Bug #2083 ยป download.php
| 1 |
<?
|
|---|---|
| 2 |
|
| 3 |
## BEGIN CONFIG
|
| 4 |
|
| 5 |
// PASSWORD
|
| 6 |
$cfg_password = ""; |
| 7 |
|
| 8 |
// BASE DIRECTORY (default ".")
|
| 9 |
$cfg_basedir = "."; |
| 10 |
|
| 11 |
## END CONFIG
|
| 12 |
|
| 13 |
session_start(); |
| 14 |
|
| 15 |
$message = ''; |
| 16 |
if($_REQUEST['login']) { |
| 17 |
$_SESSION['pwd'] = crypt($_REQUEST['password'], md5(rand() . time())); |
| 18 |
} elseif($_REQUEST['logout']) { |
| 19 |
$_SESSION['pwd'] = ''; |
| 20 |
}
|
| 21 |
|
| 22 |
$pwd = $_SESSION['pwd']; |
| 23 |
$logged_in = $pwd == crypt($cfg_password, $pwd); |
| 24 |
|
| 25 |
// Sanity checking
|
| 26 |
if(!$cfg_password) |
| 27 |
$message .= "<b>PASSWORD</b> not configured!<br />"; |
| 28 |
if(!$cfg_basedir) |
| 29 |
$message .= "<b>BASE DIRECTORY</b> not configured!<br />"; |
| 30 |
|
| 31 |
$cfg_basedir = realpath($cfg_basedir); |
| 32 |
|
| 33 |
if($message) { |
| 34 |
$logged_in = false; |
| 35 |
unset($_REQUEST['login']); |
| 36 |
}
|
| 37 |
|
| 38 |
if($_REQUEST['login'] && !$logged_in) |
| 39 |
$message = "Invalid password!"; |
| 40 |
|
| 41 |
if($logged_in) { |
| 42 |
if($_REQUEST["download"] != '') { |
| 43 |
$path = $_REQUEST["download"]; |
| 44 |
if(substr($path, 0, strlen($cfg_basedir)) == $cfg_basedir |
| 45 |
&& file_exists($path) |
| 46 |
&& (filetype($path) == 'file' || filetype($path) == 'dir')) |
| 47 |
download_file($path); |
| 48 |
else
|
| 49 |
$message= "Invalid download: $path, exists: " . file_exists($path); |
| 50 |
}
|
| 51 |
|
| 52 |
$dir = realpath($_REQUEST['dir']); |
| 53 |
if(!$dir || (substr($dir, 0, strlen($cfg_basedir)) != $cfg_basedir)) |
| 54 |
$dir = $cfg_basedir; |
| 55 |
}
|
| 56 |
|
| 57 |
//=========================================================================
|
| 58 |
// download_file:
|
| 59 |
// Tar, gzip and download specified path
|
| 60 |
//=========================================================================
|
| 61 |
function download_file($path) { |
| 62 |
header("Content-type: application/x-gzip"); |
| 63 |
header("Content-Disposition: attachment; filename=" . basename($path) . ".tgz"); |
| 64 |
$dir = dirname($path); |
| 65 |
$file = basename($path); |
| 66 |
passthru("tar -zcf - -C '$dir' '$file'"); |
| 67 |
exit; |
| 68 |
}
|
| 69 |
|
| 70 |
//=========================================================================
|
| 71 |
// file_cmp:
|
| 72 |
// Compare to files based on type and name (case insensitive)
|
| 73 |
//=========================================================================
|
| 74 |
function file_cmp($a, $b) { |
| 75 |
|
| 76 |
// Compare by file type (dir < file)
|
| 77 |
$cmp = strcmp($a['type'], $b['type']); |
| 78 |
if($cmp) |
| 79 |
return $cmp; |
| 80 |
|
| 81 |
// Compare case-insensitive
|
| 82 |
$cmp = strcasecmp($a['name'], $b['name']); |
| 83 |
if($cmp) |
| 84 |
return $cmp; |
| 85 |
|
| 86 |
// Compare case-sensitive
|
| 87 |
$cmp = strcmp($a['name'], $b['name']); |
| 88 |
if($cmp) |
| 89 |
return $cmp; |
| 90 |
|
| 91 |
return 0; |
| 92 |
}
|
| 93 |
|
| 94 |
//=========================================================================
|
| 95 |
// read_directory:
|
| 96 |
// Return contents of directory as array of file descriptors
|
| 97 |
//=========================================================================
|
| 98 |
function read_directory($dir) { |
| 99 |
$files = array(); |
| 100 |
if (is_dir($dir)) { |
| 101 |
if ($dh = opendir($dir)) { |
| 102 |
while (($file = readdir($dh)) !== false) { |
| 103 |
$path = "$dir/$file"; |
| 104 |
$type = filetype($path); |
| 105 |
$size = ($type == 'file') ? $size = filesize($path) . ' bytes' : ''; |
| 106 |
|
| 107 |
$files[] = array('name' => $file, 'type' => $type, 'size' => $size, 'path' => $path); |
| 108 |
}
|
| 109 |
closedir($dh); |
| 110 |
}
|
| 111 |
}
|
| 112 |
usort($files, 'file_cmp'); |
| 113 |
return $files; |
| 114 |
}
|
| 115 |
?>
|
| 116 |
|
| 117 |
<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN">
|
| 118 |
<html>
|
| 119 |
<head>
|
| 120 |
<title>Downloaded torrents: <?=$dir?></title> |
| 121 |
<meta name="Author" content=""> |
| 122 |
<meta name="Keywords" content=""> |
| 123 |
<meta name="Description" content=""> |
| 124 |
|
| 125 |
<style type="text/css"> |
| 126 |
<!-- |
| 127 |
body { |
| 128 |
margin: 0; |
| 129 |
font-family: 'Trebuchet MS', Verdana, sans-serif; |
| 130 |
}
|
| 131 |
|
| 132 |
body, p, td, div { |
| 133 |
font-size: 12px; |
| 134 |
}
|
| 135 |
|
| 136 |
td.header { |
| 137 |
background: #eec; |
| 138 |
border-bottom: #dda 1px solid; |
| 139 |
padding: 10px 15px 10px 15px; |
| 140 |
}
|
| 141 |
|
| 142 |
td.content { |
| 143 |
padding: 15px; |
| 144 |
vertical-align: top; |
| 145 |
}
|
| 146 |
|
| 147 |
td.footer { |
| 148 |
border-top: #dda 1px solid; |
| 149 |
background: #eec; |
| 150 |
padding: 4px 15px 4px 15px; |
| 151 |
}
|
| 152 |
|
| 153 |
|
| 154 |
td.header td { |
| 155 |
padding: 0; |
| 156 |
}
|
| 157 |
|
| 158 |
td { |
| 159 |
padding: 0px 5px 0px 5px; |
| 160 |
}
|
| 161 |
|
| 162 |
.header td h1 { |
| 163 |
margin: 0; |
| 164 |
font-size: 20px; |
| 165 |
}
|
| 166 |
|
| 167 |
h2 { |
| 168 |
font-size: 16px; |
| 169 |
}
|
| 170 |
|
| 171 |
div.message { |
| 172 |
margin: 5px 5px 15px 5px; |
| 173 |
padding: 10px; |
| 174 |
background: #eee; |
| 175 |
border: solid 1px #ddd; |
| 176 |
}
|
| 177 |
|
| 178 |
tr.row1 td { |
| 179 |
background: #def; |
| 180 |
}
|
| 181 |
|
| 182 |
--> |
| 183 |
</style>
|
| 184 |
|
| 185 |
</head>
|
| 186 |
|
| 187 |
<body>
|
| 188 |
|
| 189 |
<table cellpadding="0" cellspacing="0" width="100%" height="100%"> |
| 190 |
<tbody>
|
| 191 |
<tr class="header"> |
| 192 |
<td nowrap class="header"> |
| 193 |
|
| 194 |
<table cellpadding="0" cellspacing="0" width="100%" height="100%"> |
| 195 |
<tbody>
|
| 196 |
<tr>
|
| 197 |
<td nowrap><h1>Downloaded Torrents</h1></td> |
| 198 |
<td align="right"> |
| 199 |
<? if($logged_in) : ?> |
| 200 |
<a href="?logout=1">Log out</a> |
| 201 |
<? endif; ?> |
| 202 |
</td>
|
| 203 |
</tr>
|
| 204 |
</tbody>
|
| 205 |
</table>
|
| 206 |
|
| 207 |
</td>
|
| 208 |
</tr>
|
| 209 |
|
| 210 |
<tr class="content" height="100%"> |
| 211 |
<td width="100%" height="100%" class="content"> |
| 212 |
|
| 213 |
<? if($message) : ?> |
| 214 |
<div class="message"><?=$message?></div> |
| 215 |
<? endif; ?> |
| 216 |
|
| 217 |
<? if($logged_in) : |
| 218 |
|
| 219 |
$files = read_directory($dir); |
| 220 |
|
| 221 |
$trail = explode('/', substr($dir, strlen(dirname($cfg_basedir)))); |
| 222 |
|
| 223 |
print "<h2>" . dirname($cfg_basedir); |
| 224 |
$path = dirname($cfg_basedir); |
| 225 |
$count = 0; |
| 226 |
foreach($trail as $segment) { |
| 227 |
$path .= "$segment"; |
| 228 |
if(++$count < count($trail)) |
| 229 |
print "<a href=\"?dir=$path\">$segment</a>/"; |
| 230 |
else
|
| 231 |
print "$segment"; |
| 232 |
$path .= "/"; |
| 233 |
}
|
| 234 |
print "</h2>"; |
| 235 |
?>
|
| 236 |
|
| 237 |
<table cellpadding="0" cellspacing="0" width="100%"> |
| 238 |
<tbody>
|
| 239 |
<tr>
|
| 240 |
|
| 241 |
<!-- Directories -->
|
| 242 |
<td valign="top" width="50%"> |
| 243 |
<table cellpadding="0" cellspacing="0" width="100%"> |
| 244 |
<tbody>
|
| 245 |
<tr>
|
| 246 |
<th colspan="2">Directories</th> |
| 247 |
</tr>
|
| 248 |
<?
|
| 249 |
$count = 0; |
| 250 |
foreach($files as $f) { |
| 251 |
$type = $f['type']; |
| 252 |
$file = $f['name']; |
| 253 |
if($type != 'dir' || $file == '..') |
| 254 |
continue; |
| 255 |
|
| 256 |
$count++; |
| 257 |
$row = $count % 2; |
| 258 |
$size = $f['size']; |
| 259 |
$path = realpath("$dir/$file"); |
| 260 |
if($file == '.') { |
| 261 |
$file = basename($path); |
| 262 |
$name = "Current directory (<b>$file</b>)"; |
| 263 |
echo
|
| 264 |
<<<LINE |
| 265 |
<tr class="row$row"> |
| 266 |
<td width="100%">Current directory (<b>$file</b>)</td><td><a href="?download=$path" title="Download directory '$path'">Download</a></td> |
| 267 |
</tr> |
| 268 |
LINE; |
| 269 |
} else { |
| 270 |
$name = $file; |
| 271 |
echo
|
| 272 |
<<<LINE |
| 273 |
<tr class="row$row"> |
| 274 |
<td width="100%"><a href="?dir=$path">$name</a></td><td><a href="?download=$path" title="Download directory '$path'">Download</a></td> |
| 275 |
</tr> |
| 276 |
LINE; |
| 277 |
}
|
| 278 |
}
|
| 279 |
|
| 280 |
?>
|
| 281 |
</tbody>
|
| 282 |
</table>
|
| 283 |
|
| 284 |
</td>
|
| 285 |
|
| 286 |
|
| 287 |
|
| 288 |
<!-- Files -->
|
| 289 |
<td valign="top" width="50%"> |
| 290 |
|
| 291 |
<table cellpadding="0" cellspacing="0" width="100%"> |
| 292 |
<tbody>
|
| 293 |
<tr>
|
| 294 |
<th colspan="3">Files</th> |
| 295 |
</tr>
|
| 296 |
<?
|
| 297 |
// passthru("ls $cfg_basedir");
|
| 298 |
|
| 299 |
// Open a known directory, and proceed to read its contents
|
| 300 |
$count = 0; |
| 301 |
foreach($files as $f) { |
| 302 |
$type = $f['type']; |
| 303 |
if($type != 'file') |
| 304 |
continue; |
| 305 |
$file = $f['name']; |
| 306 |
$size = $f['size']; |
| 307 |
$path = realpath("$dir/$file"); |
| 308 |
if($file == '.') |
| 309 |
$name = 'This Directory'; |
| 310 |
elseif($file == '..') |
| 311 |
$name = 'Parent Directory'; |
| 312 |
else
|
| 313 |
$name = $file; |
| 314 |
$count++; |
| 315 |
$row = $count % 2; |
| 316 |
echo
|
| 317 |
<<<LINE |
| 318 |
<tr class="row$row"> |
| 319 |
<td width="100%">$name</td><td align="right" nowrap>$size</td><td><a href="?download=$path" title="Download file '$path'">Download</a></td> |
| 320 |
</tr> |
| 321 |
LINE; |
| 322 |
}
|
| 323 |
|
| 324 |
?>
|
| 325 |
</tbody>
|
| 326 |
</table>
|
| 327 |
|
| 328 |
</td>
|
| 329 |
|
| 330 |
</tr>
|
| 331 |
</tbody>
|
| 332 |
</table>
|
| 333 |
<? else : ?> |
| 334 |
<form method=post action=""> |
| 335 |
|
| 336 |
<table cellpadding="0" cellspacing="0" width="100%" height="100%"> |
| 337 |
<tbody>
|
| 338 |
<tr><td>Password:</td><td width="100%"><input type="password" name="password"></td></tr> |
| 339 |
<tr><td> </td><td><br /><input type="submit" value="Log In" name="login"></td></tr> |
| 340 |
</tbody>
|
| 341 |
</table>
|
| 342 |
|
| 343 |
</form>
|
| 344 |
<? endif; ?> |
| 345 |
|
| 346 |
</td>
|
| 347 |
</tr>
|
| 348 |
|
| 349 |
<tr class="footer"> |
| 350 |
<td nowrap class="footer">This is the bottom.</td> |
| 351 |
</tr>
|
| 352 |
|
| 353 |
</tbody>
|
| 354 |
</table>
|
| 355 |
|
| 356 |
</body>
|
| 357 |
</html>
|