index.php 6.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207
  1. <?php
  2. /**
  3. * Copyright (c) 2016, 2024, 5 Mode
  4. *
  5. * This file is part of Avatar Free.
  6. *
  7. * Avatar Free is free software: you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation, either version 3 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * Avatar Free is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with Avatar Free. If not, see <https://www.gnu.org/licenses/>.
  19. *
  20. * index.php
  21. *
  22. * Avatar Free index file.
  23. *
  24. * @author Daniele Bonini <my25mb@aol.com>
  25. * @copyrights (c) 2016, 2024, 5 Mode
  26. * @license https://opensource.org/licenses/BSD-3-Clause
  27. */
  28. require "../Private/core/init.inc";
  29. // FUNCTION AND VARIABLE DECLARATIONS
  30. $scriptPath = APP_SCRIPT_PATH;
  31. // PARAMETERS VALIDATION
  32. $url = strtolower(trim(substr(filter_input(INPUT_GET, "url", FILTER_SANITIZE_STRING), 0, 300), "/"));
  33. switch ($url) {
  34. case "action":
  35. $scriptPath = APP_AJAX_PATH;
  36. define("SCRIPT_NAME", "action");
  37. define("SCRIPT_FILENAME", "action.php");
  38. break;
  39. case "":
  40. case "home":
  41. define("SCRIPT_NAME", "home");
  42. define("SCRIPT_FILENAME", "home.php");
  43. $pattern = APP_DATA_PATH . DIRECTORY_SEPARATOR . "*";
  44. $aAvatarPaths = glob($pattern, GLOB_ONLYDIR);
  45. if (empty($aAvatarPaths)) {
  46. die("<br>&nbsp;No avatar exists yet: type in the url with your avatar name like http://" . $_SERVER['HTTP_HOST']. "/&lt;your avatar&gt;.<br>&nbsp;Login with the password and drag-n-drop here all the resources you want to associate to it. <br><br>&nbsp;Links by text and first dropped picture will be your avatar image.");
  47. } else {
  48. define("AVATAR_NAME", basename($aAvatarPaths[0]));
  49. }
  50. break;
  51. case "doc":
  52. $avatar = filter_input(INPUT_GET, "av", FILTER_SANITIZE_STRING);
  53. $AVATAR_PATH = APP_DATA_PATH . DIRECTORY_SEPARATOR . $avatar;
  54. $repo = filter_input(INPUT_GET, "re", FILTER_SANITIZE_STRING);
  55. switch ($repo) {
  56. case "cv":
  57. $REPO_PATH = $AVATAR_PATH . DIRECTORY_SEPARATOR . "cv";
  58. break;
  59. default:
  60. die("unknown parma value:".$repo);
  61. }
  62. $doc = filter_input(INPUT_GET, "doc", FILTER_SANITIZE_STRING);
  63. $originalFilename = pathinfo($doc, PATHINFO_FILENAME);
  64. $destFilename = explode("|",$originalFilename)[1];
  65. $originalFileExt = pathinfo($doc, PATHINFO_EXTENSION);
  66. $fileExt = strtolower(pathinfo($doc, PATHINFO_EXTENSION));
  67. $docPath = $REPO_PATH . DIRECTORY_SEPARATOR . $doc;
  68. if (filesize($docPath) <= APP_FILE_MAX_SIZE) {
  69. switch ($fileExt) {
  70. case "doc":
  71. header("Content-Type: application/msword");
  72. header('Content-Disposition: attachment; filename=' . $destFilename . '.doc');
  73. break;
  74. case "pdf":
  75. header("Content-Type: application/pdf");
  76. header('Content-Disposition: attachment; filename=' . $destFilename . '.pdf');
  77. break;
  78. default:
  79. die("unknown file extension.");
  80. }
  81. echo(file_get_contents($docPath));
  82. } else {
  83. die("doc size over app limits.");
  84. }
  85. break;
  86. case "img":
  87. $avatar = filter_input(INPUT_GET, "av", FILTER_SANITIZE_STRING);
  88. $AVATAR_PATH = APP_DATA_PATH . DIRECTORY_SEPARATOR . $avatar;
  89. $GALLERY_PATH = $AVATAR_PATH . DIRECTORY_SEPARATOR . "gallery";
  90. $pic = filter_input(INPUT_GET, "pic", FILTER_SANITIZE_STRING);
  91. $originalFilename = pathinfo($pic, PATHINFO_FILENAME);
  92. $originalFileExt = pathinfo($pic, PATHINFO_EXTENSION);
  93. $fileExt = strtolower(pathinfo($pic, PATHINFO_EXTENSION));
  94. if ($pic === APP_DEF_PROFILE_PIC) {
  95. $picPath = APP_PATH . DIRECTORY_SEPARATOR . "static" . $pic;
  96. } else {
  97. $picPath = $GALLERY_PATH . DIRECTORY_SEPARATOR . $pic;
  98. }
  99. if (filesize($picPath) <= APP_FILE_MAX_SIZE) {
  100. if ($fileExt = "jpg") {
  101. header("Content-Type: image/jpeg");
  102. } else {
  103. header("Content-Type: image/" . $fileExt);
  104. }
  105. echo(file_get_contents($picPath));
  106. } else {
  107. die("picture size over app limits.");
  108. }
  109. break;
  110. case "imgj":
  111. $avatar = filter_input(INPUT_GET, "av", FILTER_SANITIZE_STRING);
  112. $jar = (int)substr(filter_input(INPUT_GET, "jar", FILTER_SANITIZE_STRING),0,1);
  113. if ($jar >= 1 && $jar <= 3) {
  114. } else {
  115. die("jar parameter error.");
  116. }
  117. $AVATAR_PATH = APP_DATA_PATH . DIRECTORY_SEPARATOR . $avatar;
  118. $JAR_PATH = $AVATAR_PATH . DIRECTORY_SEPARATOR . "magicjar" . $jar;
  119. $fileName = filter_input(INPUT_GET, "fn", FILTER_SANITIZE_STRING);
  120. $originalFilename = pathinfo($fileName, PATHINFO_FILENAME);
  121. $orioriFilename = explode("|", $originalFilename)[1];
  122. $originalFileExt = pathinfo($fileName, PATHINFO_EXTENSION);
  123. $fileExt = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));
  124. $filePath = $JAR_PATH . DIRECTORY_SEPARATOR . $fileName;
  125. if (filesize($filePath) <= APP_FILE_MAX_SIZE) {
  126. if ($fileExt = "jpg") {
  127. header("Content-Type: image/jpeg");
  128. } else {
  129. header("Content-Type: image/" . $fileExt);
  130. }
  131. //header("Content-Disposition: attachment; filename=" . $orioriFilename . ".$fileExt");
  132. echo(file_get_contents($filePath));
  133. } else {
  134. die("file size over app limits.");
  135. }
  136. break;
  137. case "file":
  138. $avatar = filter_input(INPUT_GET, "av", FILTER_SANITIZE_STRING);
  139. $jar = (int)substr(filter_input(INPUT_GET, "jar", FILTER_SANITIZE_STRING),0,1);
  140. if ($jar >= 1 && $jar <= 3) {
  141. } else {
  142. die("jar parameter error.");
  143. }
  144. $AVATAR_PATH = APP_DATA_PATH . DIRECTORY_SEPARATOR . $avatar;
  145. $JAR_PATH = $AVATAR_PATH . DIRECTORY_SEPARATOR . "magicjar" . $jar;
  146. $fileName = filter_input(INPUT_GET, "fn", FILTER_SANITIZE_STRING);
  147. $originalFilename = pathinfo($fileName, PATHINFO_FILENAME);
  148. $orioriFilename = explode("|", $originalFilename)[1];
  149. $originalFileExt = pathinfo($fileName, PATHINFO_EXTENSION);
  150. $fileExt = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));
  151. $filePath = $JAR_PATH . DIRECTORY_SEPARATOR . $fileName;
  152. if (filesize($filePath) <= APP_FILE_MAX_SIZE) {
  153. header("Content-Type: avatarfree/bin");
  154. header("Content-Disposition: attachment; filename=" . $orioriFilename . ".$fileExt");
  155. echo(file_get_contents($filePath));
  156. } else {
  157. die("file size over app limits.");
  158. }
  159. break;
  160. default:
  161. define("SCRIPT_NAME", "home");
  162. define("SCRIPT_FILENAME", "home.php");
  163. define("AVATAR_NAME", $url);
  164. break;
  165. }
  166. if (SCRIPT_NAME==="err-404") {
  167. header("HTTP/1.1 404 Not Found");
  168. }
  169. require $scriptPath . "/" . SCRIPT_FILENAME;