index.php 7.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222
  1. <?php
  2. /**
  3. * Copyright (c) 2016, 2024, 5 Mode
  4. *
  5. * This file is part of Avatar Free.
  6. *
  7. * Avatar Free is free software: you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation, either version 3 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * Avatar Free is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with Avatar Free. If not, see <https://www.gnu.org/licenses/>.
  19. *
  20. * index.php
  21. *
  22. * Avatar Free index file.
  23. *
  24. * @author Daniele Bonini <my25mb@aol.com>
  25. * @copyrights (c) 2016, 2024, 5 Mode
  26. * @license https://opensource.org/licenses/BSD-3-Clause
  27. */
  28. require "../Private/core/init.inc";
  29. // FUNCTION AND VARIABLE DECLARATIONS
  30. $scriptPath = APP_SCRIPT_PATH;
  31. // PARAMETERS VALIDATION
  32. $url = filter_input(INPUT_GET, "url")??"";
  33. $url = strip_tags($url);
  34. $url = strtolower(trim(substr($url, 0, 300), "/"));
  35. switch ($url) {
  36. case "action":
  37. $scriptPath = APP_AJAX_PATH;
  38. define("SCRIPT_NAME", "action");
  39. define("SCRIPT_FILENAME", "action.php");
  40. break;
  41. case "":
  42. case "home":
  43. define("SCRIPT_NAME", "home");
  44. define("SCRIPT_FILENAME", "home.php");
  45. $pattern = APP_DATA_PATH . DIRECTORY_SEPARATOR . "*";
  46. $aAvatarPaths = glob($pattern, GLOB_ONLYDIR);
  47. if (empty($aAvatarPaths)) {
  48. die("<br>&nbsp;No avatar exists yet: type in the url with your avatar name like http://" . $_SERVER['HTTP_HOST']. "/&lt;your avatar&gt;.<br>&nbsp;Login with the password and drag-n-drop here all the resources you want to associate to it. <br><br>&nbsp;Links by text and first dropped picture will be your avatar image.");
  49. } else {
  50. define("AVATAR_NAME", basename($aAvatarPaths[0]));
  51. }
  52. break;
  53. case "doc":
  54. $avatar = filter_input(INPUT_GET, "av")??"";
  55. $avatar = strip_tags($avatar);
  56. $AVATAR_PATH = APP_DATA_PATH . DIRECTORY_SEPARATOR . $avatar;
  57. $repo = filter_input(INPUT_GET, "re")??"";
  58. $repo = strip_tags($repo);
  59. switch ($repo) {
  60. case "cv":
  61. $REPO_PATH = $AVATAR_PATH . DIRECTORY_SEPARATOR . "cv";
  62. break;
  63. default:
  64. die("unknown parma value:".$repo);
  65. }
  66. $doc = filter_input(INPUT_GET, "doc")??"";
  67. $doc = strip_tags($doc);
  68. $originalFilename = pathinfo($doc, PATHINFO_FILENAME);
  69. $destFilename = explode("|",$originalFilename)[1];
  70. $originalFileExt = pathinfo($doc, PATHINFO_EXTENSION);
  71. $fileExt = strtolower(pathinfo($doc, PATHINFO_EXTENSION));
  72. $docPath = $REPO_PATH . DIRECTORY_SEPARATOR . $doc;
  73. if (filesize($docPath) <= APP_FILE_MAX_SIZE) {
  74. switch ($fileExt) {
  75. case "doc":
  76. header("Content-Type: application/msword");
  77. header('Content-Disposition: attachment; filename=' . $destFilename . '.doc');
  78. break;
  79. case "pdf":
  80. header("Content-Type: application/pdf");
  81. header('Content-Disposition: attachment; filename=' . $destFilename . '.pdf');
  82. break;
  83. default:
  84. die("unknown file extension.");
  85. }
  86. echo(file_get_contents($docPath));
  87. exit(0);
  88. } else {
  89. die("doc size over app limits.");
  90. }
  91. break;
  92. case "img":
  93. $avatar = filter_input(INPUT_GET, "av")??"";
  94. $avatar = strip_tags($avatar);
  95. $AVATAR_PATH = APP_DATA_PATH . DIRECTORY_SEPARATOR . $avatar;
  96. $GALLERY_PATH = $AVATAR_PATH . DIRECTORY_SEPARATOR . "gallery";
  97. $pic = filter_input(INPUT_GET, "pic")??"";
  98. $pic = strip_tags($pic);
  99. $originalFilename = pathinfo($pic, PATHINFO_FILENAME);
  100. $originalFileExt = pathinfo($pic, PATHINFO_EXTENSION);
  101. $fileExt = strtolower(pathinfo($pic, PATHINFO_EXTENSION));
  102. if ($pic === APP_DEF_PROFILE_PIC) {
  103. $picPath = APP_PATH . DIRECTORY_SEPARATOR . "static" . $pic;
  104. } else {
  105. $picPath = $GALLERY_PATH . DIRECTORY_SEPARATOR . $pic;
  106. }
  107. if (filesize($picPath) <= APP_FILE_MAX_SIZE) {
  108. if ($fileExt = "jpg") {
  109. header("Content-Type: image/jpeg");
  110. } else {
  111. header("Content-Type: image/" . $fileExt);
  112. }
  113. echo(file_get_contents($picPath));
  114. exit(0);
  115. } else {
  116. die("picture size over app limits.");
  117. }
  118. break;
  119. case "imgj":
  120. $avatar = filter_input(INPUT_GET, "av")??"";
  121. $avatar = strip_tags($avatar);
  122. $jar = (int)substr(strip_tags(filter_input(INPUT_GET, "jar")??""),0,1);
  123. if ($jar >= 1 && $jar <= 3) {
  124. } else {
  125. die("jar parameter error.");
  126. }
  127. $AVATAR_PATH = APP_DATA_PATH . DIRECTORY_SEPARATOR . $avatar;
  128. $JAR_PATH = $AVATAR_PATH . DIRECTORY_SEPARATOR . "magicjar" . $jar;
  129. $fileName = filter_input(INPUT_GET, "fn")??"";
  130. $fileName = strip_tags($fileName);
  131. $originalFilename = pathinfo($fileName, PATHINFO_FILENAME);
  132. $orioriFilename = explode("|", $originalFilename)[1];
  133. $originalFileExt = pathinfo($fileName, PATHINFO_EXTENSION);
  134. $fileExt = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));
  135. $filePath = $JAR_PATH . DIRECTORY_SEPARATOR . $fileName;
  136. if (filesize($filePath) <= APP_FILE_MAX_SIZE) {
  137. if ($fileExt = "jpg") {
  138. header("Content-Type: image/jpeg");
  139. } else {
  140. header("Content-Type: image/" . $fileExt);
  141. }
  142. //header("Content-Disposition: attachment; filename=" . $orioriFilename . ".$fileExt");
  143. echo(file_get_contents($filePath));
  144. exit(0);
  145. } else {
  146. die("file size over app limits.");
  147. }
  148. break;
  149. case "file":
  150. $avatar = filter_input(INPUT_GET, "av")??"";
  151. $avatar = strip_tags($avatar);
  152. $jar = (int)substr(strip_tags(filter_input(INPUT_GET, "jar")??""),0,1);
  153. if ($jar >= 1 && $jar <= 3) {
  154. } else {
  155. die("jar parameter error.");
  156. }
  157. $AVATAR_PATH = APP_DATA_PATH . DIRECTORY_SEPARATOR . $avatar;
  158. $JAR_PATH = $AVATAR_PATH . DIRECTORY_SEPARATOR . "magicjar" . $jar;
  159. $fileName = filter_input(INPUT_GET, "fn")??"";
  160. $fileName = strip_tags($fileName);
  161. $originalFilename = pathinfo($fileName, PATHINFO_FILENAME);
  162. $orioriFilename = explode("|", $originalFilename)[1];
  163. $originalFileExt = pathinfo($fileName, PATHINFO_EXTENSION);
  164. $fileExt = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));
  165. $filePath = $JAR_PATH . DIRECTORY_SEPARATOR . $fileName;
  166. if (filesize($filePath) <= APP_FILE_MAX_SIZE) {
  167. header("Content-Type: avatarfree/bin");
  168. header("Content-Disposition: attachment; filename=" . $orioriFilename . ".$fileExt");
  169. echo(file_get_contents($filePath));
  170. exit(0);
  171. } else {
  172. die("file size over app limits.");
  173. }
  174. break;
  175. default:
  176. define("SCRIPT_NAME", "home");
  177. define("SCRIPT_FILENAME", "home.php");
  178. define("AVATAR_NAME", $url);
  179. break;
  180. }
  181. if (SCRIPT_NAME==="err-404") {
  182. header("HTTP/1.1 404 Not Found");
  183. }
  184. require $scriptPath . "/" . SCRIPT_FILENAME;