17 @@
+<?php
+
+$config = array(
+ "default" => array(
+ "hostname" => "127.0.0.1",
+ "port" => 11211,
+ "weight" => 1,
+ ),
+ "socket" => array(
+ "hostname" => FCPATH.'/memcached.sock',
+ "port" => 0,
+ "weight" => 2,
+ ),
+);
+
+
+?>
diff --git a/application/config/migration.php b/application/config/migration.php
index df42a3cae..6cfd09a30 100644
--- a/application/config/migration.php
+++ b/application/config/migration.php
@@ -8,7 +8,7 @@
| whenever you intend to do a schema migration.
|
*/
-$config['migration_enabled'] = FALSE;
+$config['migration_enabled'] = true;
/*
@@ -21,7 +21,7 @@ $config['migration_enabled'] = FALSE;
| be upgraded / downgraded to.
|
*/
-$config['migration_version'] = 0;
+$config['migration_version'] = 10;
/*
@@ -38,4 +38,4 @@ $config['migration_path'] = APPPATH . 'migrations/';
/* End of file migration.php */
-/* Location: ./application/config/migration.php */ \ No newline at end of file
+/* Location: ./application/config/migration.php */
diff --git a/application/config/routes.php b/application/config/routes.php
index 5f9a58343..3ae891bfd 100644
--- a/application/config/routes.php
+++ b/application/config/routes.php
@@ -38,7 +38,10 @@
|
*/
-$route['default_controller'] = "welcome";
+$route['default_controller'] = "file";
+$route['user/(:any)'] = "user/$1";
+$route['file/(:any)'] = "file/$1";
+$route['(:any)'] = "file/index/$1";
$route['404_override'] = '';
diff --git a/application/controllers/file.php b/application/controllers/file.php
new file mode 100644
index 000000000..98ccae884
--- /dev/null
+++ b/application/controllers/file.php
@@ -0,0 +1,891 @@
+<?php
+/*
+ * Copyright 2009-2013 Florian "Bluewind" Pritz <bluewind@server-speed.net>
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+
+class File extends MY_Controller {
+
+ protected $json_enabled_functions = array(
+ "upload_history",
+ "do_upload",
+ "do_delete",
+ );
+
+ function __construct()
+ {
+ parent::__construct();
+
+ $this->load->model('mfile');
+ $this->load->model('muser');
+
+ if (is_cli_client()) {
+ $this->var->view_dir = "file_plaintext";
+ } else {
+ $this->var->view_dir = "file";
+ }
+ }
+
+ function index()
+ {
+ if ($this->input->is_cli_request()) {
+ echo "php index.php file <function> [arguments]\n";
+ echo "\n";
+ echo "Functions:\n";
+ echo " cron Cronjob\n";
+ echo " nuke_id <ID> Nukes all IDs sharing the same hash\n";
+ echo "\n";
+ echo "Functions that shouldn't have to be run:\n";
+ echo " clean_stale_files Remove files without database entries\n";
+ echo " update_file_metadata Update filesize and mimetype in database\n";
+ exit;
+ }
+ // Try to guess what the user would like to do.
+ $id = $this->uri->segment(1);
+ if (!empty($_FILES)) {
+ $this->do_upload();
+ } elseif ($id != "file" && $this->mfile->id_exists($id)) {
+ $this->_download();
+ } elseif ($id && $id != "file") {
+ $this->_non_existent();
+ } else {
+ $this->upload_form();
+ }
+ }
+
+ function _download()
+ {
+ $id = $this->uri->segment(1);
+ $lexer = urldecode($this->uri->segment(2));
+
+ $filedata = $this->mfile->get_filedata($id);
+ $file = $this->mfile->file($filedata['hash']);
+
+ if (!$this->mfile->valid_id($id)) {
+ $this->_non_existent();
+ return;
+ }
+
+ // don't allow unowned files to be downloaded
+ if ($filedata["user"] == 0) {
+ $this->_non_existent();
+ return;
+ }
+
+ // helps to keep traffic low when reloading
+ $etag = $filedata["hash"]."-".$filedata["date"];
+
+ // autodetect the lexer for highlighting if the URL contains a / after the ID (/ID/)
+ // /ID/lexer disables autodetection
+ $autodetect_lexer = !$lexer && substr_count(ltrim($this->uri->uri_string(), "/"), '/') >= 1;
+
+ if ($autodetect_lexer) {
+ $lexer = $this->mfile->autodetect_lexer($filedata["mimetype"], $filedata["filename"]);
+ }
+
+ // resolve aliases
+ // this is mainly used for compatibility
+ $lexer = $this->mfile->resolve_lexer_alias($lexer);
+
+ // create the qr code for /ID/
+ if ($lexer == "qr") {
+ handle_etag($etag);
+ header("Content-disposition: inline; filename=\"".$id."_qr.png\"\n");
+ header("Content-Type: image/png\n");
+ passthru('qrencode -s 10 -o - '.escapeshellarg(site_url($id).'/'));
+ exit();
+ }
+
+ // user wants the plain file
+ if ($lexer == 'plain') {
+ handle_etag($etag);
+ rangeDownload($file, $filedata["filename"], "text/plain");
+ exit();
+ }
+
+ if ($lexer == 'info') {
+ $this->_display_info($id);
+ return;
+ }
+
+ // if there is no mimetype mapping we can't highlight it
+ $can_highlight = $this->mfile->can_highlight($filedata["mimetype"]);
+
+ $filesize_too_big = filesize($file) > $this->config->item('upload_max_text_size');
+
+ if (!$can_highlight || $filesize_too_big || !$lexer) {
+ // prevent javascript from being executed and forbid frames
+ // this should allow us to serve user submitted HTML content without huge security risks
+ foreach (array("X-WebKit-CSP", "X-Content-Security-Policy", "Content-Security-Policy") as $header_name) {
+ header("$header_name: allow 'none'; img-src *; media-src *; font-src *; style-src * 'unsafe-inline'; script-src 'none'; object-src *; frame-src 'none'; ");
+ }
+ handle_etag($etag);
+ rangeDownload($file, $filedata["filename"], $filedata["mimetype"]);
+ exit();
+ }
+
+ $this->data['title'] = htmlspecialchars($filedata['filename']);
+ $this->data['id'] = $id;
+
+ header("Content-Type: text/html\n");
+
+ $this->data['current_highlight'] = htmlspecialchars($lexer);
+ $this->data['timeout'] = $this->mfile->get_timeout_string($id);
+ $this->data['lexers'] = $this->mfile->get_lexers();
+ $this->data['filedata'] = $filedata;
+
+ // highlight the file and chache the result
+ $this->load->driver('cache', array('adapter' => $this->config->item("cache_backend")));
+ if (! $cached = $this->cache->get($filedata['hash'].'_'.$lexer)) {
+ $cached = array();
+ if ($lexer == "rmd") {
+ ob_start();
+
+ echo '<table class="content"><tr>';
+ echo '<td class="markdownrender">'."\n";
+ passthru('perl '.FCPATH.'scripts/Markdown.pl '.escapeshellarg($file), $cached["return_value"]);
+
+ $cached["output"] = ob_get_contents();
+ ob_end_clean();
+ } else {
+ $cached = $this->_colorify($file, $lexer);
+ }
+
+ if ($cached["return_value"] != 0) {
+ $ret = $this->_colorify($file, "text");
+ $cached["output"] = $ret["output"];
+ }
+ $this->cache->save($filedata['hash'].'_'.$lexer, $cached, 100);
+ }
+
+ if ($cached["return_value"] != 0) {
+ $this->data["error_message"] = "<p>Error trying to process the file.
+ Either the lexer is unknown or something is broken.
+ Falling back to plain text.</p>";
+ }
+
+ // Don't use append_output because the output class does too
+ // much magic ({elapsed_time} and {memory_usage}).
+ // Direct echo puts us on the safe side.
+ echo $this->load->view($this->var->view_dir.'/html_header', $this->data, true);
+ echo $cached["output"];
+ echo $this->load->view($this->var->view_dir.'/html_footer', $this->data, true);
+ }
+
+ private function _colorify($file, $lexer)
+ {
+ $return_value = 0;
+ $output = "";
+ $lines_to_remove = 0;
+
+ $output .= '<div class="code content table">'."\n";
+ $output .= '<div class="highlight"><pre>'."\n";
+
+ ob_start();
+ if ($lexer == "ascii") {
+ passthru('ansi2html -p < '.escapeshellarg($file), $return_value);
+ // Last line is empty
+ $lines_to_remove = 1;
+ } else {
+ passthru('pygmentize -F codetagify -O encoding=guess,outencoding=utf8,stripnl=False -l '.escapeshellarg($lexer).' -f html '.escapeshellarg($file), $return_value);
+ // Last 2 items are "</pre></div>" and ""
+ $lines_to_remove = 2;
+ }
+ $buf = ob_get_contents();
+ ob_end_clean();
+
+
+ $buf = explode("\n", $buf);
+ $line_count = count($buf);
+
+ for ($i = 1; $i <= $lines_to_remove; $i++) {
+ unset($buf[$line_count - $i]);
+ }
+
+ foreach ($buf as $key => $line) {
+ $line_number = $key + 1;
+ if ($key == 0) {
+ $line = str_replace("<div class=\"highlight\"><pre>", "", $line);
+ }
+
+ // Be careful not to add superflous whitespace here (we are in a <pre>)
+ $output .= "<div class=\"table-row\">"
+ ."<a href=\"#n$line_number\" class=\"linenumber table-cell\">"
+ ."<span class=\"anchor\" id=\"n$line_number\"> </span>"
+ ."</a>"
+ ."<span class=\"line table-cell\">".$line."</span>\n";
+ $output .= "</div>";
+ }
+
+ $output .= "</pre></div>";
+ $output .= "</div>";
+
+ return array(
+ "return_value" => $return_value,
+ "output" => $output
+ );
+ }
+
+ function _display_info($id)
+ {
+ $this->data["title"] .= " - Info $id";
+ $this->data["filedata"] = $this->mfile->get_filedata($id);
+ $this->data["id"] = $id;
+ $this->data['timeout'] = $this->mfile->get_timeout_string($id);
+
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'/file_info', $this->data);
+ $this->load->view('footer', $this->data);
+ }
+
+ function _non_existent()
+ {
+ $this->data["title"] .= " - Not Found";
+ $this->output->set_status_header(404);
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'/non_existent', $this->data);
+ $this->load->view('footer', $this->data);
+ }
+
+ function _show_url($ids, $lexer)
+ {
+ $redirect = false;
+
+ if (!$this->muser->logged_in()) {
+ $this->muser->require_session();
+ // keep the upload but require the user to login
+ $this->session->set_userdata("last_upload", array(
+ "ids" => $ids,
+ "lexer" => $lexer
+ ));
+ $this->session->set_flashdata("uri", "file/claim_id");
+ $this->muser->require_access("apikey");
+ }
+
+ foreach ($ids as $id) {
+ if ($lexer) {
+ $this->data['urls'][] = site_url($id).'/'.$lexer;
+ } else {
+ $this->data['urls'][] = site_url($id).'/';
+
+ if (count($ids) == 1) {
+ $filedata = $this->mfile->get_filedata($id);
+ $file = $this->mfile->file($filedata['hash']);
+ $type = $filedata['mimetype'];
+ $lexer = $this->mfile->should_highlight($type);
+
+ // If we detected a highlightable file redirect,
+ // otherwise show the URL because browsers would just show a DL dialog
+ if ($lexer) {
+ $redirect = true;
+ }
+ }
+ }
+ }
+
+ if (static_storage("response_type") == "json") {
+ return send_json_reply($this->data["urls"]);
+ }
+
+ if (is_cli_client()) {
+ $redirect = false;
+ }
+
+ if ($redirect && count($ids) == 1) {
+ redirect($this->data['urls'][0], "location", 303);
+ } else {
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'/show_url', $this->data);
+ $this->load->view('footer', $this->data);
+ }
+ }
+
+ function client()
+ {
+ $this->data['title'] .= ' - Client';
+
+ if (file_exists(FCPATH.'data/client/latest')) {
+ $this->var->latest_client = trim(file_get_contents(FCPATH.'data/client/latest'));
+ $this->data['client_link'] = base_url().'data/client/fb-'.$this->var->latest_client.'.tar.gz';
+ } else {
+ $this->data['client_link'] = false;
+ }
+ $this->data['client_link_dir'] = base_url().'data/client/';
+ $this->data['client_link_deb'] = base_url().'data/client/deb/';
+ $this->data['client_link_slackware'] = base_url().'data/client/slackware/';
+
+ if (preg_match('#^https?://(.*?)/.*$#', site_url(), $matches) === 1) {
+ $this->data["domain"] = $matches[1];
+ } else {
+ $this->data["domain"] = "unknown domain";
+ }
+
+ if (!is_cli_client()) {
+ $this->load->view('header', $this->data);
+ }
+ $this->load->view($this->var->view_dir.'/client', $this->data);
+ if (!is_cli_client()) {
+ $this->load->view('footer', $this->data);
+ }
+ }
+
+ function upload_form()
+ {
+ $this->data['title'] .= ' - Upload';
+ $this->data['small_upload_size'] = $this->config->item('small_upload_size');
+ $this->data['max_upload_size'] = $this->config->item('upload_max_size');
+ $this->data['upload_max_age'] = $this->config->item('upload_max_age')/60/60/24;
+
+ $this->data['username'] = $this->muser->get_username();
+
+ $repaste_id = $this->input->get("repaste");
+
+ if ($repaste_id) {
+ $filedata = $this->mfile->get_filedata($repaste_id);
+
+ if ($filedata !== false && $this->mfile->can_highlight($filedata["mimetype"])) {
+ $this->data["textarea_content"] = file_get_contents($this->mfile->file($filedata["hash"]));
+ }
+ }
+
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'/upload_form', $this->data);
+ if (is_cli_client()) {
+ $this->client();
+ }
+ $this->load->view('footer', $this->data);
+ }
+
+ // Allow CLI clients to query the server for the maxium filesize so they can
+ // stop the upload before wasting time and bandwith
+ function get_max_size()
+ {
+ echo $this->config->item('upload_max_size');
+ }
+
+ function thumbnail()
+ {
+ $id = $this->uri->segment(3);
+
+ if (!$this->mfile->valid_id($id)) {
+ return $this->_non_existent();
+ }
+
+ $etag = "$id-thumb";
+ handle_etag($etag);
+
+ $thumb = $this->mfile->makeThumb($id, 150, IMAGETYPE_JPEG);
+
+ if ($thumb === false) {
+ show_error("Failed to generate thumbnail");
+ }
+
+ $filedata = $this->mfile->get_filedata($id);
+ if (!$filedata) {
+ show_error("Failed to get file data");
+ }
+
+ $this->output->set_header("Cache-Control:max-age=31536000, public");
+ $this->output->set_header("Expires: ".date("r", time() + 365 * 24 * 60 * 60));
+ $this->output->set_content_type("image/jpeg");
+ $this->output->set_output($thumb);
+ }
+
+ function upload_history_thumbnails()
+ {
+ $this->muser->require_access();
+
+ $user = $this->muser->get_userid();
+
+ $query = $this->db->query("
+ SELECT `id`, `filename`, `mimetype`, `date`, `hash`, `filesize`
+ FROM files
+ WHERE user = ?
+ AND mimetype IN ('image/jpeg', 'image/png', 'image/gif')
+ ORDER BY date DESC
+ ", array($user))->result_array();
+
+ foreach($query as $key => $item) {
+ if (!$this->mfile->valid_id($item["id"])) {
+ unset($query[$key]);
+ continue;
+ }
+
+ $filesize = format_bytes($item["filesize"]);
+ $dimensions = $this->mfile->image_dimension($this->mfile->file($item["hash"]));
+ $upload_date = date("r", $item["date"]);
+
+ $query[$key]["filesize"] = $filesize;
+ $query[$key]["tooltip"] = "
+ ${item["id"]} - $filesize<br>
+ $upload_date
+ $dimensions - ${item["mimetype"]}<br>
+ ";
+ }
+
+ $this->data["query"] = $query;
+
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'/upload_history_thumbnails', $this->data);
+ $this->load->view('footer', $this->data);
+ }
+
+ function upload_history()
+ {
+ $this->muser->require_access("apikey");
+
+ $user = $this->muser->get_userid();
+
+ $query = array();
+ $lengths = array();
+
+ // key: database field name; value: display name
+ $fields = array(
+ "id" => "ID",
+ "filename" => "Filename",
+ "mimetype" => "Mimetype",
+ "date" => "Date",
+ "hash" => "Hash",
+ "filesize" => "Size"
+ );
+
+ $this->data['title'] .= ' - Upload history';
+ foreach($fields as $length_key => $value) {
+ $lengths[$length_key] = mb_strlen($value);
+ }
+
+ $order = is_cli_client() ? "ASC" : "DESC";
+
+ $query = $this->db->query("
+ SELECT ".implode(",", array_keys($fields))."
+ FROM files
+ WHERE user = ?
+ ORDER BY date $order
+ ", array($user))->result_array();
+
+ if (static_storage("response_type") == "json") {
+ return send_json_reply($query);
+ }
+
+ foreach($query as $key => $item) {
+ $query[$key]["filesize"] = format_bytes($item["filesize"]);
+ if (is_cli_client()) {
+ // Keep track of longest string to pad plaintext output correctly
+ foreach($fields as $length_key => $value) {
+ $len = mb_strlen($query[$key][$length_key]);
+ if ($len > $lengths[$length_key]) {
+ $lengths[$length_key] = $len;
+ }
+ }
+ }
+ }
+
+ $total_size = $this->db->query("
+ SELECT sum(filesize) sum
+ FROM (
+ SELECT filesize
+ FROM files
+ WHERE user = ?
+ GROUP BY hash
+ ) sub
+ ", array($user))->row_array();
+
+ $this->data["query"] = $query;
+ $this->data["lengths"] = $lengths;
+ $this->data["fields"] = $fields;
+ $this->data["total_size"] = format_bytes($total_size["sum"]);
+
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'/upload_history', $this->data);
+ $this->load->view('footer', $this->data);
+ }
+
+ function do_delete()
+ {
+ $this->muser->require_access("apikey");
+
+ $ids = $this->input->post("ids");
+ $errors = array();
+ $deleted = array();
+ $deleted_count = 0;
+ $total_count = 0;
+
+ if (!$ids || !is_array($ids)) {
+ show_error("No IDs specified");
+ }
+
+ foreach ($ids as $id) {
+ $total_count++;
+
+ if (!$this->mfile->id_exists($id)) {
+ $errors[] = array(
+ "id" => $id,
+ "reason" => "doesn't exist",
+ );
+ continue;
+ }
+
+ if ($this->mfile->delete_id($id)) {
+ $deleted[] = $id;
+ $deleted_count++;
+ } else {
+ $errors[] = array(
+ "id" => $id,
+ "reason" => "unknown error",
+ );
+ }
+ }
+
+ if (static_storage("response_type") == "json") {
+ return send_json_reply(array(
+ "errors" => $errors,
+ "deleted" => $deleted,
+ "total_count" => $total_count,
+ "deleted_count" => $deleted_count,
+ ));
+ }
+
+ $this->data["errors"] = $errors;
+ $this->data["deleted_count"] = $deleted_count;
+ $this->data["total_count"] = $total_count;
+
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'/deleted', $this->data);
+ $this->load->view('footer', $this->data);
+ }
+
+ function delete()
+ {
+ $this->muser->require_access("apikey");
+
+ if (!is_cli_client()) {
+ show_error("Not a listed cli client, please use the history to delete uploads.\n", 403);
+ }
+
+ $id = $this->uri->segment(3);
+ $this->data["id"] = $id;
+
+ if ($id && !$this->mfile->id_exists($id)) {
+ show_error("Unknown ID '$id'.", 404);
+ }
+
+ if ($this->mfile->delete_id($id)) {
+ echo "$id has been deleted.\n";
+ } else {
+ echo "Deletion failed. Do you really own that file?\n";
+ }
+ }
+
+ // Handle pastes
+ function do_paste()
+ {
+ // stateful clients get a cookie to claim the ID later
+ // don't force them to log in just yet
+ if (!stateful_client()) {
+ $this->muser->require_access();
+ }
+
+ $content = $this->input->post("content");
+ $filesize = strlen($content);
+ $filename = "stdin";
+
+ if (!$content) {
+ show_error("Nothing was pasted, content is empty.", 400);
+ }
+
+ if ($filesize > $this->config->item('upload_max_size')) {
+ show_error("Error while uploading: File too big", 413);
+ }
+
+ $limits = $this->muser->get_upload_id_limits();
+ $id = $this->mfile->new_id($limits[0], $limits[1]);
+ $hash = md5($content);
+
+ $folder = $this->mfile->folder($hash);
+ file_exists($folder) || mkdir ($folder);
+ $file = $this->mfile->file($hash);
+
+ file_put_contents($file, $content);
+ chmod($file, 0600);
+ $this->mfile->add_file($hash, $id, $filename);
+ $this->_show_url(array($id), false);
+ }
+
+ // Handles uploaded files
+ function do_upload()
+ {
+ // stateful clients get a cookie to claim the ID later
+ // don't force them to log in just yet
+ if (!stateful_client()) {
+ $this->muser->require_access("apikey");
+ }
+
+ $ids = array();
+
+ $extension = $this->input->post('extension');
+
+ $files = getNormalizedFILES();
+
+ if (empty($files)) {
+ show_error("No file was uploaded or unknown error occured.");
+ }
+
+ // Check for errors before doing anything
+ // First error wins and is displayed, these shouldn't happen that often anyway.
+ foreach ($files as $key => $file) {
+ // getNormalizedFILES() removes any file with error == 4
+ if ($file['error'] !== UPLOAD_ERR_OK) {
+ // ERR_OK only for completeness, condition above ignores it
+ $errors = array(
+ UPLOAD_ERR_OK => "There is no error, the file uploaded with success",
+ UPLOAD_ERR_INI_SIZE => "The uploaded file exceeds the upload_max_filesize directive in php.ini",
+ UPLOAD_ERR_FORM_SIZE => "The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form",
+ UPLOAD_ERR_PARTIAL => "The uploaded file was only partially uploaded",
+ UPLOAD_ERR_NO_FILE => "No file was uploaded",
+ UPLOAD_ERR_NO_TMP_DIR => "Missing a temporary folder",
+ UPLOAD_ERR_CANT_WRITE => "Failed to write file to disk",
+ UPLOAD_ERR_EXTENSION => "A PHP extension stopped the file upload",
+ );
+
+ $msg = "Unknown error.";
+
+ if (isset($errors[$file['error']])) {
+ $msg = $errors[$file['error']];
+ } else {
+ $msg = "Unknown error code: ".$file['error'].". Please report a bug.";
+ }
+
+ show_error("Error while uploading: ".$msg, 400);
+ }
+
+ $filesize = filesize($file['tmp_name']);
+ if ($filesize > $this->config->item('upload_max_size')) {
+ show_error("Error while uploading: File too big", 413);
+ }
+ }
+
+ foreach ($files as $key => $file) {
+ $limits = $this->muser->get_upload_id_limits();
+ $id = $this->mfile->new_id($limits[0], $limits[1]);
+ $hash = md5_file($file['tmp_name']);
+
+ // work around a curl bug and allow the client to send the real filename base64 encoded
+ // TODO: this interface currently sets the same filename for every file if you use multiupload
+ $filename = $this->input->post("filename");
+ if ($filename !== false) {
+ $filename = base64_decode($filename, true);
+ }
+
+ // fall back if base64_decode failed
+ if ($filename === false) {
+ $filename = $file['name'];
+ }
+
+ $filename = trim($filename, "\r\n\0\t\x0B");
+
+ $folder = $this->mfile->folder($hash);
+ file_exists($folder) || mkdir ($folder);
+ $file_path = $this->mfile->file($hash);
+
+ move_uploaded_file($file['tmp_name'], $file_path);
+ chmod($file_path, 0600);
+ $this->mfile->add_file($hash, $id, $filename);
+ $ids[] = $id;
+ }
+
+ $this->_show_url($ids, $extension);
+ }
+
+ function claim_id()
+ {
+ $this->muser->require_access();
+
+ $last_upload = $this->session->userdata("last_upload");
+
+ if ($last_upload === false) {
+ show_error("Failed to get last upload data");
+ }
+
+ $ids = $last_upload["ids"];
+ $errors = array();
+
+ assert(is_array($ids));
+
+ foreach ($ids as $key => $id) {
+ $filedata = $this->mfile->get_filedata($id);
+
+ if ($filedata["user"] != 0) {
+ $errors[] = $id;
+ }
+
+ $this->mfile->adopt($id);
+ }
+
+ if (!empty($errors)) {
+ show_error("Someone already owns '".implode(", ", $errors)."', can't reassign.");
+ }
+
+ $this->session->unset_userdata("last_upload");
+
+ $this->_show_url($ids, $last_upload["lexer"]);
+ }
+
+ function contact()
+ {
+ $file = FCPATH."data/local/contact-info.php";
+ if (file_exists($file)) {
+ $this->data["contact_info"] = file_get_contents($file);
+ } else {
+ $this->data["contact_info"] = '<p>Contact info not available.</p>';
+ }
+
+ $this->load->view('header', $this->data);
+ $this->load->view('contact', $this->data);
+ $this->load->view('footer', $this->data);
+ }
+
+ /* Functions below this comment can only be run via the CLI
+ * `php index.php file <function name>`
+ */
+
+ // Removes old files
+ function cron()
+ {
+ if (!$this->input->is_cli_request()) return;
+
+ // 0 age disables age checks
+ if ($this->config->item('upload_max_age') == 0) return;
+
+ $oldest_time = (time() - $this->config->item('upload_max_age'));
+ $oldest_session_time = (time() - $this->config->item("sess_expiration"));
+
+ $small_upload_size = $this->config->item('small_upload_size');
+
+ $query = $this->db->query('
+ SELECT hash, id, user
+ FROM files
+ WHERE date < ? OR (user = 0 AND date < ?)',
+ array($oldest_time, $oldest_session_time));
+
+ foreach($query->result_array() as $row) {
+ $file = $this->mfile->file($row['hash']);
+ if (!file_exists($file)) {
+ $this->db->query('DELETE FROM files WHERE id = ? LIMIT 1', array($row['id']));
+ continue;
+ }
+
+ if ($row["user"] == 0 || filesize($file) > $small_upload_size) {
+ if (filemtime($file) < $oldest_time) {
+ unlink($file);
+ $this->db->query('DELETE FROM files WHERE hash = ?', array($row['hash']));
+ } else {
+ $this->db->query('DELETE FROM files WHERE id = ? LIMIT 1', array($row['id']));
+ if ($this->mfile->stale_hash($row["hash"])) {
+ unlink($file);
+ }
+ }
+ }
+ }
+ }
+
+ /* remove files without database entries */
+ function clean_stale_files()
+ {
+ if (!$this->input->is_cli_request()) return;
+
+ $upload_path = $this->config->item("upload_path");
+ $outer_dh = opendir($upload_path);
+
+ while (($dir = readdir($outer_dh)) !== false) {
+ if (!is_dir($upload_path."/".$dir) || $dir == ".." || $dir == ".") {
+ continue;
+ }
+
+ $dh = opendir($upload_path."/".$dir);
+
+ $empty = true;
+
+ while (($file = readdir($dh)) !== false) {
+ if ($file == ".." || $file == ".") {
+ continue;
+ }
+
+ $query = $this->db->query("SELECT hash FROM files WHERE hash = ? LIMIT 1", array($file))->row_array();
+
+ if (empty($query)) {
+ unlink($upload_path."/".$dir."/".$file);
+ } else {
+ $empty = false;
+ }
+ }
+
+ closedir($dh);
+
+ if ($empty) {
+ rmdir($upload_path."/".$dir);
+ }
+ }
+ closedir($outer_dh);
+ }
+
+ function nuke_id()
+ {
+ if (!$this->input->is_cli_request()) return;
+
+ $id = $this->uri->segment(3);
+
+
+ $file_data = $this->mfile->get_filedata($id);
+
+ if (empty($file_data)) {
+ echo "unknown id \"$id\"\n";
+ return;
+ }
+
+ $hash = $file_data["hash"];
+
+ $this->db->query("
+ DELETE FROM files
+ WHERE hash = ?
+ ", array($hash));
+
+ unlink($this->mfile->file($hash));
+
+ echo "removed hash \"$hash\"\n";
+ }
+
+ function update_file_metadata()
+ {
+ if (!$this->input->is_cli_request()) return;
+
+ $chunk = 500;
+
+ $total = $this->db->count_all("files");
+
+ for ($limit = 0; $limit < $total; $limit += $chunk) {
+ $query = $this->db->query("
+ SELECT hash
+ FROM files
+ GROUP BY hash
+ LIMIT $limit, $chunk
+ ")->result_array();
+
+ foreach ($query as $key => $item) {
+ $hash = $item["hash"];
+ $filesize = intval(filesize($this->mfile->file($hash)));
+ $mimetype = $this->mfile->mimetype($this->mfile->file($hash));
+
+ $this->db->query("
+ UPDATE files
+ SET filesize = ?, mimetype = ?
+ WHERE hash = ?
+ ", array($filesize, $mimetype, $hash));
+ }
+ }
+ }
+}
+
+# vim: set noet:
diff --git a/application/controllers/user.php b/application/controllers/user.php
new file mode 100644
index 000000000..823166ea5
--- /dev/null
+++ b/application/controllers/user.php
@@ -0,0 +1,504 @@
+<?php
+/*
+ * Copyright 2012-2013 Florian "Bluewind" Pritz <bluewind@server-speed.net>
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+
+class User extends MY_Controller {
+ protected $json_enabled_functions = array(
+ "create_apikey",
+ "apikeys",
+ );
+
+
+ function __construct()
+ {
+ parent::__construct();
+
+ $this->load->model("muser");
+
+ $this->var->view_dir = "user/";
+ }
+
+ function index()
+ {
+ $this->data["username"] = $this->muser->get_username();
+
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'index', $this->data);
+ $this->load->view('footer', $this->data);
+ }
+
+ function test_login()
+ {
+ $username = $this->input->post('username');
+ $password = $this->input->post('password');
+
+ if ($this->muser->login($username, $password)) {
+ $this->output->set_status_header(204);
+ } else {
+ $this->output->set_status_header(401);
+ }
+ }
+
+ function login()
+ {
+ $this->muser->require_session();
+ $this->session->keep_flashdata("uri");
+
+ if ($this->input->post('process') !== false) {
+ $username = $this->input->post('username');
+ $password = $this->input->post('password');
+
+ $result = $this->muser->login($username, $password);
+
+ if ($result !== true) {
+ $this->data['login_error'] = true;
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'login', $this->data);
+ $this->load->view('footer', $this->data);
+ } else {
+ $uri = $this->session->flashdata("uri");
+ if ($uri) {
+ redirect($uri);
+ } else {
+ redirect("/");
+ }
+ }
+ } else {
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'login', $this->data);
+ $this->load->view('footer', $this->data);
+ }
+ }
+
+ function create_apikey()
+ {
+ $this->muser->require_access();
+
+ $userid = $this->muser->get_userid();
+ $comment = $this->input->post("comment");
+
+
+ if (strlen($comment) > 255) {
+ show_error("Comment may only be 255 chars long.");
+ }
+
+ $key = random_alphanum(32);
+
+ $this->db->query("
+ INSERT INTO `apikeys`
+ (`key`, `user`, `comment`)
+ VALUES (?, ?, ?)
+ ", array($key, $userid, $comment));
+
+ if (static_storage("response_type") == "json") {
+ return send_json_reply(array("new_key" => $key));
+ }
+
+ if (is_cli_client()) {
+ echo "$key\n";
+ } else {
+ redirect("user/apikeys");
+ }
+ }
+
+ function delete_apikey()
+ {
+ $this->muser->require_access();
+
+ $userid = $this->muser->get_userid();
+ $key = $this->input->post("key");
+
+ $this->db->query("
+ DELETE FROM `apikeys`
+ WHERE `user` = ?
+ AND `key` = ?
+ ", array($userid, $key));
+
+ redirect("user/apikeys");
+ }
+
+ function apikeys()
+ {
+ $this->muser->require_access();
+
+ $userid = $this->muser->get_userid();
+
+ $query = $this->db->query("
+ SELECT `key`, UNIX_TIMESTAMP(`created`) `created`, `comment`
+ FROM `apikeys`
+ WHERE `user` = ? order by created desc
+ ", array($userid))->result_array();
+
+ if (static_storage("response_type") == "json") {
+ return send_json_reply($query);
+ }
+
+ $this->data["query"] = $query;
+
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'apikeys', $this->data);
+ $this->load->view('footer', $this->data);
+ }
+
+ function create_invitation_key()
+ {
+ $this->duser->require_implemented("can_register_new_users");
+ $this->muser->require_access();
+
+ $userid = $this->muser->get_userid();
+
+ // TODO: count both, invited users and key
+ $query = $this->db->query("
+ SELECT count(*) count
+ FROM `actions`
+ WHERE `user` = ?
+ AND `action` = 'invitation'
+ ", array($userid))->row_array();
+
+ if ($query["count"] + 1 > 3) {
+ show_error("You can't create more invitation keys at this time.");
+ }
+
+ $key = random_alphanum(12, 16);
+
+ $this->db->query("
+ INSERT INTO `actions`
+ (`key`, `user`, `date`, `action`)
+ VALUES (?, ?, ?, 'invitation')
+ ", array($key, $userid, time()));
+
+ redirect("user/invite");
+ }
+
+ function invite()
+ {
+ $this->duser->require_implemented("can_register_new_users");
+ $this->muser->require_access();
+
+ $userid = $this->muser->get_userid();
+
+ $query = $this->db->query("
+ SELECT `key`, `date`
+ FROM `actions`
+ WHERE `user` = ?
+ AND `action` = 'invitation'
+ ", array($userid))->result_array();
+
+ $this->data["query"] = $query;
+
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'invite', $this->data);
+ $this->load->view('footer', $this->data);
+ }
+
+ function register()
+ {
+ $this->duser->require_implemented("can_register_new_users");
+ $key = $this->uri->segment(3);
+ $process = $this->input->post("process");
+ $values = array(
+ "username" => "",
+ "email" => ""
+ );
+ $error = array();
+
+ $query = $this->muser->get_action("invitation", $key);
+
+ $referrer = $query["user"];
+
+ if ($process !== false) {
+ $username = $this->input->post("username");
+ $email = $this->input->post("email");
+ $password = $this->input->post("password");
+ $password_confirm = $this->input->post("password_confirm");
+
+ if (!$username || strlen($username) > 32 || !preg_match("/^[a-z0-9]+$/", $username)) {
+ $error[]= "Invalid username (only up to 32 chars of a-z0-9 are allowed).";
+ } else {
+ if ($this->muser->username_exists($username)) {
+ $error[] = "Username already exists.";
+ }
+ }
+
+ $this->load->helper("email");
+ if (!valid_email($email)) {
+ $error[]= "Invalid email.";
+ }
+
+ if (!$password || $password != $password_confirm) {
+ $error[]= "No password or passwords don't match.";
+ }
+
+ if (empty($error)) {
+ $this->db->query("
+ INSERT INTO users
+ (`username`, `password`, `email`, `referrer`)
+ VALUES(?, ?, ?, ?)
+ ", array(
+ $username,
+ $this->muser->hash_password($password),
+ $email,
+ $referrer
+ ));
+ $this->db->query("
+ DELETE FROM actions
+ WHERE `key` = ?
+ ", array($key));
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'registered', $this->data);
+ $this->load->view('footer', $this->data);
+ return;
+ } else {
+ $values["username"] = $username;
+ $values["email"] = $email;
+ }
+ }
+
+ $this->data["key"] = $key;
+ $this->data["values"] = $values;
+ $this->data["error"] = $error;
+
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'register', $this->data);
+ $this->load->view('footer', $this->data);
+ }
+
+ // This routes the different steps of a password reset
+ function reset_password()
+ {
+ $this->duser->require_implemented("can_reset_password");
+ $key = $this->uri->segment(3);
+
+ if ($_SERVER["REQUEST_METHOD"] == "GET" && $key === false) {
+ return $this->_reset_password_username_form();
+ }
+
+ if ($key === false) {
+ return $this->_reset_password_send_mail();
+ }
+
+ if ($key !== false) {
+ return $this->_reset_password_form();
+ }
+ }
+
+ // This simply queries the username
+ function _reset_password_username_form()
+ {
+ $this->data['username'] = $this->muser->get_username();
+
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'reset_password_username_form', $this->data);
+ $this->load->view('footer', $this->data);
+ }
+
+ // This sends a mail to the user containing the reset link
+ function _reset_password_send_mail()
+ {
+ $key = random_alphanum(12, 16);
+ $username = $this->input->post("username");
+
+ if (!$this->muser->username_exists($username)) {
+ show_error("Invalid username");
+ }
+
+ $userinfo = $this->db->query("
+ SELECT id, email, username
+ FROM users
+ WHERE username = ?
+ ", array($username))->row_array();
+
+ $this->load->library("email");
+
+ $this->db->query("
+ INSERT INTO `actions`
+ (`key`, `user`, `date`, `action`)
+ VALUES (?, ?, ?, 'passwordreset')
+ ", array($key, $userinfo["id"], time()));
+
+ $admininfo = $this->db->query("
+ SELECT email
+ FROM users
+ WHERE referrer = 0
+ ORDER BY id asc
+ LIMIT 1
+ ")->row_array();
+
+ $this->email->from($admininfo["email"]);
+ $this->email->to($userinfo["email"]);
+ $this->email->subject("FileBin password reset");
+ $this->email->message(""
+ ."Someone requested a password reset for the account '${userinfo["username"]}'\n"
+ ."from the IP address '${_SERVER["REMOTE_ADDR"]}'.\n"
+ ."\n"
+ ."Please follow this link to reset your password:\n"
+ .site_url("user/reset_password/$key")
+ );
+ $this->email->send();
+
+ // don't disclose full email addresses
+ $this->data["email_domain"] = substr($userinfo["email"], strpos($userinfo["email"], "@") + 1);
+
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'reset_password_link_sent', $this->data);
+ $this->load->view('footer', $this->data);
+ }
+
+ // This displays a form and handles the reset if the form has been filled out correctly
+ function _reset_password_form()
+ {
+ $process = $this->input->post("process");
+ $key = $this->uri->segment(3);
+ $error = array();
+
+ $query = $this->muser->get_action("passwordreset", $key);
+
+ $userid = $query["user"];
+
+ if ($process !== false) {
+ $password = $this->input->post("password");
+ $password_confirm = $this->input->post("password_confirm");
+
+ if (!$password || $password != $password_confirm) {
+ $error[]= "No password or passwords don't match.";
+ }
+
+ if (empty($error)) {
+ $this->db->query("
+ UPDATE users
+ SET `password` = ?
+ WHERE `id` = ?
+ ", array($this->muser->hash_password($password), $userid));
+ $this->db->query("
+ DELETE FROM actions
+ WHERE `key` = ?
+ ", array($key));
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'reset_password_success', $this->data);
+ $this->load->view('footer', $this->data);
+ return;
+ }
+ }
+
+ $this->data["key"] = $key;
+ $this->data["error"] = $error;
+
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'reset_password_form', $this->data);
+ $this->load->view('footer', $this->data);
+ }
+
+ function profile()
+ {
+ $this->muser->require_access();
+
+ if ($this->input->post("process") !== false) {
+ $this->_save_profile();
+ }
+
+ $this->data["profile_data"] = $this->muser->get_profile_data();
+
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'profile', $this->data);
+ $this->load->view('footer', $this->data);
+ }
+
+ private function _save_profile()
+ {
+ $this->muser->require_access();
+
+ /*
+ * Key = name of the form field
+ * Value = function that sanatizes the value and returns it
+ * TODO: some kind of error handling that doesn't loose correctly filled out fields
+ */
+ $value_processor = array();
+
+ $value_processor["upload_id_limits"] = function($value) {
+ $values = explode("-", $value);
+
+ if (!is_array($values) || count($values) != 2) {
+ show_error("Invalid upload id limit value");
+ }
+
+ $lower = intval($values[0]);
+ $upper = intval($values[1]);
+
+ if ($lower > $upper) {
+ show_error("lower limit > upper limit");
+ }
+
+ if ($lower < 3 || $upper > 64) {
+ show_error("upper or lower limit out of bounds (3-64)");
+ }
+
+ return $lower."-".$upper;
+ };
+
+ $data = array();
+ foreach (array_keys($value_processor) as $field) {
+ $value = $this->input->post($field);
+
+ if ($value !== false) {
+ $data[$field] = $value_processor[$field]($value);
+ }
+ }
+
+ if (!empty($data)) {
+ $this->muser->update_profile($data);
+ }
+
+ $this->data["alerts"][] = array(
+ "type" => "success",
+ "message" => "Changes saved",
+ );
+
+ return true;
+ }
+
+ function logout()
+ {
+ $this->muser->logout();
+ redirect('/');
+ }
+
+ function hash_password()
+ {
+ $process = $this->input->post("process");
+ $password = $this->input->post("password");
+ $password_confirm = $this->input->post("password_confirm");
+ $this->data["hash"] = false;
+ $this->data["password"] = $password;
+
+ if ($process !== false) {
+ if (!$password || $password != $password_confirm) {
+ $error[]= "No password or passwords don't match.";
+ } else {
+ $this->data["hash"] = $this->muser->hash_password($password);
+ }
+ }
+
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'hash_password', $this->data);
+ $this->load->view('footer', $this->data);
+ }
+
+ function cron()
+ {
+ if (!$this->input->is_cli_request()) return;
+
+ if ($this->config->item('actions_max_age') == 0) return;
+
+ $oldest_time = (time() - $this->config->item('actions_max_age'));
+
+ $this->db->query("
+ DELETE FROM actions
+ WHERE date < ?
+ ", array($oldest_time));
+ }
+}
diff --git a/application/controllers/welcome.php b/application/controllers/welcome.php
deleted file mode 100644
index 21bef43d9..000000000
--- a/application/controllers/welcome.php
+++ /dev/null
@@ -1,27 +0,0 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
-
-class Welcome extends CI_Controller {
-
- /**
- * Index Page for this controller.
- *
- * Maps to the following URL
- * http://example.com/index.php/welcome
- * - or -
- * http://example.com/index.php/welcome/index
- * - or -
- * Since this controller is set as the default controller in
- * config/routes.php, it's displayed at http://example.com/
- *
- * So any other public methods not prefixed with an underscore will
- * map to /index.php/welcome/<method_name>
- * @see http://codeigniter.com/user_guide/general/urls.html
- */
- public function index()
- {
- $this->load->view('welcome_message');
- }
-}
-
-/* End of file welcome.php */
-/* Location: ./application/controllers/welcome.php */ \ No newline at end of file
diff --git a/application/core/MY_Controller.php b/application/core/MY_Controller.php
new file mode 100644
index 000000000..47083035c
--- /dev/null
+++ b/application/core/MY_Controller.php
@@ -0,0 +1,103 @@
+<?php
+/*
+ * Copyright 2009-2013 Florian "Bluewind" Pritz <bluewind@server-speed.net>
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+
+class MY_Controller extends CI_Controller {
+ public $data = array();
+ public $var;
+
+ protected $json_enabled_functions = array(
+ );
+
+ function __construct()
+ {
+ parent::__construct();
+
+ $this->var = new StdClass();
+ $csrf_protection = true;
+
+ $this->load->library('migration');
+ if ( ! $this->migration->current()) {
+ show_error($this->migration->error_string());
+ }
+
+ $old_path = getenv("PATH");
+ putenv("PATH=$old_path:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin");
+
+ mb_internal_encoding('UTF-8');
+ $this->load->helper(array('form', 'filebin'));
+
+ // TODO: proper accept header handling or is this enough?
+ if (isset($_SERVER["HTTP_ACCEPT"])) {
+ if ($_SERVER["HTTP_ACCEPT"] == "application/json") {
+ static_storage("response_type", "json");
+ }
+ }
+
+ // Allow for easier testing in browser
+ if ($this->input->get("json") !== false) {
+ static_storage("response_type", "json");
+ }
+
+ if (static_storage("response_type") == "json" && ! in_array($this->uri->rsegment(2), $this->json_enabled_functions)) {
+ show_error("Function not JSON enabled");
+ }
+
+ if ($this->input->post("apikey") !== false) {
+ /* This relies on the authentication code always verifying the supplied
+ * apikey. If the key is not verified/logged in an attacker could simply
+ * add an empty "apikey" field to the CSRF form to circumvent the
+ * protection. If we always log in if a key is supplied we can ensure
+ * that an attacker (and the victim since they get a cookie) can only
+ * access the attacker's account.
+ */
+ $csrf_protection = false;
+ }
+
+ $uri_start = $this->uri->rsegment(1)."/".$this->uri->rsegment(2);
+ $csrf_whitelisted_handlers = array(
+ "always" => array(
+ /* Whitelist the upload pages because they don't cause harm and a user
+ * might keep the upload page open for more than csrf_expire seconds
+ * and we don't want to annoy them when they upload a big file and the
+ * CSRF check fails.
+ */
+ "file/do_upload",
+ "file/do_paste",
+ ),
+ "cli_client" => array(
+ "file/do_delete",
+ "file/delete",
+ "file/upload_history",
+ "user/create_apikey",
+ "file/get_max_size",
+ ),
+ );
+ if (in_array($uri_start, $csrf_whitelisted_handlers["always"])) {
+ $csrf_protection = false;
+ }
+
+ if (is_cli_client() && in_array($uri_start, $csrf_whitelisted_handlers["cli_client"])) {
+ $csrf_protection = false;
+ }
+
+ if ($csrf_protection && !$this->input->is_cli_request()) {
+ // 2 functions for accessing config options, really?
+ $this->config->set_item('csrf_protection', true);
+ config_item("csrf_protection", true);
+ $this->security->__construct();
+ $this->security->csrf_verify();
+ }
+
+ if ($this->config->item("environment") == "development" && static_storage("response_type") != "json") {
+ $this->output->enable_profiler(true);
+ }
+
+ $this->data['title'] = "FileBin";
+ }
+}
diff --git a/application/errors/error_general.php b/application/errors/error_general.php
index fd63ce2c5..6c67fa33f 100644
--- a/application/errors/error_general.php
+++ b/application/errors/error_general.php
@@ -1,3 +1,43 @@
+<?php
+
+// fancy error page only works if we can load helpers
+if (class_exists("CI_Controller") && !isset($GLOBALS["is_error_page"])) {
+ $title = "Error";
+ $GLOBALS["is_error_page"] = true;
+
+ $CI =& get_instance();
+ $CI->load->helper("filebin");
+ $CI->load->helper("url");
+
+ if (static_storage("response_type") == "json") {
+ $array = array(
+ "status" => "error",
+ "message" => strip_tags($message),
+ );
+ header('Content-type: application/json');
+ echo json_encode($array);
+ exit();
+ }
+
+ if (is_cli_client()) {
+ $message = strip_tags($message);
+ echo "$heading: $message\n";
+ exit();
+ }
+
+ include 'application/views/header.php';
+
+ ?>
+ <div class="error">
+ <h1><?php echo $heading; ?></h1>
+ <?php echo $message; ?>
+ </div>
+
+ <?php
+ include 'application/views/footer.php';
+} else {
+ // default CI error page
+?>
<!DOCTYPE html>
<html lang="en">
<head>
@@ -59,4 +99,6 @@ p {
<?php echo $message; ?>
</div>
</body>
-</html> \ No newline at end of file
+</html>
+<?php
+}
diff --git a/application/errors/error_php.php b/application/errors/error_php.php
index f085c2037..5f91e07a0 100644
--- a/application/errors/error_php.php
+++ b/application/errors/error_php.php
@@ -7,4 +7,5 @@
<p>Filename: <?php echo $filepath; ?></p>
<p>Line Number: <?php echo $line; ?></p>
-</div> \ No newline at end of file
+</div>
+<?php exit();
diff --git a/application/helpers/filebin_helper.php b/application/helpers/filebin_helper.php
new file mode 100644
index 000000000..bed696c8c
--- /dev/null
+++ b/application/helpers/filebin_helper.php
@@ -0,0 +1,374 @@
+<?php
+
+function format_bytes($size)
+{
+ $suffixes = array('B', 'KiB', 'MiB', 'GiB', 'TiB' , 'PiB' , 'EiB', 'ZiB', 'YiB');
+ $boundary = 2048.0;
+
+ for ($suffix_pos = 0; $suffix_pos + 1 < count($suffixes); $suffix_pos++) {
+ if ($size <= $boundary && $size >= -$boundary) {
+ break;
+ }
+ $size /= 1024.0;
+ }
+
+ # don't print decimals for bytes
+ if ($suffix_pos != 0) {
+ return sprintf("%.2f%s", $size, $suffixes[$suffix_pos]);
+ } else {
+ return sprintf("%.0f%s", $size, $suffixes[$suffix_pos]);
+ }
+}
+
+// Original source: http://www.phpfreaks.com/forums/index.php?topic=198274.msg895468#msg895468
+function rangeDownload($file, $filename, $type)
+{
+ $fp = @fopen($file, 'r');
+
+ $size = filesize($file); // File size
+ $length = $size; // Content length
+ $start = 0; // Start byte
+ $end = $size - 1; // End byte
+ // Now that we've gotten so far without errors we send the accept range header
+ /* At the moment we only support single ranges.
+ * Multiple ranges requires some more work to ensure it works correctly
+ * and comply with the spesifications: http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.2
+ *
+ * Multirange support annouces itself with:
+ * header('Accept-Ranges: bytes');
+ *
+ * Multirange content must be sent with multipart/byteranges mediatype,
+ * (mediatype = mimetype)
+ * as well as a boundry header to indicate the various chunks of data.
+ */
+ header("Accept-Ranges: 0-$length");
+ // header('Accept-Ranges: bytes');
+ // multipart/byteranges
+ // http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.2
+ if (isset($_SERVER['HTTP_RANGE']))
+ {
+ $c_start = $start;
+ $c_end = $end;
+ // Extract the range string
+ list(, $range) = explode('=', $_SERVER['HTTP_RANGE'], 2);
+ // Make sure the client hasn't sent us a multibyte range
+ if (strpos($range, ',') !== false)
+ {
+ // (?) Shoud this be issued here, or should the first
+ // range be used? Or should the header be ignored and
+ // we output the whole content?
+ header('HTTP/1.1 416 Requested Range Not Satisfiable');
+ header("Content-Range: bytes $start-$end/$size");
+ // (?) Echo some info to the client?
+ exit;
+ }
+ // If the range starts with an '-' we start from the beginning
+ // If not, we forward the file pointer
+ // And make sure to get the end byte if spesified
+ if ($range{0} == '-')
+ {
+ // The n-number of the last bytes is requested
+ $c_start = $size - substr($range, 1);
+ }
+ else
+ {
+ $range = explode('-', $range);
+ $c_start = $range[0];
+ $c_end = (isset($range[1]) && is_numeric($range[1])) ? $range[1] : $size;
+ }
+ /* Check the range and make sure it's treated according to the specs.
+ * http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
+ */
+ // End bytes can not be larger than $end.
+ $c_end = ($c_end > $end) ? $end : $c_end;
+ // Validate the requested range and return an error if it's not correct.
+ if ($c_start > $c_end || $c_start > $size - 1 || $c_end >= $size)
+ {
+ header('HTTP/1.1 416 Requested Range Not Satisfiable');
+ header("Content-Range: bytes $start-$end/$size");
+ // (?) Echo some info to the client?
+ exit;
+ }
+ $start = $c_start;
+ $end = $c_end;
+ $length = $end - $start + 1; // Calculate new content length
+ fseek($fp, $start);
+ header('HTTP/1.1 206 Partial Content');
+ // Notify the client the byte range we'll be outputting
+ header("Content-Range: bytes $start-$end/$size");
+ }
+ header("Content-Length: $length");
+ header("Content-disposition: inline; filename=\"".$filename."\"\n");
+ header("Content-Type: ".$type."\n");
+
+ // Start buffered download
+ $buffer = 1024 * 8;
+ while(!feof($fp) && ($p = ftell($fp)) <= $end)
+ {
+ if ($p + $buffer > $end)
+ {
+ // In case we're only outputtin a chunk, make sure we don't
+ // read past the length
+ $buffer = $end - $p + 1;
+ }
+ set_time_limit(0); // Reset time limit for big files
+ echo fread($fp, $buffer);
+ flush(); // Free up memory. Otherwise large files will trigger PHP's memory limit.
+ }
+
+ fclose($fp);
+}
+
+function even_odd($reset = false)
+{
+ static $counter = 1;
+
+ if ($reset) {
+ $counter = 1;
+ }
+
+ if ($counter++%2 == 0) {
+ return 'even';
+ } else {
+ return 'odd';
+ }
+}
+
+// Source: http://hu.php.net/manual/en/function.str-pad.php#71558
+// This is a multibyte enabled str_pad
+function mb_str_pad($ps_input, $pn_pad_length, $ps_pad_string = " ", $pn_pad_type = STR_PAD_RIGHT, $ps_encoding = NULL)
+{
+ $ret = "";
+
+ if (is_null($ps_encoding))
+ $ps_encoding = mb_internal_encoding();
+
+ $hn_length_of_padding = $pn_pad_length - mb_strlen($ps_input, $ps_encoding);
+ $hn_psLength = mb_strlen($ps_pad_string, $ps_encoding); // pad string length
+
+ if ($hn_psLength <= 0 || $hn_length_of_padding <= 0) {
+ // Padding string equal to 0:
+ //
+ $ret = $ps_input;
+ }
+ else {
+ $hn_repeatCount = floor($hn_length_of_padding / $hn_psLength); // how many times repeat
+
+ if ($pn_pad_type == STR_PAD_BOTH) {
+ $hs_lastStrLeft = "";
+ $hs_lastStrRight = "";
+ $hn_repeatCountLeft = $hn_repeatCountRight = ($hn_repeatCount - $hn_repeatCount % 2) / 2;
+
+ $hs_lastStrLength = $hn_length_of_padding - 2 * $hn_repeatCountLeft * $hn_psLength; // the rest length to pad
+ $hs_lastStrLeftLength = $hs_lastStrRightLength = floor($hs_lastStrLength / 2); // the rest length divide to 2 parts
+ $hs_lastStrRightLength += $hs_lastStrLength % 2; // the last char add to right side
+
+ $hs_lastStrLeft = mb_substr($ps_pad_string, 0, $hs_lastStrLeftLength, $ps_encoding);
+ $hs_lastStrRight = mb_substr($ps_pad_string, 0, $hs_lastStrRightLength, $ps_encoding);
+
+ $ret = str_repeat($ps_pad_string, $hn_repeatCountLeft) . $hs_lastStrLeft;
+ $ret .= $ps_input;
+ $ret .= str_repeat($ps_pad_string, $hn_repeatCountRight) . $hs_lastStrRight;
+ }
+ else {
+ $hs_lastStr = mb_substr($ps_pad_string, 0, $hn_length_of_padding % $hn_psLength, $ps_encoding); // last part of pad string
+
+ if ($pn_pad_type == STR_PAD_LEFT)
+ $ret = str_repeat($ps_pad_string, $hn_repeatCount) . $hs_lastStr . $ps_input;
+ else
+ $ret = $ps_input . str_repeat($ps_pad_string, $hn_repeatCount) . $hs_lastStr;
+ }
+ }
+
+ return $ret;
+}
+
+function is_cli_client($override = null)
+{
+ static $is_cli = null;
+
+ if ($override !== null) {
+ $is_cli = $override;
+ }
+
+ if ($is_cli === null) {
+ $is_cli = false;
+ // official client uses "fb-client/$version" as useragent
+ $clients = array("fb-client", "libcurl", "pyfb", "curl/");
+ foreach ($clients as $client) {
+ if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], $client) !== false) {
+ $is_cli = true;
+ }
+ }
+ }
+ return $is_cli;
+}
+
+function random_alphanum($min_length, $max_length = null)
+{
+ $random = '';
+ $char_list = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ $char_list .= "abcdefghijklmnopqrstuvwxyz";
+ $char_list .= "1234567890";
+
+ if ($max_length === null) {
+ $max_length = $min_length;
+ }
+ $length = mt_rand($min_length, $max_length);
+
+ for($i = 0; $i < $max_length; $i++) {
+ if (strlen($random) == $length) break;
+ $random .= substr($char_list, mt_rand(0, strlen($char_list) - 1), 1);
+ }
+ return $random;
+}
+
+function link_with_mtime($file)
+{
+ $link = base_url($file);
+
+ if (file_exists(FCPATH.$file)) {
+ $link .= "?".filemtime(FCPATH.$file);
+ }
+
+ return $link;
+}
+
+function include_js($file)
+{
+ static $included = array();
+ if (in_array($file, $included) || $file === null) {
+ return "";
+ }
+ return "<script src=\"".link_with_mtime($file)."\"></script>\n";
+}
+
+// kind of hacky, but works well enough for now
+function register_js_include($file, $return = false)
+{
+ static $list = "";
+ $list .= include_js($file);
+ if ($return) {
+ return $list;
+ }
+}
+
+function include_registered_js()
+{
+ return register_js_include(null, true);
+}
+
+function handle_etag($etag)
+{
+ $etag = strtolower($etag);
+ $modified = true;
+
+ if(isset($_SERVER['HTTP_IF_NONE_MATCH'])) {
+ $oldtag = trim(strtolower($_SERVER['HTTP_IF_NONE_MATCH']), '"');
+ if($oldtag == $etag) {
+ $modified = false;
+ } else {
+ $modified = true;
+ }
+ }
+
+ header('Etag: "'.$etag.'"');
+
+ if (!$modified) {
+ header("HTTP/1.1 304 Not Modified");
+ exit();
+ }
+}
+
+// Reference: http://php.net/manual/en/features.file-upload.multiple.php#109437
+// This is a little different because we don't care about the fieldname
+function getNormalizedFILES()
+{
+ $newfiles = array();
+ $ret = array();
+
+ foreach($_FILES as $fieldname => $fieldvalue)
+ foreach($fieldvalue as $paramname => $paramvalue)
+ foreach((array)$paramvalue as $index => $value)
+ $newfiles[$fieldname][$index][$paramname] = $value;
+
+ $i = 0;
+ foreach ($newfiles as $fieldname => $field) {
+ foreach ($field as $file) {
+ // skip empty fields
+ if ($file["error"] === 4) {
+ continue;
+ }
+ $ret[$i] = $file;
+ $ret[$i]["formfield"] = $fieldname;
+ $i++;
+ }
+ }
+
+ return $ret;
+}
+
+// Allow simple checking inside views
+function auth_driver_function_implemented($function)
+{
+ static $result = array();
+ if (isset($result[$function])) {
+ return $result[$function];
+ }
+
+ $CI =& get_instance();
+ $CI->load->driver("duser");
+ $result[$function] = $CI->duser->is_implemented($function);;
+
+ return $result[$function];
+}
+
+function user_logged_in()
+{
+ $CI =& get_instance();
+ $CI->load->model("muser");
+ return $CI->muser->logged_in();
+}
+
+function send_json_reply($array, $status = "success")
+{
+ $reply = array();
+ $reply["status"] = $status;
+ $reply["data"] = $array;
+
+ $CI =& get_instance();
+ $CI->output->set_content_type('application/json');
+ $CI->output->set_output(json_encode($reply));
+}
+
+function static_storage($key, $value = null)
+{
+ static $storage = array();
+
+ if ($value !== null) {
+ $storage[$key] = $value;
+ }
+
+ if (!isset($storage[$key])) {
+ $storage[$key] = null;
+ }
+
+ return $storage[$key];
+}
+
+function stateful_client()
+{
+ $CI =& get_instance();
+
+ if ($CI->input->post("apikey")) {
+ return false;
+ }
+
+ if (is_cli_client()) {
+ return false;
+ }
+
+ return true;
+}
+
+# vim: set noet:
diff --git a/application/libraries/Duser/Duser.php b/application/libraries/Duser/Duser.php
new file mode 100644
index 000000000..07a16190c
--- /dev/null
+++ b/application/libraries/Duser/Duser.php
@@ -0,0 +1,112 @@
+<?php
+/*
+ * Copyright 2013 Florian "Bluewind" Pritz <bluewind@server-speed.net>
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+
+abstract class Duser_Driver extends CI_Driver {
+
+ // List of optional functions that are implemented
+ //
+ // Possible values are:
+ // - can_register_new_users (only supported with the DB driver!)
+ // - can_reset_password (only supported with the DB driver!)
+ public $optional_functions = array();
+
+ /*
+ * The returned array should contain the following keys:
+ * - username string
+ * - userid INT > 0
+ *
+ * @param username
+ * @param password
+ * @return mixed array on success, false on failure
+ */
+ abstract public function login($username, $password);
+
+ /*
+ * @param username
+ * @return boolean true is username exists, false otherwise
+ */
+ public function username_exists($username) {
+ return null;
+ }
+
+ /*
+ * @param userid
+ * @return string email address of the user
+ */
+ public function get_email($userid) {
+ return null;
+ }
+}
+
+class Duser extends CI_Driver_Library {
+
+ protected $_adapter = null;
+
+ protected $valid_drivers = array(
+ 'duser_db', 'duser_ldap', 'duser_fluxbb'
+ );
+
+ function __construct()
+ {
+ $CI =& get_instance();
+
+ $this->_adapter = $CI->config->item("authentication_driver");
+ }
+
+ // require an optional function to be implemented
+ public function require_implemented($function) {
+ if (!$this->is_implemented($function)) {
+ show_error(""
+ ."Optional function '".$function."' not implemented in user adapter '".$this->_adapter."'. "
+ ."Requested functionally unavailable.");
+ }
+ }
+
+ // check if an optional function is implemented
+ public function is_implemented($function) {
+ if (in_array($function, $this->{$this->_adapter}->optional_functions)) {
+ return true;
+ }
+
+ return false;
+ }
+
+ public function login($username, $password)
+ {
+ $login_info = $this->{$this->_adapter}->login($username, $password);
+ if ($login_info === false) {
+ return false;
+ }
+
+ $CI =& get_instance();
+
+ $CI->session->set_userdata(array(
+ 'logged_in' => true,
+ 'username' => $login_info["username"],
+ 'userid' => $login_info["userid"],
+ 'access_level' => 'full',
+ ));
+
+ return true;
+ }
+
+ public function username_exists($username)
+ {
+ if ($username === false) {
+ return false;
+ }
+
+ return $this->{$this->_adapter}->username_exists($username);
+ }
+
+ public function get_email($userid)
+ {
+ return $this->{$this->_adapter}->get_email($userid);
+ }
+}
diff --git a/application/libraries/Duser/drivers/Duser_db.php b/application/libraries/Duser/drivers/Duser_db.php
new file mode 100644
index 000000000..0f4298258
--- /dev/null
+++ b/application/libraries/Duser/drivers/Duser_db.php
@@ -0,0 +1,83 @@
+<?php
+/*
+ * Copyright 2013 Florian "Bluewind" Pritz <bluewind@server-speed.net>
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+
+class Duser_db extends Duser_Driver {
+
+ /* FIXME: If you use this driver as a template, remove can_reset_password
+ * and can_register_new_users. These features require the DB driver and
+ * will NOT work with other drivers.
+ */
+ public $optional_functions = array(
+ 'can_reset_password',
+ 'can_register_new_users',
+ );
+
+ public function login($username, $password)
+ {
+ $CI =& get_instance();
+
+ $query = $CI->db->query('
+ SELECT username, id, password
+ FROM `users`
+ WHERE `username` = ?
+ ', array($username))->row_array();
+
+ if (!isset($query["username"]) || $query["username"] !== $username) {
+ return false;
+ }
+
+ if (!isset($query["password"])) {
+ return false;
+ }
+
+ if (crypt($password, $query["password"]) === $query["password"]) {
+ return array(
+ "username" => $username,
+ "userid" => $query["id"]
+ );
+ } else {
+ return false;
+ }
+ }
+
+ public function username_exists($username)
+ {
+ $CI =& get_instance();
+
+ $query = $CI->db->query("
+ SELECT id
+ FROM users
+ WHERE username = ?
+ ", array($username));
+
+ if ($query->num_rows() > 0) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ public function get_email($userid)
+ {
+ $CI =& get_instance();
+
+ $query = $CI->db->query("
+ SELECT email
+ FROM users
+ WHERE id = ?
+ ", array($userid))->row_array();
+
+ if (empty($query)) {
+ show_error("Failed to get email address from db");
+ }
+
+ return $query["email"];
+ }
+
+}
diff --git a/application/libraries/Duser/drivers/Duser_fluxbb.php b/application/libraries/Duser/drivers/Duser_fluxbb.php
new file mode 100644
index 000000000..b32e2ac8e
--- /dev/null
+++ b/application/libraries/Duser/drivers/Duser_fluxbb.php
@@ -0,0 +1,53 @@
+<?php
+/*
+ * Copyright 2013 Pierre Schmitz <pierre@archlinux.de>
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+
+class Duser_fluxbb extends Duser_Driver {
+
+ private $CI = null;
+ private $config = array();
+
+ function __construct()
+ {
+ $this->CI =& get_instance();
+ $this->config = $this->CI->config->item('auth_fluxbb');
+ }
+
+ public function login($username, $password)
+ {
+ $query = $this->CI->db->query('
+ SELECT username, id
+ FROM '.$this->config['database'].'.users
+ WHERE username LIKE ? AND password = ?
+ ', array($username, sha1($password)))->row_array();
+
+ if (!empty($query)) {
+ return array(
+ 'username' => $query['username'],
+ 'userid' => $query['id']
+ );
+ } else {
+ return false;
+ }
+ }
+
+ public function username_exists($username)
+ {
+ $query = $this->CI->db->query('
+ SELECT id
+ FROM '.$this->config['database'].'.users
+ WHERE username LIKE ?
+ ', array($username));
+
+ if ($query->num_rows() > 0) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+}
diff --git a/application/libraries/Duser/drivers/Duser_ldap.php b/application/libraries/Duser/drivers/Duser_ldap.php
new file mode 100644
index 000000000..1f1581620
--- /dev/null
+++ b/application/libraries/Duser/drivers/Duser_ldap.php
@@ -0,0 +1,68 @@
+<?php
+/*
+ * Copyright 2013 Florian "Bluewind" Pritz <bluewind@server-speed.net>
+ * Contributions by Hannes Rist
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+class Duser_ldap extends Duser_Driver {
+ // none supported
+ public $optional_functions = array();
+
+ // Original source: http://code.activestate.com/recipes/101525-ldap-authentication/
+ public function login($username, $password) {
+ $CI =& get_instance();
+
+ $config = $CI->config->item("auth_ldap");
+
+ if ($username == "" || $password == "") {
+ return false;
+ }
+
+ $ds = ldap_connect($config['host'],$config['port']);
+ if ($ds === false) {
+ return false;
+ }
+
+ switch ($config["scope"]) {
+ case "base":
+ $r = ldap_read($ds, $config['basedn'], $config["username_field"].'='.$username);
+ break;
+ case "one":
+ $r = ldap_list($ds, $config['basedn'], $config["username_field"].'='.$username);
+ break;
+ case "subtree":
+ $r = ldap_search($ds, $config['basedn'], $config["username_field"].'='.$username);
+ break;
+ default:
+ show_error("Invalid LDAP scope");
+ }
+ if ($r === false) {
+ return false;
+ }
+
+ foreach ($config["options"] as $key => $value) {
+ if (ldap_set_option($ds, $key, $value) === false) {
+ return false;
+ }
+ }
+
+ $result = ldap_get_entries($ds, $r);
+ if ($result === false || !isset($result[0])) {
+ return false;
+ }
+
+ // ignore errors from ldap_bind as it will throw an error if the password is incorrect
+ if (@ldap_bind($ds, $result[0]['dn'], $password)) {
+ ldap_unbind($ds);
+ return array(
+ "username" => $result[0][$config["username_field"]][0],
+ "userid" => $result[0][$config["userid_field"]][0]
+ );
+ }
+
+ return false;
+ }
+}
diff --git a/application/libraries/MY_Session.php b/application/libraries/MY_Session.php
new file mode 100644
index 000000000..0443bca31
--- /dev/null
+++ b/application/libraries/MY_Session.php
@@ -0,0 +1,38 @@
+<?php
+/*
+ * Copyright 2013 Florian "Bluewind" Pritz <bluewind@server-speed.net>
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+
+class MY_Session extends CI_Session {
+ private $memory_only = false;
+
+ public function __construct() {
+ $CI =& get_instance();
+ $CI->load->helper("filebin");
+
+ /* Clients using API keys do not need a persistent session since API keys
+ * should be sent with each request. This reduces database queries and
+ * prevents us from sending useless cookies.
+ */
+ if (!stateful_client()) {
+ $this->memory_only = true;
+ $CI->config->set_item("sess_use_database", false);
+ }
+
+ parent::__construct();
+ }
+
+ public function _set_cookie($cookie_data = NULL)
+ {
+ if ($this->memory_only) {
+ return;
+ }
+
+ parent::_set_cookie($cookie_data);
+
+ }
+}
diff --git a/application/migrations/001_add_files.php b/application/migrations/001_add_files.php
new file mode 100644
index 000000000..f1f16ea3a
--- /dev/null
+++ b/application/migrations/001_add_files.php
@@ -0,0 +1,27 @@
+<?php
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+class Migration_Add_files extends CI_Migration {
+
+ public function up()
+ {
+ $this->db->query("
+ CREATE TABLE IF NOT EXISTS `files` (
+ `hash` varchar(32) CHARACTER SET ascii NOT NULL,
+ `id` varchar(6) CHARACTER SET ascii COLLATE ascii_bin NOT NULL,
+ `filename` varchar(256) COLLATE utf8_bin NOT NULL,
+ `password` varchar(40) CHARACTER SET ascii COLLATE ascii_bin DEFAULT NULL,
+ `date` int(11) unsigned NOT NULL,
+ `mimetype` varchar(255) CHARACTER SET ascii NOT NULL,
+ PRIMARY KEY (`id`),
+ KEY `date` (`date`),
+ KEY `hash` (`hash`,`id`)
+ ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
+ ");
+ }
+
+ public function down()
+ {
+ $this->dbforge->drop_table('files');
+ }
+}
diff --git a/application/migrations/002_add_users.php b/application/migrations/002_add_users.php
new file mode 100644
index 000000000..5675c77e9
--- /dev/null
+++ b/application/migrations/002_add_users.php
@@ -0,0 +1,46 @@
+<?php
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+class Migration_Add_users extends CI_Migration {
+
+ public function up()
+ {
+ $this->db->query("
+ CREATE TABLE IF NOT EXISTS `users` (
+ `id` int(8) UNSIGNED NOT NULL AUTO_INCREMENT,
+ `username` varchar(32) COLLATE ascii_general_ci NOT NULL,
+ `password` varchar(60) COLLATE ascii_general_ci NOT NULL,
+ `email` varchar(255) COLLATE ascii_general_ci NOT NULL,
+ PRIMARY KEY (`id`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+ ");
+
+ $this->db->query("
+ CREATE TABLE IF NOT EXISTS `ci_sessions` (
+ `session_id` varchar(40) NOT NULL DEFAULT '0',
+ `ip_address` varchar(16) NOT NULL DEFAULT '0',
+ `user_agent` varchar(120) NOT NULL,
+ `last_activity` int(10) unsigned NOT NULL DEFAULT '0',
+ `user_data` text NOT NULL,
+ PRIMARY KEY (`session_id`),
+ KEY `last_activity_idx` (`last_activity`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+ ");
+
+ $this->db->query("
+ ALTER TABLE `files`
+ ADD `user` INT(8) UNSIGNED NOT NULL DEFAULT '0',
+ ADD INDEX (`user`)
+ ");
+ }
+
+ public function down()
+ {
+ $this->dbforge->drop_table('users');
+ $this->dbforge->drop_table('ci_sessions');
+ $this->db->query("
+ ALTER TABLE `files`
+ DROP `user`
+ ");
+ }
+}
diff --git a/application/migrations/003_add_referrers.php b/application/migrations/003_add_referrers.php
new file mode 100644
index 000000000..524e92ff0
--- /dev/null
+++ b/application/migrations/003_add_referrers.php
@@ -0,0 +1,33 @@
+<?php
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+class Migration_Add_referrers extends CI_Migration {
+
+ public function up()
+ {
+ $this->db->query("
+ CREATE TABLE `invitations` (
+ `user` int(8) unsigned NOT NULL,
+ `key` varchar(16) CHARACTER SET ascii NOT NULL,
+ `date` int(11) unsigned NOT NULL,
+ PRIMARY KEY (`key`),
+ KEY `user` (`user`),
+ KEY `date` (`date`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin
+ ");
+ $this->db->query("
+ ALTER TABLE `users`
+ ADD `referrer` INT(8) UNSIGNED NOT NULL DEFAULT '0'
+ ");
+ }
+
+ public function down()
+ {
+ $this->db->query("
+ ALTER TABLE `users`
+ DROP `referrer`
+ ");
+ $this->dbforge->drop_table('invitations');
+
+ }
+}
diff --git a/application/migrations/004_add_filesize.php b/application/migrations/004_add_filesize.php
new file mode 100644
index 000000000..d7a70223d
--- /dev/null
+++ b/application/migrations/004_add_filesize.php
@@ -0,0 +1,22 @@
+<?php
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+class Migration_Add_filesize extends CI_Migration {
+
+ public function up()
+ {
+ $this->db->query("
+ ALTER TABLE `files`
+ ADD `filesize` INT UNSIGNED NOT NULL
+ ");
+ }
+
+ public function down()
+ {
+ $this->db->query("
+ ALTER TABLE `files`
+ DROP `filesize`
+ ");
+
+ }
+}
diff --git a/application/migrations/005_drop_file_password.php b/application/migrations/005_drop_file_password.php
new file mode 100644
index 000000000..bf03490a8
--- /dev/null
+++ b/application/migrations/005_drop_file_password.php
@@ -0,0 +1,21 @@
+<?php
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+class Migration_Drop_file_password extends CI_Migration {
+
+ public function up()
+ {
+ $this->db->query("
+ ALTER TABLE `files`
+ DROP `password`;
+ ");
+ }
+
+ public function down()
+ {
+ $this->db->query("
+ ALTER TABLE `files`
+ ADD `password` varchar(40) CHARACTER SET ascii COLLATE ascii_bin DEFAULT NULL;
+ ");
+ }
+}
diff --git a/application/migrations/006_add_username_index.php b/application/migrations/006_add_username_index.php
new file mode 100644
index 000000000..ea5e3ebc0
--- /dev/null
+++ b/application/migrations/006_add_username_index.php
@@ -0,0 +1,21 @@
+<?php
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+class Migration_Add_username_index extends CI_Migration {
+
+ public function up()
+ {
+ $this->db->query("
+ ALTER TABLE `users`
+ ADD UNIQUE `username` (`username`);
+ ");
+ }
+
+ public function down()
+ {
+ $this->db->query("
+ ALTER TABLE `users`
+ DROP INDEX `username`;
+ ");
+ }
+}
diff --git a/application/migrations/007_repurpose_invitations.php b/application/migrations/007_repurpose_invitations.php
new file mode 100644
index 000000000..36d3007e8
--- /dev/null
+++ b/application/migrations/007_repurpose_invitations.php
@@ -0,0 +1,37 @@
+<?php
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+class Migration_Repurpose_invitations extends CI_Migration {
+
+ public function up()
+ {
+ $this->db->query("
+ ALTER TABLE `invitations`
+ ADD `action` VARCHAR(255) NOT NULL,
+ ADD `data` TEXT NULL,
+ ADD INDEX `action` (`action`);
+ ");
+
+ $this->db->query("
+ UPDATE `invitations` SET `action` = 'invitation' WHERE `action` = '';
+ ");
+
+ $this->db->query("
+ RENAME TABLE `invitations` TO `actions` ;
+ ");
+
+ }
+
+ public function down()
+ {
+ $this->db->query("
+ RENAME TABLE `actions` TO `invitations` ;
+ ");
+
+ $this->db->query("
+ ALTER TABLE `invitations`
+ DROP `action`,
+ DROP `data`;
+ ");
+ }
+}
diff --git a/application/migrations/008_add_profiles.php b/application/migrations/008_add_profiles.php
new file mode 100644
index 000000000..3fea33c08
--- /dev/null
+++ b/application/migrations/008_add_profiles.php
@@ -0,0 +1,31 @@
+<?php
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+class Migration_Add_profiles extends CI_Migration {
+
+ public function up()
+ {
+ $this->db->query("
+ CREATE TABLE `profiles` (
+ `user` int(8) unsigned NOT NULL,
+ `upload_id_limits` varchar(255) COLLATE utf8_bin NOT NULL,
+ PRIMARY KEY (`user`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin
+ ");
+
+ $this->db->query("
+ ALTER TABLE `files` CHANGE `id` `id` VARCHAR( 255 );
+ ");
+
+ }
+
+ public function down()
+ {
+ $this->db->query("
+ DROP TABLE `profiles`;
+ ");
+ $this->db->query("
+ ALTER TABLE `files` CHANGE `id` `id` VARCHAR( 6 );
+ ");
+ }
+}
diff --git a/application/migrations/009_add_apikeys.php b/application/migrations/009_add_apikeys.php
new file mode 100644
index 000000000..8e88260a8
--- /dev/null
+++ b/application/migrations/009_add_apikeys.php
@@ -0,0 +1,24 @@
+<?php
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+class Migration_Add_apikeys extends CI_Migration {
+
+ public function up()
+ {
+ $this->db->query("
+ CREATE TABLE `apikeys` (
+ `key` varchar(64) COLLATE utf8_bin NOT NULL,
+ `user` int(8) unsigned NOT NULL,
+ `created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ `comment` varchar(255) CHARACTER SET ascii COLLATE ascii_bin NOT NULL,
+ PRIMARY KEY (`key`),
+ KEY `user` (`user`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin
+ ");
+ }
+
+ public function down()
+ {
+ $this->dbforge->drop_table('apikeys');
+ }
+}
diff --git a/application/migrations/010_files_innodb.php b/application/migrations/010_files_innodb.php
new file mode 100644
index 000000000..b32f94724
--- /dev/null
+++ b/application/migrations/010_files_innodb.php
@@ -0,0 +1,16 @@
+<?php
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+class Migration_files_innodb extends CI_Migration {
+
+ public function up()
+ {
+ $this->db->query("
+ ALTER TABLE `files` ENGINE = InnoDB;
+ ");
+ }
+
+ public function down()
+ {
+ }
+}
diff --git a/application/models/mfile.php b/application/models/mfile.php
new file mode 100644
index 000000000..e862f1930
--- /dev/null
+++ b/application/models/mfile.php
@@ -0,0 +1,510 @@
+<?php
+/*
+ * Copyright 2009-2013 Florian "Bluewind" Pritz <bluewind@server-speed.net>
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+
+class Mfile extends CI_Model {
+
+ function __construct()
+ {
+ parent::__construct();
+ $this->load->model("muser");
+ }
+
+ // Returns an unused ID
+ function new_id($min = 3, $max = 6)
+ {
+ static $id_blacklist = NULL;
+
+ if ($id_blacklist == NULL) {
+ // This prevents people from being unable to access their uploads
+ // because of URL rewriting
+ $id_blacklist = scandir(FCPATH);
+ $id_blacklist[] = "file";
+ $id_blacklist[] = "user";
+ }
+
+ $max_tries = 100;
+
+ for ($try = 0; $try < $max_tries; $try++) {
+ $id = random_alphanum($min, $max);
+
+ if ($this->id_exists($id) || in_array($id, $id_blacklist)) {
+ continue;
+ }
+
+ return $id;
+ }
+
+ show_error("Failed to find unused ID after $max_tries tries.");
+ }
+
+ function id_exists($id)
+ {
+ if (!$id) {
+ return false;
+ }
+
+ $sql = '
+ SELECT id
+ FROM `files`
+ WHERE `id` = ?
+ LIMIT 1';
+ $query = $this->db->query($sql, array($id));
+
+ if ($query->num_rows() == 1) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ public function stale_hash($hash)
+ {
+ return $this->unused_file($hash);
+ }
+
+ function get_filedata($id)
+ {
+ $sql = '
+ SELECT hash, filename, mimetype, date, user, filesize
+ FROM `files`
+ WHERE `id` = ?
+ LIMIT 1';
+ $query = $this->db->query($sql, array($id));
+
+ if ($query->num_rows() == 1) {
+ $return = $query->result_array();
+ return $return[0];
+ } else {
+ return false;
+ }
+ }
+
+ // return the folder in which the file with $hash is stored
+ function folder($hash) {
+ return $this->config->item('upload_path').'/'.substr($hash, 0, 3);
+ }
+
+ // Returns the full path to the file with $hash
+ function file($hash) {
+ return $this->folder($hash).'/'.$hash;
+ }
+
+ // Return mimetype of file
+ function mimetype($file) {
+ $fileinfo = new finfo(FILEINFO_MIME_TYPE);
+ $mimetype = $fileinfo->file($file);
+
+ return $mimetype;
+ }
+
+ public function image_dimension($file)
+ {
+ list($width, $height) = getimagesize($file);
+
+ return "${width}x${height}";
+ }
+
+ /*
+ * This returns a square thumbnail for the input image
+ * Source: http://salman-w.blogspot.co.at/2009/04/crop-to-fit-image-using-aspphp.html
+ */
+ public function makeThumb($id, $size = 150, $target_type = null)
+ {
+ $filedata = $this->get_filedata($id);
+ if (!$filedata) {
+ return false;
+ }
+
+ $source_path = $this->file($filedata["hash"]);
+
+ list($source_width, $source_height, $source_type) = getimagesize($source_path);
+
+ if ($target_type === null) {
+ $target_type = $source_type;
+ }
+
+ $target_width = $size;
+ $target_height = $size;
+
+ switch ($source_type) {
+ case IMAGETYPE_GIF:
+ $source_gdim = imagecreatefromgif($source_path);
+ break;
+ case IMAGETYPE_JPEG:
+ $source_gdim = imagecreatefromjpeg($source_path);
+ break;
+ case IMAGETYPE_PNG:
+ $source_gdim = imagecreatefrompng($source_path);
+ break;
+ default:
+ show_error("Unsupported image type");
+ }
+
+ $source_aspect_ratio = $source_width / $source_height;
+ $desired_aspect_ratio = $target_width / $target_height;
+
+ if ($source_aspect_ratio > $desired_aspect_ratio) {
+ // Triggered when source image is wider
+ $temp_height = $target_height;
+ $temp_width = round(($target_height * $source_aspect_ratio));
+ } else {
+ // Triggered otherwise (i.e. source image is similar or taller)
+ $temp_width = $target_width;
+ $temp_height = round(($target_width / $source_aspect_ratio));
+ }
+
+ /*
+ * Resize the image into a temporary GD image
+ */
+
+ $temp_gdim = imagecreatetruecolor($temp_width, $temp_height);
+ imagecopyresampled(
+ $temp_gdim,
+ $source_gdim,
+ 0, 0,
+ 0, 0,
+ $temp_width, $temp_height,
+ $source_width, $source_height
+ );
+
+ /*
+ * Copy cropped region from temporary image into the desired GD image
+ */
+
+ $x0 = ($temp_width - $target_width) / 2;
+ $y0 = ($temp_height - $target_height) / 2;
+ $thumb = imagecreatetruecolor($target_width, $target_height);
+ imagecopy(
+ $thumb,
+ $temp_gdim,
+ 0, 0,
+ $x0, $y0,
+ $target_width, $target_height
+ );
+
+ ob_start();
+ switch ($target_type) {
+ case IMAGETYPE_GIF:
+ $ret = imagegif($thumb);
+ break;
+ case IMAGETYPE_JPEG:
+ $ret = imagejpeg($thumb);
+ break;
+ case IMAGETYPE_PNG:
+ $ret = imagepng($thumb);
+ break;
+ default:
+ assert(0);
+ }
+ $result = ob_get_clean();
+
+ if (!$ret) {
+ show_error("Failed to create thumbnail");
+ }
+
+ imagedestroy($thumb);
+ imagedestroy($temp_gdim);
+ imagedestroy($source_gdim);
+
+ return $result;
+ }
+
+ // Add a hash to the DB
+ function add_file($hash, $id, $filename)
+ {
+ $userid = $this->muser->get_userid();
+
+ $mimetype = $this->mimetype($this->file($hash));
+
+ $filesize = filesize($this->file($hash));
+ $query = $this->db->query('
+ INSERT INTO `files` (`hash`, `id`, `filename`, `user`, `date`, `mimetype`, `filesize`)
+ VALUES (?, ?, ?, ?, ?, ?, ?)',
+ array($hash, $id, $filename, $userid, time(), $mimetype, $filesize));
+ }
+
+ function adopt($id)
+ {
+ $userid = $this->muser->get_userid();
+
+ $this->db->query("
+ UPDATE files
+ SET user = ?
+ WHERE id = ?
+ ", array($userid, $id));
+ }
+
+ // remove old/invalid/broken IDs
+ function valid_id($id)
+ {
+ $filedata = $this->get_filedata($id);
+ if (!$filedata) {
+ return false;
+ }
+ $file = $this->file($filedata['hash']);
+
+ if (!file_exists($file)) {
+ if (isset($filedata["hash"])) {
+ $this->db->query('DELETE FROM files WHERE hash = ?', array($filedata['hash']));
+ }
+ return false;
+ }
+
+ // 0 age disables age checks
+ if ($this->config->item('upload_max_age') == 0) return true;
+
+ // small files don't expire
+ if (filesize($file) <= $this->config->item("small_upload_size")) {
+ return true;
+ }
+
+ // files older than this should be removed
+ $remove_before = (time()-$this->config->item('upload_max_age'));
+
+ if ($filedata["date"] < $remove_before) {
+ // if the file has been uploaded multiple times the mtime is the time
+ // of the last upload
+ if (filemtime($file) < $remove_before) {
+ unlink($file);
+ $this->db->query('DELETE FROM files WHERE hash = ?', array($filedata['hash']));
+ } else {
+ $this->db->query('DELETE FROM files WHERE id = ? LIMIT 1', array($id));
+ }
+ return false;
+ }
+
+ return true;
+ }
+
+ function get_timeout_string($id)
+ {
+ $filedata = $this->get_filedata($id);
+ $file = $this->file($filedata["hash"]);
+
+ if (filesize($file) > $this->config->item("small_upload_size")) {
+ return date("r", $filedata["date"] + $this->config->item("upload_max_age"));
+ } else {
+ return "unknown";
+ }
+ }
+
+ private function unused_file($hash)
+ {
+ $sql = '
+ SELECT id
+ FROM `files`
+ WHERE `hash` = ?
+ LIMIT 1';
+ $query = $this->db->query($sql, array($hash));
+
+ if ($query->num_rows() == 0) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ function delete_id($id)
+ {
+ $filedata = $this->get_filedata($id);
+ $userid = $this->muser->get_userid();
+
+ if (!$this->id_exists($id)) {
+ return false;
+ }
+
+ $sql = '
+ DELETE
+ FROM `files`
+ WHERE `id` = ?
+ AND user = ?
+ LIMIT 1';
+ $this->db->query($sql, array($id, $userid));
+
+ if ($this->id_exists($id)) {
+ return false;
+ }
+
+ if ($this->unused_file($filedata['hash'])) {
+ unlink($this->file($filedata['hash']));
+ @rmdir($this->folder($filedata['hash']));
+ }
+ return true;
+ }
+
+ public function get_lexers() {
+ $this->load->driver('cache', array('adapter' => $this->config->item("cache_backend")));
+ if (! $lexers = $this->cache->get('lexers')) {
+ $lexers = array();
+ $last_desc = "";
+ exec("python ".escapeshellarg(FCPATH."scripts/get_lexer_list.py"), $output);
+
+ foreach ($output as $line) {
+ list($name, $desc) = explode("|", $line);
+ if ($desc == $last_desc) {
+ continue;
+ }
+ $last_desc = $desc;
+ $lexers[$name] = $desc;
+ }
+ $lexers["text"] = "Plain text";
+ $this->cache->save('lexers', $lexers, 1800);
+ }
+
+ return $lexers;
+ }
+
+ public function should_highlight($type)
+ {
+ if ($this->mime2lexer($type)) return true;
+
+ return false;
+ }
+
+ // Allow certain types to be highlight without doing it automatically
+ public function can_highlight($type)
+ {
+ $typearray = array(
+ 'image/svg+xml',
+ );
+ if (in_array($type, $typearray)) return true;
+
+ if ($this->mime2lexer($type)) return true;
+
+ return false;
+ }
+
+ // Return the lexer that should be used for highlighting
+ public function autodetect_lexer($type, $filename)
+ {
+ if (!$this->can_highlight($type)) {
+ return false;
+ }
+
+ $lexer = $this->mime2lexer($type);
+
+ // filename lexers overwrite mime type mappings
+ $filename_lexer = $this->filename2lexer($filename);
+ if ($filename_lexer) {
+ return $filename_lexer;
+ }
+
+ return $lexer;
+ }
+
+ // Map MIME types to lexers needed for highlighting
+ private function mime2lexer($type)
+ {
+ $typearray = array(
+ 'application/javascript' => 'javascript',
+ 'application/mbox' => 'text',
+ 'application/smil' => 'ocaml',
+ 'application/x-applix-spreadsheet' => 'actionscript',
+ 'application/x-awk' => 'awk',
+ 'application/x-desktop' => 'text',
+ 'application/x-fluid' => 'text',
+ 'application/x-genesis-rom' => 'text',
+ 'application/x-java' => 'java',
+ 'application/x-m4' => 'text',
+ 'application/xml-dtd' => "xml",
+ 'application/xml' => 'xml',
+ 'application/x-perl' => 'perl',
+ 'application/x-php' => 'php',
+ 'application/x-ruby' => 'ruby',
+ 'application/x-shellscript' => 'bash',
+ 'application/xslt+xml' => "xml",
+ 'application/x-x509-ca-cert' => 'text',
+ 'message/rfc822' => 'text',
+ 'text/css' => 'css',
+ 'text/html' => 'xml',
+ 'text/plain-ascii' => 'ascii',
+ 'text/plain' => 'text',
+ 'text/troff' => 'groff',
+ 'text/x-asm' => 'nasm',
+ 'text/x-awk' => 'awk',
+ 'text/x-c' => 'c',
+ 'text/x-c++' => 'cpp',
+ 'text/x-c++hdr' => 'c',
+ 'text/x-chdr' => 'c',
+ 'text/x-csrc' => 'c',
+ 'text/x-c++src' => 'cpp',
+ 'text/x-diff' => 'diff',
+ 'text/x-gawk' => 'awk',
+ 'text/x-haskell' => 'haskell',
+ 'text/x-java' => 'java',
+ 'text/x-lisp' => 'cl',
+ 'text/x-literate-haskell' => 'haskell',
+ 'text/x-lua' => 'lua',
+ 'text/x-makefile' => 'make',
+ 'text/x-ocaml' => 'ocaml',
+ 'text/x-patch' => 'diff',
+ 'text/x-perl' => 'perl',
+ 'text/x-php' => 'php',
+ 'text/x-python' => 'python',
+ 'text/x-ruby' => 'ruby',
+ 'text/x-scheme' => 'scheme',
+ 'text/x-shellscript' => 'bash',
+ 'text/x-subviewer' => 'bash',
+ 'text/x-tcl' => 'tcl',
+ 'text/x-tex' => 'tex',
+ );
+ if (array_key_exists($type, $typearray)) return $typearray[$type];
+
+ if (strpos($type, 'text/') === 0) return 'text';
+
+ # default
+ return false;
+ }
+
+ // Map special filenames to lexers
+ private function filename2lexer($name)
+ {
+ $namearray = array(
+ 'PKGBUILD' => 'bash',
+ '.vimrc' => 'vim'
+ );
+ if (array_key_exists($name, $namearray)) return $namearray[$name];
+
+
+ if (strpos($name, ".") !== false) {
+ $extension = substr($name, strrpos($name, ".") + 1);
+
+ $extensionarray = array(
+ 'coffee' => 'coffee-script',
+ 'mli' => 'ocaml',
+ 'mll' => 'ocaml',
+ 'ml' => 'ocaml',
+ 'mly' => 'ocaml',
+ 'tcl' => 'tcl',
+ 'tex' => 'tex',
+ );
+ if (array_key_exists($extension, $extensionarray)) return $extensionarray[$extension];
+ }
+
+ return false;
+ }
+
+ // Handle lexer aliases
+ public function resolve_lexer_alias($alias)
+ {
+ if ($alias === false) return false;
+ $aliasarray = array(
+ 'py' => 'python',
+ 'sh' => 'bash',
+ 's' => 'asm',
+ 'pl' => 'perl'
+ );
+ if (array_key_exists($alias, $aliasarray)) return $aliasarray[$alias];
+
+ return $alias;
+ }
+
+}
+
+# vim: set noet:
diff --git a/application/models/muser.php b/application/models/muser.php
new file mode 100644
index 000000000..7a3627b18
--- /dev/null
+++ b/application/models/muser.php
@@ -0,0 +1,283 @@
+<?php
+/*
+ * Copyright 2012-2013 Florian "Bluewind" Pritz <bluewind@server-speed.net>
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+
+class Muser extends CI_Model {
+
+ private $default_upload_id_limits = "3-6";
+
+ function __construct()
+ {
+ parent::__construct();
+
+ if ($this->has_session() && !$this->logged_in()) {
+ $this->session->keep_flashdata("uri");
+ }
+
+ $this->load->helper("filebin");
+ $this->load->driver("duser");
+ }
+
+ function has_session()
+ {
+ // checking $this doesn't work
+ $CI =& get_instance();
+ if (property_exists($CI, "session")) {
+ return true;
+ }
+
+ // Only load the session class if we already have a cookie that might need to be renewed.
+ // Otherwise we just create lots of stale sessions.
+ if (isset($_COOKIE[$this->config->item("sess_cookie_name")])) {
+ $this->load->library("session");
+ return true;
+ }
+
+ return false;
+ }
+
+ function require_session()
+ {
+ if (!$this->has_session()) {
+ $this->load->library("session");
+ }
+ }
+
+ function logged_in()
+ {
+ if ($this->has_session()) {
+ return $this->session->userdata('logged_in') == true;
+ }
+
+ return false;
+ }
+
+ function login($username, $password)
+ {
+ $this->require_session();
+ return $this->duser->login($username, $password);
+ }
+
+ private function login_cli_client()
+ {
+ $username = $this->input->post("username");
+ $password = $this->input->post("password");
+
+ // prefer post parameters if either (username or password) is set
+ if ($username === false && $password === false) {
+ if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
+ $username = $_SERVER['PHP_AUTH_USER'];
+ $password = $_SERVER['PHP_AUTH_PW'];
+ }
+ }
+
+ if ($username !== false && $password !== false) {
+ if ($this->login($username, $password)) {
+ return true;
+ } else {
+ show_error("Login failed", 401);
+ }
+ }
+
+ return null;
+ }
+
+ function apilogin($apikey)
+ {
+ $this->require_session();
+
+ // get rid of spaces and newlines
+ $apikey = trim($apikey);
+
+ $query = $this->db->query("
+ SELECT a.user userid
+ FROM apikeys a
+ WHERE a.key = ?
+ ", array($apikey))->row_array();
+
+ if (isset($query["userid"])) {
+ $this->session->set_userdata(array(
+ 'logged_in' => true,
+ 'username' => '',
+ 'userid' => $query["userid"],
+ 'access_level' => 'apikey',
+ ));
+ return true;
+ }
+
+ show_error("API key login failed", 401);
+ }
+
+ function logout()
+ {
+ $this->require_session();
+ $this->session->unset_userdata('logged_in');
+ $this->session->unset_userdata('username');
+ $this->session->unset_userdata('userid');
+ $this->session->sess_destroy();
+ }
+
+ function get_username()
+ {
+ if (!$this->logged_in()) {
+ return "";
+ }
+
+ return $this->session->userdata('username');
+ }
+
+ function get_userid()
+ {
+ if (!$this->logged_in()) {
+ return 0;
+ }
+
+ return $this->session->userdata("userid");
+ }
+
+ function get_email($userid)
+ {
+ return $this->duser->get_email($userid);
+ }
+
+ private function check_access_level($wanted_level)
+ {
+ $session_level = $this->session->userdata("access_level");
+
+ // last level has the most access
+ $levels = array("apikey", "full");
+
+ $wanted = array_search($wanted_level, $levels);
+ $have = array_search($session_level, $levels);
+
+ if ($wanted === false || $have === false) {
+ show_error("Failed to determine access level");
+ }
+
+ if ($have >= $wanted) {
+ return true;
+ }
+
+ show_error("Access denied: Access level too low", 403);
+ }
+
+ function require_access($wanted_level = "full")
+ {
+ if ($this->input->post("apikey") !== false) {
+ $this->apilogin($this->input->post("apikey"));
+ }
+
+ if (is_cli_client()) {
+ $this->login_cli_client();
+ }
+
+ if ($this->logged_in()) {
+ return $this->check_access_level($wanted_level);
+ }
+
+ if (!stateful_client()) {
+ show_error("Not authenticated. FileBin requires you to have an account, please go to the homepage for more information.\n", 401);
+ }
+
+ // desktop clients get redirected to the login form
+ $this->require_session();
+ if (!$this->session->userdata("flash:new:uri")) {
+ $this->session->set_flashdata("uri", $this->uri->uri_string());
+ }
+ redirect('user/login');
+ exit();
+ }
+
+ function username_exists($username)
+ {
+ return $this->duser->username_exists($username);
+ }
+
+ function get_action($action, $key)
+ {
+ $query = $this->db->query("
+ SELECT *
+ FROM actions
+ WHERE `key` = ?
+ AND `action` = ?
+ ", array($key, $action))->row_array();
+
+ if (!isset($query["key"]) || $key != $query["key"]) {
+ show_error("Invalid action key");
+ }
+
+ return $query;
+ }
+
+ public function get_profile_data()
+ {
+ $userid = $this->get_userid();
+
+ $fields = array(
+ "user" => $userid,
+ "upload_id_limits" => $this->default_upload_id_limits,
+ );
+
+ $query = $this->db->query("
+ SELECT ".implode(", ", array_keys($fields))."
+ FROM `profiles`
+ WHERE user = ?
+ ", array($userid))->row_array();
+
+ $extra_fields = array(
+ "username" => $this->get_username(),
+ "email" => $this->get_email($userid),
+ );
+
+ return array_merge($fields, $query, $extra_fields);
+ }
+
+ public function update_profile($data)
+ {
+ assert(is_array($data));
+
+ $data["user"] = $this->get_userid();
+
+ $exists_in_db = $this->db->get_where("profiles", array("user" => $data["user"]))->num_rows() > 0;
+
+ if ($exists_in_db) {
+ $this->db->where("user", $data["user"]);
+ $this->db->update("profiles", $data);
+ } else {
+ $this->db->insert("profiles", $data);
+ }
+ }
+
+ public function get_upload_id_limits()
+ {
+ $userid = $this->get_userid();
+
+ $query = $this->db->query("
+ SELECT upload_id_limits
+ FROM `profiles`
+ WHERE user = ?
+ ", array($userid))->row_array();
+
+ if (empty($query)) {
+ return explode("-", $this->default_upload_id_limits);
+ }
+
+ return explode("-", $query["upload_id_limits"]);
+ }
+
+ function hash_password($password)
+ {
+
+ require_once APPPATH."third_party/PasswordHash.php";
+
+ $hasher = new PasswordHash(9, false);
+ return $hasher->HashPassword($password);
+ }
+
+}
+
diff --git a/application/third_party/PasswordHash.php b/application/third_party/PasswordHash.php
new file mode 100644
index 000000000..84447b277
--- /dev/null
+++ b/application/third_party/PasswordHash.php
@@ -0,0 +1,253 @@
+<?php
+#
+# Portable PHP password hashing framework.
+#
+# Version 0.3 / genuine.
+#
+# Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in
+# the public domain. Revised in subsequent years, still public domain.
+#
+# There's absolutely no warranty.
+#
+# The homepage URL for this framework is:
+#
+# http://www.openwall.com/phpass/
+#
+# Please be sure to update the Version line if you edit this file in any way.
+# It is suggested that you leave the main version number intact, but indicate
+# your project name (after the slash) and add your own revision information.
+#
+# Please do not change the "private" password hashing method implemented in
+# here, thereby making your hashes incompatible. However, if you must, please
+# change the hash type identifier (the "$P$") to something different.
+#
+# Obviously, since this code is in the public domain, the above are not
+# requirements (there can be none), but merely suggestions.
+#
+class PasswordHash {
+ var $itoa64;
+ var $iteration_count_log2;
+ var $portable_hashes;
+ var $random_state;
+
+ function PasswordHash($iteration_count_log2, $portable_hashes)
+ {
+ $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
+
+ if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)
+ $iteration_count_log2 = 8;
+ $this->iteration_count_log2 = $iteration_count_log2;
+
+ $this->portable_hashes = $portable_hashes;
+
+ $this->random_state = microtime();
+ if (function_exists('getmypid'))
+ $this->random_state .= getmypid();
+ }
+
+ function get_random_bytes($count)
+ {
+ $output = '';
+ if (@is_readable('/dev/urandom') &&
+ ($fh = @fopen('/dev/urandom', 'rb'))) {
+ $output = fread($fh, $count);
+ fclose($fh);
+ }
+
+ if (strlen($output) < $count) {
+ $output = '';
+ for ($i = 0; $i < $count; $i += 16) {
+ $this->random_state =
+ md5(microtime() . $this->random_state);
+ $output .=
+ pack('H*', md5($this->random_state));
+ }
+ $output = substr($output, 0, $count);
+ }
+
+ return $output;
+ }
+
+ function encode64($input, $count)
+ {
+ $output = '';
+ $i = 0;
+ do {
+ $value = ord($input[$i++]);
+ $output .= $this->itoa64[$value & 0x3f];
+ if ($i < $count)
+ $value |= ord($input[$i]) << 8;
+ $output .= $this->itoa64[($value >> 6) & 0x3f];
+ if ($i++ >= $count)
+ break;
+ if ($i < $count)
+ $value |= ord($input[$i]) << 16;
+ $output .= $this->itoa64[($value >> 12) & 0x3f];
+ if ($i++ >= $count)
+ break;
+ $output .= $this->itoa64[($value >> 18) & 0x3f];
+ } while ($i < $count);
+
+ return $output;
+ }
+
+ function gensalt_private($input)
+ {
+ $output = '$P$';
+ $output .= $this->itoa64[min($this->iteration_count_log2 +
+ ((PHP_VERSION >= '5') ? 5 : 3), 30)];
+ $output .= $this->encode64($input, 6);
+
+ return $output;
+ }
+
+ function crypt_private($password, $setting)
+ {
+ $output = '*0';
+ if (substr($setting, 0, 2) == $output)
+ $output = '*1';
+
+ $id = substr($setting, 0, 3);
+ # We use "$P$", phpBB3 uses "$H$" for the same thing
+ if ($id != '$P$' && $id != '$H$')
+ return $output;
+
+ $count_log2 = strpos($this->itoa64, $setting[3]);
+ if ($count_log2 < 7 || $count_log2 > 30)
+ return $output;
+
+ $count = 1 << $count_log2;
+
+ $salt = substr($setting, 4, 8);
+ if (strlen($salt) != 8)
+ return $output;
+
+ # We're kind of forced to use MD5 here since it's the only
+ # cryptographic primitive available in all versions of PHP
+ # currently in use. To implement our own low-level crypto
+ # in PHP would result in much worse performance and
+ # consequently in lower iteration counts and hashes that are
+ # quicker to crack (by non-PHP code).
+ if (PHP_VERSION >= '5') {
+ $hash = md5($salt . $password, TRUE);
+ do {
+ $hash = md5($hash . $password, TRUE);
+ } while (--$count);
+ } else {
+ $hash = pack('H*', md5($salt . $password));
+ do {
+ $hash = pack('H*', md5($hash . $password));
+ } while (--$count);
+ }
+
+ $output = substr($setting, 0, 12);
+ $output .= $this->encode64($hash, 16);
+
+ return $output;
+ }
+
+ function gensalt_extended($input)
+ {
+ $count_log2 = min($this->iteration_count_log2 + 8, 24);
+ # This should be odd to not reveal weak DES keys, and the
+ # maximum valid value is (2**24 - 1) which is odd anyway.
+ $count = (1 << $count_log2) - 1;
+
+ $output = '_';
+ $output .= $this->itoa64[$count & 0x3f];
+ $output .= $this->itoa64[($count >> 6) & 0x3f];
+ $output .= $this->itoa64[($count >> 12) & 0x3f];
+ $output .= $this->itoa64[($count >> 18) & 0x3f];
+
+ $output .= $this->encode64($input, 3);
+
+ return $output;
+ }
+
+ function gensalt_blowfish($input)
+ {
+ # This one needs to use a different order of characters and a
+ # different encoding scheme from the one in encode64() above.
+ # We care because the last character in our encoded string will
+ # only represent 2 bits. While two known implementations of
+ # bcrypt will happily accept and correct a salt string which
+ # has the 4 unused bits set to non-zero, we do not want to take
+ # chances and we also do not want to waste an additional byte
+ # of entropy.
+ $itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+
+ $output = '$2a$';
+ $output .= chr(ord('0') + $this->iteration_count_log2 / 10);
+ $output .= chr(ord('0') + $this->iteration_count_log2 % 10);
+ $output .= '$';
+
+ $i = 0;
+ do {
+ $c1 = ord($input[$i++]);
+ $output .= $itoa64[$c1 >> 2];
+ $c1 = ($c1 & 0x03) << 4;
+ if ($i >= 16) {
+ $output .= $itoa64[$c1];
+ break;
+ }
+
+ $c2 = ord($input[$i++]);
+ $c1 |= $c2 >> 4;
+ $output .= $itoa64[$c1];
+ $c1 = ($c2 & 0x0f) << 2;
+
+ $c2 = ord($input[$i++]);
+ $c1 |= $c2 >> 6;
+ $output .= $itoa64[$c1];
+ $output .= $itoa64[$c2 & 0x3f];
+ } while (1);
+
+ return $output;
+ }
+
+ function HashPassword($password)
+ {
+ $random = '';
+
+ if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) {
+ $random = $this->get_random_bytes(16);
+ $hash =
+ crypt($password, $this->gensalt_blowfish($random));
+ if (strlen($hash) == 60)
+ return $hash;
+ }
+
+ if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) {
+ if (strlen($random) < 3)
+ $random = $this->get_random_bytes(3);
+ $hash =
+ crypt($password, $this->gensalt_extended($random));
+ if (strlen($hash) == 20)
+ return $hash;
+ }
+
+ if (strlen($random) < 6)
+ $random = $this->get_random_bytes(6);
+ $hash =
+ $this->crypt_private($password,
+ $this->gensalt_private($random));
+ if (strlen($hash) == 34)
+ return $hash;
+
+ # Returning '*' on error is safe here, but would _not_ be safe
+ # in a crypt(3)-like function used _both_ for generating new
+ # hashes and for validating passwords against existing hashes.
+ return '*';
+ }
+
+ function CheckPassword($password, $stored_hash)
+ {
+ $hash = $this->crypt_private($password, $stored_hash);
+ if ($hash[0] == '*')
+ $hash = crypt($password, $stored_hash);
+
+ return $hash == $stored_hash;
+ }
+}
+
+?>
diff --git a/application/views/contact.php b/application/views/contact.php
new file mode 100644
index 000000000..6497ab6a7
--- /dev/null
+++ b/application/views/contact.php
@@ -0,0 +1 @@
+<?php echo $contact_info; ?>
diff --git a/application/views/file/client.php b/application/views/file/client.php
new file mode 100644
index 000000000..29e254a80
--- /dev/null
+++ b/application/views/file/client.php
@@ -0,0 +1,48 @@
+<h1>Client</h1>
+
+<p>
+ Development (git): <?php echo anchor("http://git.server-speed.net/users/flo/fb/"); ?><br />
+ Latest release: <?php echo $client_link ? anchor($client_link) : "unknown"; ?><br />
+ GPG sigs, older versions: <a href="<?php echo $client_link_dir; ?>"><?php echo $client_link_dir; ?></a>
+</p>
+
+<p>To authenticate add the following to your ~/.netrc:</p>
+
+<pre>
+machine <?php echo $domain; ?> login my_username password my_secret_password
+</pre>
+
+<p>
+ If you are using fb-client &ge;1.2 you can
+ <a href="<?php echo site_url("user/apikeys"); ?>">create an API key</a>,
+ save it in <code>~/.config/fb-client/apikey</code> and remove
+ your password from <code>.netrc</code>. Please refer to <code>man
+ 1 fb</code> for further details.
+</p>
+
+<p>
+ If you are using fb-client &ge;1.1 you can use
+ <code>~/.config/fb-client/config</code> to upload to a different
+ pastebin URL (https or you own installation). Please refer to
+ <code>man 1 fb</code> for further details.
+</p>
+
+<h2>Linux</h2>
+<p>
+ Arch Linux: pacman -S fb-client<br />
+ Debian: <?php echo anchor($client_link_deb); ?><br />
+ Slackware: <?php echo anchor($client_link_slackware); ?>
+</p>
+
+<h2>OS X</h2>
+<p>
+ Get <a href="http://brew.sh">Homebrew</a> and run <code>brew install fb-client</code>.
+</p>
+
+<h1>Shell</h1>
+
+<pre>
+curl -n -F "file=@/home/user/foo" <?php echo site_url("file/do_upload"); ?> (binary safe)
+cat file | curl -n -F "file=@-;filename=stdin" <?php echo site_url("file/do_upload"); ?> (binary safe)
+</pre>
+
diff --git a/application/views/file/deleted.php b/application/views/file/deleted.php
new file mode 100644
index 000000000..8a5818f2d
--- /dev/null
+++ b/application/views/file/deleted.php
@@ -0,0 +1,11 @@
+<div class="center">
+ <?php if (!empty($errors)) {
+ echo "<p>";
+ foreach ($errors as $error) {
+ echo "${error["id"]}: ${error["reason"]}<br>\n";
+ }
+ echo "</p>";
+ } ?>
+
+ <p><?php echo $deleted_count; ?> of <?php echo $total_count; ?> deleted.</p>
+</div>
diff --git a/application/views/file/file_info.php b/application/views/file/file_info.php
new file mode 100644
index 000000000..82a3e4f81
--- /dev/null
+++ b/application/views/file/file_info.php
@@ -0,0 +1,30 @@
+<div class="center">
+ <?php if($filedata): ?>
+ <table style="margin: auto">
+ <tr>
+ <td class="title">ID</td>
+ <td class="text"><a href="<?php echo site_url($id); ?>/"><?php echo $id; ?></a></td>
+ </tr>
+ <tr>
+ <td class="title">Filename</td>
+ <td class="text"><?php echo htmlspecialchars($filedata["filename"]); ?></td>
+ </tr>
+ <tr>
+ <td class="title">Date of upload</td>
+ <td class="text"><?php echo date("r", $filedata["date"]); ?></td>
+ </tr>
+ <tr>
+ <td class="title">Date of removal</td>
+ <td class="text"><?php echo $timeout; ?></td>
+ </tr>
+ <tr>
+ <td class="title">Size</td>
+ <td class="text"><?php echo format_bytes($filedata["filesize"]); ?></td>
+ </tr>
+ <tr>
+ <td class="title">Mimetype</td>
+ <td class="text"><?php echo $filedata["mimetype"]; ?></td>
+ </tr>
+ </table>
+ <?php endif; ?>
+</div>
diff --git a/application/views/file/html_footer.php b/application/views/file/html_footer.php
new file mode 100644
index 000000000..bbec7ebd1
--- /dev/null
+++ b/application/views/file/html_footer.php
@@ -0,0 +1,6 @@
+ </div>
+ </div>
+
+<?php
+$force_full_html = true;
+include(FCPATH."application/views/footer.php");
diff --git a/application/views/file/html_header.php b/application/views/file/html_header.php
new file mode 100644
index 000000000..c40c35bca
--- /dev/null
+++ b/application/views/file/html_header.php
@@ -0,0 +1,94 @@
+<?php
+$force_full_html = true;
+include(FCPATH."application/views/header.php"); ?>
+
+ </div>
+
+ <script type="text/javascript">
+ /* <![CDATA[ */
+ window.lexers = <?php echo json_encode($lexers); ?>;
+ window.paste_base = '<?php echo site_url($id) ?>';
+ /* ]]> */
+ </script>
+
+ <?php if (isset($error_message)) { ?>
+ <div class="alert alert-block alert-error" style="text-align: center">
+ <?php echo $error_message; ?>
+ </div>
+ <?php } ?>
+
+ <div class="container paste-container">
+ <div style="border:1px solid #ccc;">
+ <div class="navbar navbar-static-top">
+ <div class="navbar-inner" style="box-shadow: none;">
+ <ul class="nav">
+ <li><a href="#file-info" class="brand" data-toggle="modal"><?php echo $title ?></a></li>
+ <li class="divider-vertical"></li>
+ <li class="dropdown">
+ <a href="#" class="dropdown-toggle" data-toggle="dropdown" id="language-toggle">
+ Language: <?php echo htmlspecialchars($current_highlight); ?>
+ <b class="caret"></b>
+ </a>
+ <div class="dropdown-menu" style="padding: 15px; padding-bottom: 0px;">
+ <form>
+ <input type="text" id="language" placeholder="Language" class="input-medium">
+ </form>
+ </div>
+ </li>
+ <li class="divider-vertical"></li>
+ <li>
+ <a href="#file-info" role="button" data-toggle="modal">Info</a>
+ <div id="file-info" class="modal hide fade">
+ <div class="modal-header">
+ <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
+ <h3>Paste Information</h3>
+ </div>
+ <div class="modal-body">
+ <table class="table">
+ <tr>
+ <td style="border:0;">Filename:</td>
+ <td style="border:0;"><?php echo htmlspecialchars($filedata["filename"]) ?></td>
+ </tr>
+ <tr>
+ <td>Size:</td>
+ <td><?php echo format_bytes($filedata["filesize"]) ?></td>
+ </tr>
+ <tr>
+ <td>Mimetype:</td>
+ <td><?php echo $filedata["mimetype"] ?></td>
+ </tr>
+ <tr>
+ <td>Uploaded:</td>
+ <td><?php echo date("r", $filedata["date"]) ?></td>
+ </tr>
+ <tr>
+ <td>Removal:</td>
+ <td><?php echo $timeout ?></td>
+ </tr>
+ </table>
+ </div>
+ <div class="modal-footer">
+ <?php echo form_open("file/do_delete/", array("style" => "display: inline")); ?>
+ <input type="hidden" name="ids[<?php echo $id; ?>]" value="<?php echo $id; ?>">
+ <button class="btn btn-danger pull-left" aria-hidden="true">Delete</button>
+ </form>
+ <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
+ </div>
+ </div>
+ </li>
+ <li class="divider-vertical"></li>
+ <li><a href="<?php echo site_url('file/index?repaste='.$id); ?>" role="button">Repaste</a></li>
+ </ul>
+ <div class="btn-group pull-right" style="margin-top: 7px; margin-right:-10px;">
+ <a id="linewrap" class="btn btn-small" rel="tooltip" title="Toggle wrapping of long lines">Linewrap</a>
+ <a href="<?php echo site_url($id."/plain") ?>" class="btn btn-small" rel="tooltip" title="View as plain text">Plain</a>
+ <a href="<?php echo site_url($id) ?>" class="btn btn-small" rel="tooltip" title="View as raw file (org. mime type)">Raw</a>
+ <?php if ($current_highlight === 'rmd') { ?>
+ <a href="<?php echo site_url($id)."/" ?>" class="btn btn-small" rel="tooltip" title="Render as Code">Code</a>
+ <?php } else { ?>
+ <a href="<?php echo site_url($id."/rmd") ?>" class="btn btn-small" rel="tooltip" title="Render as Markdown">Markdown</a>
+ <?php } ?>
+ </div>
+ </div>
+ </div>
+ <div>
diff --git a/application/views/file/nav_history.php b/application/views/file/nav_history.php
new file mode 100644
index 000000000..1a3e55c0b
--- /dev/null
+++ b/application/views/file/nav_history.php
@@ -0,0 +1,18 @@
+<ul class="nav nav-tabs">
+<?php
+$nav = array(
+ "List" => "file/upload_history",
+ "Thumbnails" => "file/upload_history_thumbnails",
+);
+
+$CI =& get_instance();
+
+foreach ($nav as $key => $item) {
+ ?>
+ <li <?php echo $CI->uri->uri_string() == $item ? 'class="active"' : ''; ?>>
+ <a href="<?php echo site_url($item); ?>"><?php echo $key; ?></a>
+ </li>
+ <?php
+}
+?>
+</ul>
diff --git a/application/views/file/non_existent.php b/application/views/file/non_existent.php
new file mode 100644
index 000000000..13d8c6950
--- /dev/null
+++ b/application/views/file/non_existent.php
@@ -0,0 +1,3 @@
+<div class="center">
+ <p>I'm sorry, but the requested file doesn't exist.</p>
+</div>
diff --git a/application/views/file/show_url.php b/application/views/file/show_url.php
new file mode 100644
index 000000000..a3d965717
--- /dev/null
+++ b/application/views/file/show_url.php
@@ -0,0 +1,8 @@
+<div class="center">
+ <p>You can get your file(s) here:</p>
+ <p>
+ <?php foreach ($urls as $key => $url) { ?>
+ <a href="<?php echo $url; ?>"><?php echo $url; ?></a><br />
+ <?php } ?>
+ </p>
+</div>
diff --git a/application/views/file/upload_form.php b/application/views/file/upload_form.php
new file mode 100644
index 000000000..21a2cc4e6
--- /dev/null
+++ b/application/views/file/upload_form.php
@@ -0,0 +1,82 @@
+<?php if (user_logged_in()) { ?>
+<div class="well">
+ <div class="row-fluid">
+ <div class="span12 text-upload-form">
+ <?php echo form_open_multipart('file/do_paste'); ?>
+ <h2>Text paste</h2>
+ <textarea name="content" class="text-upload span12"><?php
+ if (isset($textarea_content)) {
+ echo $textarea_content;
+ }
+ ?></textarea><br>
+ <button type="submit" class="btn btn-primary">Paste it!</button>
+ </form>
+ </div>
+ </div>
+ <div class="row-fluid">
+ <div class="span6">
+ <?php echo form_open_multipart('file/do_upload'); ?>
+ <h2>File upload</h2>
+ <input class="file-upload" type="file" name="file[]" multiple="multiple"><br>
+ <button type="submit" id="upload_button" class="btn btn-primary">Upload it!</button>
+ </form>
+ </div>
+ <div class="span6 alert alert-block alert-info">
+ <h4 class="alert-heading">Notice!</h4>
+ <p>
+ Uploads/pastes are <?php if ($upload_max_age > 0) {
+ echo "deleted after ".$upload_max_age." days";
+ if ($small_upload_size > 0) {
+ echo " unless they are smaller than ".format_bytes($small_upload_size);
+ }
+ } else {
+ echo "stored forever";
+ } ?>. Maximum upload size is <?php echo format_bytes($max_upload_size); ?>.
+ You can upload a maximum of <?php echo ini_get("max_file_uploads"); ?> files at once.
+ </p>
+ </div>
+ </div>
+</div>
+
+<script type="text/javascript">
+ /* <![CDATA[ */
+ var max_upload_size = "<?php echo $max_upload_size; ?>";
+ /* ]]> */
+</script>
+
+<?php } else { ?>
+ <?php echo form_open('user/login'); ?>
+ <input type="text" name="username" placeholder="Username" autofocus />
+ <input type="password" name="password" placeholder="Password" />
+ <input type="submit" class="btn btn-primary" value="Login" name="process" style="margin-bottom: 9px" />
+ <?php if(auth_driver_function_implemented("can_reset_password")) { ?>
+ <p style="display: inline"><?php echo anchor("user/reset_password", "Forgot your password?"); ?></p>
+ <?php } ?>
+ </form>
+<?php } ?>
+<div class="row">
+ <div class="span6">
+ <div class="page-header"><h1>Features</h1></div>
+ <p>For shell uploading/pasting and download information for the client go to <a href="<?php echo site_url("file/client"); ?>"><?php echo site_url("file/client"); ?></a></p>
+ <p>You can use the <?php echo anchor("file/upload_history", "history"); ?> to find old uploads.</p>
+ <h3>How to link your pastes:</h3>
+ <dl class="dl-horizontal">
+ <dt>/&lt;ID&gt;/</dt><dd>automatically highlight the paste</dd>
+ <dt>/&lt;ID&gt;</dt><dd>set the detected MIME type and let the browser do the rest</dd>
+ <dt>/&lt;ID&gt;/plain</dt><dd>force the MIME type to be text/plain</dd>
+ <dt>/&lt;ID&gt;/&lt;file extension&gt;</dt><dd>override auto detection and use the supplied file extension or language name for highlighting</dd>
+ <dt>/&lt;ID&gt;/qr</dt><dd>display a qr code containing a link to <span class="example">/&lt;ID&gt;/</span></dd>
+ <dt>/&lt;ID&gt;/rmd</dt><dd>convert markdown to HTML</dd>
+ <dt>/&lt;ID&gt;/ascii</dt><dd>convert text with ANSI (shell) escape codes to HTML</dd>
+ <dt>/&lt;ID&gt;/info</dt><dd>display some information about the ID</dd>
+ </dl>
+ <p>If your upload is not detected as text, only <b>/&lt;ID&gt;/qr</b>, <b>/&lt;ID&gt;/plain</b> and <b>/&lt;ID&gt;/info</b> will work as above and all others will simply return the file with the detected MIME type.</p>
+ </div>
+ <div class="span6">
+ <div class="page-header"><h1>Information</h1></div>
+ <p>This website's primary goal is aiding developers, power users, students and alike in solving problems, debugging software, sharing their configuration, etc. It is not intended to distribute confidential or harmful information, scripts or software.</p>
+ <?php if(auth_driver_function_implemented("can_register_new_users")) { ?>
+ <p>If you believe you deserve an account, ask someone who is already using this service to <a href="<?php echo site_url("user/invite"); ?>">invite</a> you.</p>
+ <?php } ?>
+ </div>
+</div>
diff --git a/application/views/file/upload_history.php b/application/views/file/upload_history.php
new file mode 100644
index 000000000..344afc28a
--- /dev/null
+++ b/application/views/file/upload_history.php
@@ -0,0 +1,31 @@
+<?php register_js_include("/data/js/jquery.tablesorter.min.js"); ?>
+<?php include 'nav_history.php'; ?>
+<?php echo form_open("file/do_delete") ?>
+ <table id="upload_history" class="table table-striped tablesorter">
+ <thead>
+ <tr>
+ <th><input type="checkbox" name="all-ids" id="history-all"></th>
+ <th>ID</th>
+ <th>Filename</th>
+ <th>Mimetype
+ <th>Date</th>
+ <th>Size</th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php foreach($query as $key => $item): ?>
+ <tr>
+ <td><input type="checkbox" name="ids[<?php echo $item["id"] ?>]" value="<?php echo $item["id"] ?>" class="delete-history"></td>
+ <td><a href="<?php echo site_url("/".$item["id"]) ?>/"><?php echo $item["id"] ?></a></td>
+ <td class="wrap"><?php echo htmlspecialchars($item["filename"]); ?></td>
+ <td><?php echo $item["mimetype"] ?></td>
+ <td class="nowrap"><?php echo date("r", $item["date"]); ?><span class="hidden">t=<?php echo $item["date"]; ?></span></td>
+ <td><?php echo $item["filesize"] ?></td>
+ </tr>
+ <?php endforeach; ?>
+ </tbody>
+ </table>
+ <input class="btn btn-danger" type="submit" value="Delete checked" name="process">
+</form>
+
+<p>Total sum of your distinct uploads: <?php echo $total_size; ?>.</p>
diff --git a/application/views/file/upload_history_thumbnails.php b/application/views/file/upload_history_thumbnails.php
new file mode 100644
index 000000000..f21ffcb23
--- /dev/null
+++ b/application/views/file/upload_history_thumbnails.php
@@ -0,0 +1,28 @@
+<div class="pull-right">
+ <?php echo form_open("file/do_delete/", array("id" => "delete_form", "style" => "display: inline")); ?>
+ <button class="btn btn-danger" id="delete_button" style="display: none">Delete selected</button>
+ </form>
+ <button class="btn" id="toggle_delete_mode" style="display: inline">Delete mode</button>
+</div>
+
+<?php include 'nav_history.php'; ?>
+
+<!-- Comment markers background: http://stackoverflow.com/a/14776780/953022 -->
+<div class="upload_history_thumbnails"><!--
+ <?php foreach($query as $key => $item): ?>
+ --><a href="<?php echo site_url("/".$item["id"]); ?>" title="<?php echo htmlentities($item["filename"]); ?>" data-content="<?php echo htmlentities($item["tooltip"]); ?>" data-id="<?php echo $item["id"]; ?>"><img class="thumb" src="<?php echo site_url("file/thumbnail/".$item["id"]); ?>"></a><!--
+ <?php endforeach; ?>
+ -->
+</div>
+
+<div class="row-fluid">
+ <div class="span12 alert alert-block alert-info">
+ <h4 class="alert-heading">Notice!</h4>
+ <p>
+ Currently only jpeg, png and gif images are displayed here. If you are
+ looking for something else, please switch to the
+ <a href="<?php echo site_url("file/upload_history"); ?>">list view</a>
+ which contains your complete history.
+ </p>
+ </div>
+</div>
diff --git a/application/views/file_plaintext/client.php b/application/views/file_plaintext/client.php
new file mode 100644
index 000000000..0ab556df2
--- /dev/null
+++ b/application/views/file_plaintext/client.php
@@ -0,0 +1,12 @@
+Shell (binary safe):
+ curl -n -F "file=@/home/user/foo" <?php echo site_url("file/do_upload")."\n"; ?>
+ cat file | curl -n -F "file=@-;filename=stdin" <?php echo site_url("file/do_upload")."\n"; ?>
+
+Client:
+Development (git): http://git.server-speed.net/users/flo/fb
+Latest release: <?php echo $client_link."\n"; ?>
+GPG sigs, older versions: <?php echo $client_link_dir."\n"; ?>
+
+To authenticate add the following to your ~/.netrc:
+ machine paste.xinu.at login my_username password my_secret_password
+
diff --git a/application/views/file_plaintext/deleted.php b/application/views/file_plaintext/deleted.php
new file mode 100644
index 000000000..347766092
--- /dev/null
+++ b/application/views/file_plaintext/deleted.php
@@ -0,0 +1,8 @@
+<?php if (!empty($errors)) {
+ echo implode("\n", $errors);
+} ?>
+<?php if (!empty($msgs)) {
+ echo implode("\n", $msgs);
+} ?>
+
+<?php echo $deleted_count; ?> of <?php echo $total_count; ?> deleted.
diff --git a/application/views/file_plaintext/footer.php b/application/views/file_plaintext/footer.php
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/application/views/file_plaintext/footer.php
diff --git a/application/views/file_plaintext/header.php b/application/views/file_plaintext/header.php
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/application/views/file_plaintext/header.php
diff --git a/application/views/file_plaintext/html_footer.php b/application/views/file_plaintext/html_footer.php
new file mode 100644
index 000000000..d46a93ce4
--- /dev/null
+++ b/application/views/file_plaintext/html_footer.php
@@ -0,0 +1 @@
+<?php include "application/views/file/html_footer.php"; ?>
diff --git a/application/views/file_plaintext/html_header.php b/application/views/file_plaintext/html_header.php
new file mode 100644
index 000000000..5cc4c40a7
--- /dev/null
+++ b/application/views/file_plaintext/html_header.php
@@ -0,0 +1 @@
+<?php include "application/views/file/html_header.php"; ?>
diff --git a/application/views/file_plaintext/non_existent.php b/application/views/file_plaintext/non_existent.php
new file mode 100644
index 000000000..7da92e954
--- /dev/null
+++ b/application/views/file_plaintext/non_existent.php
@@ -0,0 +1 @@
+I'm sorry, but the requested file doesn't exist.
diff --git a/application/views/file_plaintext/show_url.php b/application/views/file_plaintext/show_url.php
new file mode 100644
index 000000000..64050ddcd
--- /dev/null
+++ b/application/views/file_plaintext/show_url.php
@@ -0,0 +1,3 @@
+<?php
+echo implode(" ", $urls)."\n";
+
diff --git a/application/views/file_plaintext/upload_form.php b/application/views/file_plaintext/upload_form.php
new file mode 100644
index 000000000..a74e5d434
--- /dev/null
+++ b/application/views/file_plaintext/upload_form.php
@@ -0,0 +1,19 @@
+Uploads/pastes are deleted after <?php echo $upload_max_age; ?> days<?php if($small_upload_size > 0): ?> unless they are smaller than <?php echo format_bytes($small_upload_size); ?><?php endif; ?>.
+Maximum upload size is <?php echo format_bytes($max_upload_size); ?>.
+You can upload a maximum of <?php echo ini_get("max_file_uploads"); ?> files at once.
+
+How to link your uploads:
+ - "/<ID>/" automatically highlight the uploads
+ - "/<ID>" set the detected MIME type and let the browser do the rest
+ - "/<ID>/plain" force the MIME type to be text/plain
+ - "/<ID>/<file extension>" override auto detection and use the supplied
+ file extension or language name for highlighting
+ - "/<ID>/qr" display a qr code containing a link to /<ID>/
+ - "/<ID>/rmd" convert markdown to HTML
+ - "/<ID>/ascii" convert text with ANSI (shell) escape codes to HTML
+ - "/<ID>/info" display some information about the ID
+
+If your upload is not detected as text, only "/<ID>/qr", "/<ID>/plain"
+and "/<ID>/info" will work as above and all others will simply return
+the file with the detected MIME type.
+
diff --git a/application/views/file_plaintext/upload_history.php b/application/views/file_plaintext/upload_history.php
new file mode 100644
index 000000000..f0ed0fa95
--- /dev/null
+++ b/application/views/file_plaintext/upload_history.php
@@ -0,0 +1,21 @@
+<?php
+echo
+ mb_str_pad($fields["id"], $lengths["id"])." | "
+ .mb_str_pad($fields["filename"], $lengths["filename"])." | "
+ .mb_str_pad($fields["mimetype"], $lengths["mimetype"])." | "
+ .mb_str_pad($fields["date"], $lengths["date"])." | "
+ .mb_str_pad($fields["hash"], $lengths["hash"])." | "
+ .mb_str_pad($fields["filesize"], $lengths["filesize"])."\n";
+
+foreach($query as $key => $item) {
+ echo
+ mb_str_pad($item["id"], $lengths["id"])." | "
+ .mb_str_pad($item["filename"], $lengths["filename"])." | "
+ .mb_str_pad($item["mimetype"], $lengths["mimetype"])." | "
+ .date("r", $item["date"])." | "
+ .$item["hash"]." | "
+ .$item["filesize"]."\n";
+}
+?>
+
+Total sum of your distinct uploads: <?php echo $total_size; ?>.
diff --git a/application/views/footer.php b/application/views/footer.php
new file mode 100644
index 000000000..0383e195e
--- /dev/null
+++ b/application/views/footer.php
@@ -0,0 +1,26 @@
+<?php
+if (is_cli_client() && !isset($force_full_html)) {
+ return;
+}
+?>
+ </div>
+<div id="push"></div>
+</div>
+<footer class="footer" id="footer">
+ <div class="container muted credits">
+ <p>Site code licensed under <a href="http://www.gnu.org/licenses/agpl-3.0.html" target="_blank">AGPL v3</a>.</p>
+ <p><a href="http://glyphicons.com">Glyphicons Free</a> licensed under <a href="http://creativecommons.org/licenses/by/3.0/">CC BY 3.0</a>.</p>
+ <ul class="footer-links">
+ <li><a href="http://git.server-speed.net/users/flo/filebin/">Source</a></li>
+ <li class="muted">&middot;</li>
+ <li><a href="<?php echo site_url("file/contact"); ?>">Contact</a></li>
+ </ul>
+ </div>
+</footer>
+<?php echo include_js("/data/js/jquery-2.0.3.min.js"); ?>
+<?php echo include_js("/data/js/jquery-ui-1.10.3.custom.min.js"); ?>
+<?php echo include_js("/data/js/bootstrap-2.3.2.min.js"); ?>
+<?php echo include_js("/data/js/script.js"); ?>
+<?php echo include_registered_js(); ?>
+</body>
+</html>
diff --git a/application/views/header.php b/application/views/header.php
new file mode 100644
index 000000000..ba6d6ae9d
--- /dev/null
+++ b/application/views/header.php
@@ -0,0 +1,97 @@
+<?php
+if (is_cli_client() && !isset($force_full_html)) {
+ return;
+}
+?><!DOCTYPE html>
+<html lang="en">
+
+<head>
+ <meta charset="utf-8">
+ <title><?php echo isset($title) ? $title : 'FileBin'; ?></title>
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+ <meta name="robots" content="noindex,nofollow" />
+ <meta name="description" content="">
+ <meta name="author" content="">
+
+ <link href="<?php echo link_with_mtime("/data/css/ui-lightness/jquery-ui-1.10.3.custom.min.css"); ?>" rel="stylesheet">
+ <link href="<?php echo link_with_mtime("/data/css/bootstrap-2.3.2.min.css"); ?>" rel="stylesheet">
+ <link href="<?php echo link_with_mtime("/data/css/style.css"); ?>" rel="stylesheet">
+ <?php
+ if (file_exists(FCPATH."data/local/style.css")) {
+ echo '<link href="'.link_with_mtime("/data/local/style.css").'" rel="stylesheet">';
+ }
+
+ if (file_exists(FCPATH."data/local/favicon.png")) {
+ echo '<link href="'.link_with_mtime("/data/local/favicon.png").'" rel="shortcut icon">';
+ }
+ ?>
+</head>
+
+<body>
+<div id="wrap">
+<?php if (file_exists(FCPATH."data/local/header.inc.php")) {
+ include FCPATH."data/local/header.inc.php";
+}?>
+ <div class="navbar navbar-fixed-top navbar-inverse">
+ <div class="navbar-inner">
+ <div class="container">
+ <a class="brand" href="<?php echo site_url(); ?>"><?php
+ if (file_exists(FCPATH."data/local/logo.svg")) {
+ echo '<img src="'.link_with_mtime("/data/local/logo.svg").'" style="height: 20px"> FileBin';
+ } else {
+ echo "FileBin";
+ }
+ ?>
+ </a>
+ <?php if(!isset($GLOBALS["is_error_page"])) { ?>
+ <ul class="nav pull-right">
+ <?php if(user_logged_in()) { ?>
+ <li><a href="<?php echo site_url("/user/logout"); ?>">Logout</a></li>
+ <?php } else { ?>
+ <li class="dropdown">
+ <a class="dropdown-toggle" href="#" data-toggle="dropdown">Login <b class="caret"></b></a>
+ <div class="dropdown-menu" style="padding: 15px;">
+ <?php if(auth_driver_function_implemented("can_reset_password")) { ?>
+ <p><?php echo anchor("user/reset_password", "Forgot your password?"); ?></p>
+ <?php } ?>
+ <?php echo form_open("user/login"); ?>
+ <input type="text" name="username" placeholder="Username" class="input-medium">
+ <input type="password" name="password" placeholder="Password" class="input-medium">
+ <button type="submit" name="process" class="btn btn-primary pull-right">Login</button>
+ </form>
+ </div>
+ </li>
+ <?php } ?>
+ </ul>
+ <?php }; ?>
+ <ul class="nav">
+ <?php if(user_logged_in()) { ?>
+ <li><a href="<?php echo site_url("file/index") ?>"><i class="icon-pencil icon-white"></i> New</a></li>
+ <li><a href="<?php echo site_url("file/upload_history") ?>"><i class="icon-book icon-white"></i> History</a></li>
+ <li class="dropdown">
+ <a href="<?php echo site_url("user/index"); ?>" class="dropdown-toggle" data-toggle="dropdown">
+ <i class="icon-user icon-white"></i> Account <b class="caret"></b>
+ </a>
+ <ul class="dropdown-menu">
+ <?php include "user/nav.php"; ?>
+ </ul>
+ </li>
+ <?php } ?>
+ </ul>
+ </div>
+ </div>
+ </div>
+ <div id="navbar-height"></div>
+
+ <div class="container">
+ <?php
+ if (isset($alerts)) {
+ foreach ($alerts as $alert) { ?>
+ <div class="alert alert-block alert-<?php echo $alert["type"]; ?>" style="text-align: center">
+ <button type="button" class="close" data-dismiss="alert">&times;</button>
+ <?php echo $alert["message"]; ?>
+ </div>
+ <?php
+ }
+ }
+ ?>
diff --git a/application/views/user/apikeys.php b/application/views/user/apikeys.php
new file mode 100644
index 000000000..aa268d678
--- /dev/null
+++ b/application/views/user/apikeys.php
@@ -0,0 +1,36 @@
+<h2>API keys</h2>
+<table class="table table-striped">
+ <thead>
+ <tr>
+ <th>#</th>
+ <th>Key</th>
+ <th style="width: 30%;">Comment</th>
+ <th>Created on</th>
+ <th></th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php $i = 1; ?>
+ <?php foreach($query as $key => $item): ?>
+ <tr>
+ <td><?php echo $i++; ?></td>
+ <td><?php echo $item["key"]; ?></td>
+ <td><?php echo htmlentities($item["comment"]); ?></td>
+ <td><?php echo date("Y/m/d H:i", $item["created"]); ?></td>
+ <td>
+ <?php echo form_open("user/delete_apikey", array("style" => "margin-bottom: 0")); ?>
+ <?php echo form_hidden("key", $item["key"]); ?>
+ <button class="btn btn-danger btn-mini" type="submit">Delete</input>
+ </form>
+ </td>
+ </tr>
+ <?php endforeach; ?>
+ </tbody>
+</table>
+
+<p>
+ <?php echo form_open('user/create_apikey', array("class" => "form-horizontal")); ?>
+ <input type="text" name="comment" placeholder="Comment" />
+ <input class="btn btn-primary" type="submit" value="Create a new key" name="process" />
+ </form>
+</p>
diff --git a/application/views/user/hash_password.php b/application/views/user/hash_password.php
new file mode 100644
index 000000000..d85d2810c
--- /dev/null
+++ b/application/views/user/hash_password.php
@@ -0,0 +1,33 @@
+<?php
+if (!empty($error)) {
+ echo "<p class='alert alert-error'>";
+ echo implode("<br />\n", $error);
+ echo "</p>";
+}
+
+if ($hash) {
+ echo "<p>Result (this hash uses a random salt, so it will be different each time you submit this form):<br />$hash</p>\n";
+}
+?>
+<?php echo form_open('user/hash_password', array("class" => "form-horizontal")); ?>
+ <div class="control-group">
+ <label class="control-label" for="inputPassword">Password</label>
+ <div class="controls">
+ <input type="password" id="inputPassword" name="password" placeholder="Password">
+ </div>
+ </div>
+
+ <div class="control-group">
+ <label class="control-label" for="inputPassword">Confirm password</label>
+ <div class="controls">
+ <input type="password" id="inputPasswordConfirm" name="password_confirm" placeholder="Password confirmation">
+ </div>
+ </div>
+
+ <div class="control-group">
+ <div class="controls">
+ <button type="submit" class="btn btn-primary" name="process">Hash it</button>
+ </div>
+ </div>
+</form>
+
diff --git a/application/views/user/index.php b/application/views/user/index.php
new file mode 100644
index 000000000..9e6f48116
--- /dev/null
+++ b/application/views/user/index.php
@@ -0,0 +1,3 @@
+<ul class="nav">
+<?php include "nav.php"; ?>
+</ul>
diff --git a/application/views/user/invite.php b/application/views/user/invite.php
new file mode 100644
index 000000000..eba77ead0
--- /dev/null
+++ b/application/views/user/invite.php
@@ -0,0 +1,37 @@
+<div class="alert alert-block">
+ <p>
+ <b>Watch out!</b>
+ </p>
+ <p>
+ You are free to invite anyone you want to, but please keep in
+ mind that if this person violates the rules and is banned, your
+ account will also be disabled.
+ </p>
+</div>
+
+<h2>Unused invitation keys</h2>
+<table class="table table-striped">
+ <thead>
+ <tr>
+ <th>#</th>
+ <th style="width: 70%;">Key</th>
+ <th>Created on</th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php $i = 1; ?>
+ <?php foreach($query as $key => $item): ?>
+ <tr>
+ <td><?php echo $i++; ?></td>
+ <td><?php echo anchor("user/register/".$item["key"], $item["key"]) ?></td>
+ <td><?php echo date("Y/m/d H:i", $item["date"]) ?></td>
+ </tr>
+ <?php endforeach; ?>
+ </tbody>
+</table>
+
+<p>
+ <?php echo form_open('user/create_invitation_key'); ?>
+ <input class="btn btn-primary btn-large" type="submit" value="Create a new key" name="process" />
+ </form>
+</p>
diff --git a/application/views/user/login.php b/application/views/user/login.php
new file mode 100644
index 000000000..761965c94
--- /dev/null
+++ b/application/views/user/login.php
@@ -0,0 +1,26 @@
+<?php
+if (isset($login_error)) { ?>
+ <div class="alert alert-error">The entered credentials are invalid.</div>
+<?php } ?>
+
+<?php echo form_open('user/login', array("class" => "form-horizontal")); ?>
+ <div class="control-group">
+ <label class="control-label" for="inputUsername">Username</label>
+ <div class="controls">
+ <input type="text" id="inputUsername" name="username" placeholder="Username">
+ </div>
+ </div>
+
+ <div class="control-group">
+ <label class="control-label" for="inputPassword">Password</label>
+ <div class="controls">
+ <input type="password" id="inputPassword" name="password" placeholder="Password">
+ </div>
+ </div>
+
+ <div class="control-group">
+ <div class="controls">
+ <button type="submit" class="btn btn-primary" name="process">Login</button>
+ </div>
+ </div>
+</form>
diff --git a/application/views/user/nav.php b/application/views/user/nav.php
new file mode 100644
index 000000000..90f76e05e
--- /dev/null
+++ b/application/views/user/nav.php
@@ -0,0 +1,11 @@
+<?php if(auth_driver_function_implemented("can_register_new_users")) { ?>
+<li><a href="<?php echo site_url("user/invite") ?>"><i class="icon-plus icon-black"></i> Invite</a></li>
+<?php } ?>
+
+<li><a href="<?php echo site_url("user/profile") ?>"><i class="icon-user icon-black"></i> Profile</a></li>
+<li><a href="<?php echo site_url("user/apikeys") ?>"><i class="icon-tags icon-black"></i> API keys</a></li>
+
+<?php if(auth_driver_function_implemented("can_reset_password")) { ?>
+<li><a href="<?php echo site_url("user/reset_password") ?>"><i class="icon-lock icon-black"></i> Change password</a></li>
+<?php } ?>
+
diff --git a/application/views/user/profile.php b/application/views/user/profile.php
new file mode 100644
index 000000000..1840f9fc1
--- /dev/null
+++ b/application/views/user/profile.php
@@ -0,0 +1,32 @@
+<?php echo form_open("user/profile", array("class" => "form-horizontal")); ?>
+
+ <div class="control-group">
+ <label class="control-label" for="inputUsername">Username</label>
+ <div class="controls">
+ <input type="text" id="inputUsername" name="username" placeholder="Username" disabled="disabled" value="<?php echo $profile_data["username"]; ?>">
+ </div>
+ </div>
+
+ <?php if($profile_data["email"] !== null) { ?>
+ <div class="control-group">
+ <label class="control-label" for="inputEmail">Email</label>
+ <div class="controls">
+ <input type="text" id="inputEmail" name="email" placeholder="Email" disabled="disabled" value="<?php echo $profile_data["email"]; ?>">
+ </div>
+ </div>
+ <?php } ?>
+
+ <div class="control-group">
+ <label class="control-label" for="inputUploadIDLimits">Upload ID length limits</label>
+ <div class="controls">
+ <input type="text" id="inputUploadIDLimits" name="upload_id_limits" placeholder="number-number" value="<?php echo $profile_data["upload_id_limits"]; ?>">
+ <span class="help-block">Values have to be between 3 and 64 inclusive. Please remember that longer IDs don't protect your pastes from being found if you post the link somewhere a search enginge can see it.</span>
+ </div>
+ </div>
+
+ <div class="control-group">
+ <div class="controls">
+ <button type="submit" class="btn btn-primary" name="process">Save changes</button>
+ </div>
+ </div>
+</form>
diff --git a/application/views/user/register.php b/application/views/user/register.php
new file mode 100644
index 000000000..c0050508b
--- /dev/null
+++ b/application/views/user/register.php
@@ -0,0 +1,41 @@
+<?php if (!empty($error)) {
+ echo "<p class='alert alert-error'>";
+ echo implode("<br />\n", $error);
+ echo "</p>";
+} ?>
+<?php echo form_open('user/register/'.$key, array("class" => "form-horizontal")); ?>
+ <div class="control-group">
+ <label class="control-label" for="inputUsername">Username</label>
+ <div class="controls">
+ <input type="text" id="inputUsername" name="username" placeholder="Username" value="<?php echo $values["username"]; ?>">
+ </div>
+ </div>
+
+ <div class="control-group">
+ <label class="control-label" for="inputEmail">Email</label>
+ <div class="controls">
+ <input type="text" id="inputEmail" name="email" placeholder="Email" value="<?php echo $values["email"]; ?>">
+ </div>
+ </div>
+
+ <div class="control-group">
+ <label class="control-label" for="inputPassword">Password</label>
+ <div class="controls">
+ <input type="password" id="inputPassword" name="password" placeholder="Password">
+ </div>
+ </div>
+
+ <div class="control-group">
+ <label class="control-label" for="inputPassword">Confirm password</label>
+ <div class="controls">
+ <input type="password" id="inputPasswordConfirm" name="password_confirm" placeholder="Password confirmation">
+ </div>
+ </div>
+
+ <div class="control-group">
+ <div class="controls">
+ <button type="submit" class="btn btn-primary" name="process">Register</button>
+ </div>
+ </div>
+</form>
+
diff --git a/application/views/user/registered.php b/application/views/user/registered.php
new file mode 100644
index 000000000..f13006aae
--- /dev/null
+++ b/application/views/user/registered.php
@@ -0,0 +1,3 @@
+<div class="center">
+ <p>Your account has been created, you may log in now.</p>
+</div>
diff --git a/application/views/user/reset_password_form.php b/application/views/user/reset_password_form.php
new file mode 100644
index 000000000..b93ad1370
--- /dev/null
+++ b/application/views/user/reset_password_form.php
@@ -0,0 +1,27 @@
+<?php if (!empty($error)) {
+ echo "<p class='alert alert-error'>";
+ echo implode("<br />\n", $error);
+ echo "</p>";
+} ?>
+<?php echo form_open('user/reset_password/'.$key, array("class" => "form-horizontal")); ?>
+ <div class="control-group">
+ <label class="control-label" for="inputPassword">Password</label>
+ <div class="controls">
+ <input type="password" id="inputPassword" name="password" placeholder="Password">
+ </div>
+ </div>
+
+ <div class="control-group">
+ <label class="control-label" for="inputPassword">Confirm password</label>
+ <div class="controls">
+ <input type="password" id="inputPasswordConfirm" name="password_confirm" placeholder="Password confirmation">
+ </div>
+ </div>
+
+ <div class="control-group">
+ <div class="controls">
+ <button type="submit" class="btn btn-primary" name="process">Change password</button>
+ </div>
+ </div>
+</form>
+
diff --git a/application/views/user/reset_password_link_sent.php b/application/views/user/reset_password_link_sent.php
new file mode 100644
index 000000000..a5b249f89
--- /dev/null
+++ b/application/views/user/reset_password_link_sent.php
@@ -0,0 +1,3 @@
+<p>
+ A mail containing your password reset link has been sent to your email address at <?php echo htmlentities($email_domain); ?>.
+</p>
diff --git a/application/views/user/reset_password_success.php b/application/views/user/reset_password_success.php
new file mode 100644
index 000000000..bc7448833
--- /dev/null
+++ b/application/views/user/reset_password_success.php
@@ -0,0 +1,3 @@
+<div class="center">
+ <p>Your password has been changed successfully.</p>
+</div>
diff --git a/application/views/user/reset_password_username_form.php b/application/views/user/reset_password_username_form.php
new file mode 100644
index 000000000..674a6441d
--- /dev/null
+++ b/application/views/user/reset_password_username_form.php
@@ -0,0 +1,15 @@
+<?php echo form_open('user/reset_password', array("class" => "form-horizontal")); ?>
+ <div class="control-group">
+ <label class="control-label" for="inputUsername">Username</label>
+ <div class="controls">
+ <input type="text" id="inputUsername" name="username" placeholder="Username" value="<?php echo isset($username) ? $username : ""; ?>">
+ </div>
+ </div>
+
+ <div class="control-group">
+ <div class="controls">
+ <button type="submit" class="btn btn-primary" name="process">Send mail</button>
+ </div>
+ </div>
+</form>
+
diff --git a/application/views/welcome_message.php b/application/views/welcome_message.php
deleted file mode 100644
index 0bf5a8d2e..000000000
--- a/application/views/welcome_message.php
+++ /dev/null
@@ -1,88 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
- <meta charset="utf-8">
- <title>Welcome to CodeIgniter</title>
-
- <style type="text/css">
-
- ::selection{ background-color: #E13300; color: white; }
- ::moz-selection{ background-color: #E13300; color: white; }
- ::webkit-selection{ background-color: #E13300; color: white; }
-
- body {
- background-color: #fff;
- margin: 40px;
- font: 13px/20px normal Helvetica, Arial, sans-serif;
- color: #4F5155;
- }
-
- a {
- color: #003399;
- background-color: transparent;
- font-weight: normal;
- }
-
- h1 {
- color: #444;
- background-color: transparent;
- border-bottom: 1px solid #D0D0D0;
- font-size: 19px;
- font-weight: normal;
- margin: 0 0 14px 0;
- padding: 14px 15px 10px 15px;
- }
-
- code {
- font-family: Consolas, Monaco, Courier New, Courier, monospace;
- font-size: 12px;
- background-color: #f9f9f9;
- border: 1px solid #D0D0D0;
- color: #002166;
- display: block;
- margin: 14px 0 14px 0;
- padding: 12px 10px 12px 10px;
- }
-
- #body{
- margin: 0 15px 0 15px;
- }
-
- p.footer{
- text-align: right;
- font-size: 11px;
- border-top: 1px solid #D0D0D0;
- line-height: 32px;
- padding: 0 10px 0 10px;
- margin: 20px 0 0 0;
- }
-
- #container{
- margin: 10px;
- border: 1px solid #D0D0D0;
- -webkit-box-shadow: 0 0 8px #D0D0D0;
- }
- </style>
-</head>
-<body>
-
-<div id="container">
- <h1>Welcome to CodeIgniter!</h1>
-
- <div id="body">
- <p>The page you are looking at is being generated dynamically by CodeIgniter.</p>
-
- <p>If you would like to edit this page you'll find it located at:</p>
- <code>application/views/welcome_message.php</code>
-
- <p>The corresponding controller for this page is found at:</p>
- <code>application/controllers/welcome.php</code>
-
- <p>If you are exploring CodeIgniter for the very first time, you should start by reading the <a href="user_guide/">User Guide</a>.</p>
- </div>
-
- <p class="footer">Page rendered in <strong>{elapsed_time}</strong> seconds</p>
-</div>
-
-</body>
-</html> \ No newline at end of file