index.php 5.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170
  1. <?php
  2. /**
  3. * Copyright (c) 2016, 2024, 5 Mode
  4. *
  5. * This file is part of Avatar Free.
  6. *
  7. * Avatar Free is free software: you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation, either version 3 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * Avatar Free is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with Avatar Free. If not, see <https://www.gnu.org/licenses/>.
  19. *
  20. * index.php
  21. *
  22. * Avatar Free index file.
  23. *
  24. * @author Daniele Bonini <my25mb@aol.com>
  25. * @copyrights (c) 2016, 2024, 5 Mode
  26. * @license https://opensource.org/licenses/BSD-3-Clause
  27. */
  28. require "../Private/core/init.inc";
  29. // FUNCTION AND VARIABLE DECLARATIONS
  30. $scriptPath = APP_SCRIPT_PATH;
  31. // PARAMETERS VALIDATION
  32. $url = strtolower(trim(substr(filter_input(INPUT_GET, "url", FILTER_SANITIZE_STRING), 0, 300), "/"));
  33. switch ($url) {
  34. case "action":
  35. $scriptPath = APP_AJAX_PATH;
  36. define("SCRIPT_NAME", "action");
  37. define("SCRIPT_FILENAME", "action.php");
  38. break;
  39. case "":
  40. case "home":
  41. define("SCRIPT_NAME", "home");
  42. define("SCRIPT_FILENAME", "home.php");
  43. $pattern = APP_DATA_PATH . DIRECTORY_SEPARATOR . "*";
  44. $aAvatarPaths = glob($pattern, GLOB_ONLYDIR);
  45. if (empty($aAvatarPaths)) {
  46. die("<br>&nbsp;No avatar exists yet: type in the url with your avatar name like http://" . $_SERVER['HTTP_HOST']. "/&lt;your avatar&gt;.<br>&nbsp;Login with the password and drag-n-drop here all the resources you want to associate to it. <br><br>&nbsp;Links by text and first dropped picture will be your avatar image.");
  47. } else {
  48. define("AVATAR_NAME", basename($aAvatarPaths[0]));
  49. }
  50. break;
  51. case "doc":
  52. $avatar = filter_input(INPUT_GET, "av", FILTER_SANITIZE_STRING);
  53. $AVATAR_PATH = APP_DATA_PATH . DIRECTORY_SEPARATOR . $avatar;
  54. $repo = filter_input(INPUT_GET, "re", FILTER_SANITIZE_STRING);
  55. switch ($repo) {
  56. case "cv":
  57. $REPO_PATH = $AVATAR_PATH . DIRECTORY_SEPARATOR . "cv";
  58. break;
  59. default:
  60. die("unknown parma value:".$repo);
  61. }
  62. $doc = filter_input(INPUT_GET, "doc", FILTER_SANITIZE_STRING);
  63. $originalFilename = pathinfo($doc, PATHINFO_FILENAME);
  64. $destFilename = explode("|",$originalFilename)[1];
  65. $originalFileExt = pathinfo($doc, PATHINFO_EXTENSION);
  66. $fileExt = strtolower(pathinfo($doc, PATHINFO_EXTENSION));
  67. $docPath = $REPO_PATH . DIRECTORY_SEPARATOR . $doc;
  68. if (filesize($docPath) <= APP_FILE_MAX_SIZE) {
  69. switch ($fileExt) {
  70. case "doc":
  71. header("Content-Type: application/msword");
  72. header('Content-Disposition: attachment; filename=' . $destFilename . '.doc');
  73. break;
  74. case "pdf":
  75. header("Content-Type: application/pdf");
  76. header('Content-Disposition: attachment; filename=' . $destFilename . '.pdf');
  77. break;
  78. default:
  79. die("unknown file extension.");
  80. }
  81. echo(file_get_contents($docPath));
  82. } else {
  83. die("doc size over app limits.");
  84. }
  85. break;
  86. case "img":
  87. $avatar = filter_input(INPUT_GET, "av", FILTER_SANITIZE_STRING);
  88. $AVATAR_PATH = APP_DATA_PATH . DIRECTORY_SEPARATOR . $avatar;
  89. $GALLERY_PATH = $AVATAR_PATH . DIRECTORY_SEPARATOR . "gallery";
  90. $pic = filter_input(INPUT_GET, "pic", FILTER_SANITIZE_STRING);
  91. $originalFilename = pathinfo($pic, PATHINFO_FILENAME);
  92. $originalFileExt = pathinfo($pic, PATHINFO_EXTENSION);
  93. $fileExt = strtolower(pathinfo($pic, PATHINFO_EXTENSION));
  94. if ($pic === APP_DEF_PROFILE_PIC) {
  95. $picPath = APP_PATH . DIRECTORY_SEPARATOR . "static" . $pic;
  96. } else {
  97. $picPath = $GALLERY_PATH . DIRECTORY_SEPARATOR . $pic;
  98. }
  99. if (filesize($picPath) <= APP_FILE_MAX_SIZE) {
  100. header("Content-Type: image/" . $fileExt);
  101. echo(file_get_contents($picPath));
  102. } else {
  103. die("picture size over app limits.");
  104. }
  105. break;
  106. case "file":
  107. $avatar = filter_input(INPUT_GET, "av", FILTER_SANITIZE_STRING);
  108. $jar = (int)substr(filter_input(INPUT_GET, "jar", FILTER_SANITIZE_STRING),0,1);
  109. if ($jar >= 1 && $jar <= 3) {
  110. } else {
  111. die("jar parameter error.");
  112. }
  113. $AVATAR_PATH = APP_DATA_PATH . DIRECTORY_SEPARATOR . $avatar;
  114. $JAR_PATH = $AVATAR_PATH . DIRECTORY_SEPARATOR . "magicjar" . $jar;
  115. $fileName = filter_input(INPUT_GET, "fn", FILTER_SANITIZE_STRING);
  116. $originalFilename = pathinfo($fileName, PATHINFO_FILENAME);
  117. $orioriFilename = explode("|", $originalFilename)[1];
  118. $originalFileExt = pathinfo($fileName, PATHINFO_EXTENSION);
  119. $fileExt = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));
  120. $filePath = $JAR_PATH . DIRECTORY_SEPARATOR . $fileName;
  121. if (filesize($filePath) <= APP_FILE_MAX_SIZE) {
  122. header("Content-Type: unknown");
  123. header("Content-Disposition: attachment; filename=" . $orioriFilename . ".$fileExt");
  124. echo(file_get_contents($filePath));
  125. } else {
  126. die("file size over app limits.");
  127. }
  128. break;
  129. default:
  130. define("SCRIPT_NAME", "home");
  131. define("SCRIPT_FILENAME", "home.php");
  132. define("AVATAR_NAME", $url);
  133. break;
  134. }
  135. if (SCRIPT_NAME==="err-404") {
  136. header("HTTP/1.1 404 Not Found");
  137. }
  138. require $scriptPath . "/" . SCRIPT_FILENAME;