Bug #2083 ยป download.php
1 |
<?
|
---|---|
2 |
|
3 |
## BEGIN CONFIG
|
4 |
|
5 |
// PASSWORD
|
6 |
$cfg_password = ""; |
7 |
|
8 |
// BASE DIRECTORY (default ".")
|
9 |
$cfg_basedir = "."; |
10 |
|
11 |
## END CONFIG
|
12 |
|
13 |
session_start(); |
14 |
|
15 |
$message = ''; |
16 |
if($_REQUEST['login']) { |
17 |
$_SESSION['pwd'] = crypt($_REQUEST['password'], md5(rand() . time())); |
18 |
} elseif($_REQUEST['logout']) { |
19 |
$_SESSION['pwd'] = ''; |
20 |
}
|
21 |
|
22 |
$pwd = $_SESSION['pwd']; |
23 |
$logged_in = $pwd == crypt($cfg_password, $pwd); |
24 |
|
25 |
// Sanity checking
|
26 |
if(!$cfg_password) |
27 |
$message .= "<b>PASSWORD</b> not configured!<br />"; |
28 |
if(!$cfg_basedir) |
29 |
$message .= "<b>BASE DIRECTORY</b> not configured!<br />"; |
30 |
|
31 |
$cfg_basedir = realpath($cfg_basedir); |
32 |
|
33 |
if($message) { |
34 |
$logged_in = false; |
35 |
unset($_REQUEST['login']); |
36 |
}
|
37 |
|
38 |
if($_REQUEST['login'] && !$logged_in) |
39 |
$message = "Invalid password!"; |
40 |
|
41 |
if($logged_in) { |
42 |
if($_REQUEST["download"] != '') { |
43 |
$path = $_REQUEST["download"]; |
44 |
if(substr($path, 0, strlen($cfg_basedir)) == $cfg_basedir |
45 |
&& file_exists($path) |
46 |
&& (filetype($path) == 'file' || filetype($path) == 'dir')) |
47 |
download_file($path); |
48 |
else
|
49 |
$message= "Invalid download: $path, exists: " . file_exists($path); |
50 |
}
|
51 |
|
52 |
$dir = realpath($_REQUEST['dir']); |
53 |
if(!$dir || (substr($dir, 0, strlen($cfg_basedir)) != $cfg_basedir)) |
54 |
$dir = $cfg_basedir; |
55 |
}
|
56 |
|
57 |
//=========================================================================
|
58 |
// download_file:
|
59 |
// Tar, gzip and download specified path
|
60 |
//=========================================================================
|
61 |
function download_file($path) { |
62 |
header("Content-type: application/x-gzip"); |
63 |
header("Content-Disposition: attachment; filename=" . basename($path) . ".tgz"); |
64 |
$dir = dirname($path); |
65 |
$file = basename($path); |
66 |
passthru("tar -zcf - -C '$dir' '$file'"); |
67 |
exit; |
68 |
}
|
69 |
|
70 |
//=========================================================================
|
71 |
// file_cmp:
|
72 |
// Compare to files based on type and name (case insensitive)
|
73 |
//=========================================================================
|
74 |
function file_cmp($a, $b) { |
75 |
|
76 |
// Compare by file type (dir < file)
|
77 |
$cmp = strcmp($a['type'], $b['type']); |
78 |
if($cmp) |
79 |
return $cmp; |
80 |
|
81 |
// Compare case-insensitive
|
82 |
$cmp = strcasecmp($a['name'], $b['name']); |
83 |
if($cmp) |
84 |
return $cmp; |
85 |
|
86 |
// Compare case-sensitive
|
87 |
$cmp = strcmp($a['name'], $b['name']); |
88 |
if($cmp) |
89 |
return $cmp; |
90 |
|
91 |
return 0; |
92 |
}
|
93 |
|
94 |
//=========================================================================
|
95 |
// read_directory:
|
96 |
// Return contents of directory as array of file descriptors
|
97 |
//=========================================================================
|
98 |
function read_directory($dir) { |
99 |
$files = array(); |
100 |
if (is_dir($dir)) { |
101 |
if ($dh = opendir($dir)) { |
102 |
while (($file = readdir($dh)) !== false) { |
103 |
$path = "$dir/$file"; |
104 |
$type = filetype($path); |
105 |
$size = ($type == 'file') ? $size = filesize($path) . ' bytes' : ''; |
106 |
|
107 |
$files[] = array('name' => $file, 'type' => $type, 'size' => $size, 'path' => $path); |
108 |
}
|
109 |
closedir($dh); |
110 |
}
|
111 |
}
|
112 |
usort($files, 'file_cmp'); |
113 |
return $files; |
114 |
}
|
115 |
?>
|
116 |
|
117 |
<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN">
|
118 |
<html>
|
119 |
<head>
|
120 |
<title>Downloaded torrents: <?=$dir?></title> |
121 |
<meta name="Author" content=""> |
122 |
<meta name="Keywords" content=""> |
123 |
<meta name="Description" content=""> |
124 |
|
125 |
<style type="text/css"> |
126 |
<!-- |
127 |
body { |
128 |
margin: 0; |
129 |
font-family: 'Trebuchet MS', Verdana, sans-serif; |
130 |
}
|
131 |
|
132 |
body, p, td, div { |
133 |
font-size: 12px; |
134 |
}
|
135 |
|
136 |
td.header { |
137 |
background: #eec; |
138 |
border-bottom: #dda 1px solid; |
139 |
padding: 10px 15px 10px 15px; |
140 |
}
|
141 |
|
142 |
td.content { |
143 |
padding: 15px; |
144 |
vertical-align: top; |
145 |
}
|
146 |
|
147 |
td.footer { |
148 |
border-top: #dda 1px solid; |
149 |
background: #eec; |
150 |
padding: 4px 15px 4px 15px; |
151 |
}
|
152 |
|
153 |
|
154 |
td.header td { |
155 |
padding: 0; |
156 |
}
|
157 |
|
158 |
td { |
159 |
padding: 0px 5px 0px 5px; |
160 |
}
|
161 |
|
162 |
.header td h1 { |
163 |
margin: 0; |
164 |
font-size: 20px; |
165 |
}
|
166 |
|
167 |
h2 { |
168 |
font-size: 16px; |
169 |
}
|
170 |
|
171 |
div.message { |
172 |
margin: 5px 5px 15px 5px; |
173 |
padding: 10px; |
174 |
background: #eee; |
175 |
border: solid 1px #ddd; |
176 |
}
|
177 |
|
178 |
tr.row1 td { |
179 |
background: #def; |
180 |
}
|
181 |
|
182 |
--> |
183 |
</style>
|
184 |
|
185 |
</head>
|
186 |
|
187 |
<body>
|
188 |
|
189 |
<table cellpadding="0" cellspacing="0" width="100%" height="100%"> |
190 |
<tbody>
|
191 |
<tr class="header"> |
192 |
<td nowrap class="header"> |
193 |
|
194 |
<table cellpadding="0" cellspacing="0" width="100%" height="100%"> |
195 |
<tbody>
|
196 |
<tr>
|
197 |
<td nowrap><h1>Downloaded Torrents</h1></td> |
198 |
<td align="right"> |
199 |
<? if($logged_in) : ?> |
200 |
<a href="?logout=1">Log out</a> |
201 |
<? endif; ?> |
202 |
</td>
|
203 |
</tr>
|
204 |
</tbody>
|
205 |
</table>
|
206 |
|
207 |
</td>
|
208 |
</tr>
|
209 |
|
210 |
<tr class="content" height="100%"> |
211 |
<td width="100%" height="100%" class="content"> |
212 |
|
213 |
<? if($message) : ?> |
214 |
<div class="message"><?=$message?></div> |
215 |
<? endif; ?> |
216 |
|
217 |
<? if($logged_in) : |
218 |
|
219 |
$files = read_directory($dir); |
220 |
|
221 |
$trail = explode('/', substr($dir, strlen(dirname($cfg_basedir)))); |
222 |
|
223 |
print "<h2>" . dirname($cfg_basedir); |
224 |
$path = dirname($cfg_basedir); |
225 |
$count = 0; |
226 |
foreach($trail as $segment) { |
227 |
$path .= "$segment"; |
228 |
if(++$count < count($trail)) |
229 |
print "<a href=\"?dir=$path\">$segment</a>/"; |
230 |
else
|
231 |
print "$segment"; |
232 |
$path .= "/"; |
233 |
}
|
234 |
print "</h2>"; |
235 |
?>
|
236 |
|
237 |
<table cellpadding="0" cellspacing="0" width="100%"> |
238 |
<tbody>
|
239 |
<tr>
|
240 |
|
241 |
<!-- Directories -->
|
242 |
<td valign="top" width="50%"> |
243 |
<table cellpadding="0" cellspacing="0" width="100%"> |
244 |
<tbody>
|
245 |
<tr>
|
246 |
<th colspan="2">Directories</th> |
247 |
</tr>
|
248 |
<?
|
249 |
$count = 0; |
250 |
foreach($files as $f) { |
251 |
$type = $f['type']; |
252 |
$file = $f['name']; |
253 |
if($type != 'dir' || $file == '..') |
254 |
continue; |
255 |
|
256 |
$count++; |
257 |
$row = $count % 2; |
258 |
$size = $f['size']; |
259 |
$path = realpath("$dir/$file"); |
260 |
if($file == '.') { |
261 |
$file = basename($path); |
262 |
$name = "Current directory (<b>$file</b>)"; |
263 |
echo
|
264 |
<<<LINE |
265 |
<tr class="row$row"> |
266 |
<td width="100%">Current directory (<b>$file</b>)</td><td><a href="?download=$path" title="Download directory '$path'">Download</a></td> |
267 |
</tr> |
268 |
LINE; |
269 |
} else { |
270 |
$name = $file; |
271 |
echo
|
272 |
<<<LINE |
273 |
<tr class="row$row"> |
274 |
<td width="100%"><a href="?dir=$path">$name</a></td><td><a href="?download=$path" title="Download directory '$path'">Download</a></td> |
275 |
</tr> |
276 |
LINE; |
277 |
}
|
278 |
}
|
279 |
|
280 |
?>
|
281 |
</tbody>
|
282 |
</table>
|
283 |
|
284 |
</td>
|
285 |
|
286 |
|
287 |
|
288 |
<!-- Files -->
|
289 |
<td valign="top" width="50%"> |
290 |
|
291 |
<table cellpadding="0" cellspacing="0" width="100%"> |
292 |
<tbody>
|
293 |
<tr>
|
294 |
<th colspan="3">Files</th> |
295 |
</tr>
|
296 |
<?
|
297 |
// passthru("ls $cfg_basedir");
|
298 |
|
299 |
// Open a known directory, and proceed to read its contents
|
300 |
$count = 0; |
301 |
foreach($files as $f) { |
302 |
$type = $f['type']; |
303 |
if($type != 'file') |
304 |
continue; |
305 |
$file = $f['name']; |
306 |
$size = $f['size']; |
307 |
$path = realpath("$dir/$file"); |
308 |
if($file == '.') |
309 |
$name = 'This Directory'; |
310 |
elseif($file == '..') |
311 |
$name = 'Parent Directory'; |
312 |
else
|
313 |
$name = $file; |
314 |
$count++; |
315 |
$row = $count % 2; |
316 |
echo
|
317 |
<<<LINE |
318 |
<tr class="row$row"> |
319 |
<td width="100%">$name</td><td align="right" nowrap>$size</td><td><a href="?download=$path" title="Download file '$path'">Download</a></td> |
320 |
</tr> |
321 |
LINE; |
322 |
}
|
323 |
|
324 |
?>
|
325 |
</tbody>
|
326 |
</table>
|
327 |
|
328 |
</td>
|
329 |
|
330 |
</tr>
|
331 |
</tbody>
|
332 |
</table>
|
333 |
<? else : ?> |
334 |
<form method=post action=""> |
335 |
|
336 |
<table cellpadding="0" cellspacing="0" width="100%" height="100%"> |
337 |
<tbody>
|
338 |
<tr><td>Password:</td><td width="100%"><input type="password" name="password"></td></tr> |
339 |
<tr><td> </td><td><br /><input type="submit" value="Log In" name="login"></td></tr> |
340 |
</tbody>
|
341 |
</table>
|
342 |
|
343 |
</form>
|
344 |
<? endif; ?> |
345 |
|
346 |
</td>
|
347 |
</tr>
|
348 |
|
349 |
<tr class="footer"> |
350 |
<td nowrap class="footer">This is the bottom.</td> |
351 |
</tr>
|
352 |
|
353 |
</tbody>
|
354 |
</table>
|
355 |
|
356 |
</body>
|
357 |
</html>
|