index.php 7.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229
  1. <?php
  2. /**
  3. * Copyright (c) 2016, 2024, 5 Mode
  4. *
  5. * This file is part of Faceborg.
  6. *
  7. * Faceborg is free software: you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation, either version 3 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * Faceborg is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with Faceborg. If not, see <https://www.gnu.org/licenses/>.
  19. *
  20. * index.php
  21. *
  22. * Faceborg index file.
  23. *
  24. * @author Daniele Bonini <my25mb@aol.com>
  25. * @copyrights (c) 2016, 2024, 5 Mode
  26. */
  27. require "../Private/core/init.inc";
  28. // FUNCTION AND VARIABLE DECLARATIONS
  29. $scriptPath = APP_SCRIPT_PATH;
  30. // PARAMETERS VALIDATION
  31. $url = filter_input(INPUT_GET, "url")??"";
  32. $url = strip_tags($url);
  33. $url = strtolower(trim(substr($url, 0, 300), "/"));
  34. switch ($url) {
  35. case "action":
  36. $scriptPath = APP_AJAX_PATH;
  37. define("SCRIPT_NAME", "action");
  38. define("SCRIPT_FILENAME", "action.php");
  39. break;
  40. case "":
  41. case "home":
  42. if (defined("APP_HOME_PATH") && (APP_HOME_PATH !== PHP_STR) && is_readable(APP_HOME_PATH)) {
  43. define("SCRIPT_NAME", "homeproxy");
  44. define("SCRIPT_FILENAME", "homeproxy.php");
  45. } else {
  46. define("SCRIPT_NAME", "home");
  47. define("SCRIPT_FILENAME", "home.php");
  48. $pattern = APP_DATA_PATH . DIRECTORY_SEPARATOR . "*";
  49. $aAvatarPaths = glob($pattern, GLOB_ONLYDIR);
  50. if (empty($aAvatarPaths)) {
  51. die("<br>&nbsp;No avatar exists yet: type in the url with your avatar name like http://" . $_SERVER['HTTP_HOST']. "/&lt;your avatar&gt;.<br>&nbsp;Login with the password and drag-n-drop here all the resources you want to associate to it. <br><br>&nbsp;Links by text and first dropped picture will be your avatar image.");
  52. } else {
  53. define("AVATAR_NAME", basename($aAvatarPaths[0]));
  54. }
  55. }
  56. break;
  57. case "doc":
  58. $avatar = filter_input(INPUT_GET, "av")??"";
  59. $avatar = strip_tags($avatar);
  60. $AVATAR_PATH = APP_DATA_PATH . DIRECTORY_SEPARATOR . $avatar;
  61. $repo = filter_input(INPUT_GET, "re")??"";
  62. $repo = strip_tags($repo);
  63. switch ($repo) {
  64. case "cv":
  65. $REPO_PATH = $AVATAR_PATH . DIRECTORY_SEPARATOR . "cv";
  66. break;
  67. default:
  68. die("unknown parma value:".$repo);
  69. }
  70. $doc = filter_input(INPUT_GET, "doc")??"";
  71. $doc = strip_tags($doc);
  72. $originalFilename = pathinfo($doc, PATHINFO_FILENAME);
  73. $destFilename = explode("|",$originalFilename)[1];
  74. $originalFileExt = pathinfo($doc, PATHINFO_EXTENSION);
  75. $fileExt = strtolower(pathinfo($doc, PATHINFO_EXTENSION));
  76. $docPath = $REPO_PATH . DIRECTORY_SEPARATOR . $doc;
  77. if (filesize($docPath) <= APP_FILE_MAX_SIZE) {
  78. switch ($fileExt) {
  79. case "doc":
  80. header("Content-Type: application/msword");
  81. header('Content-Disposition: attachment; filename=' . $destFilename . '.doc');
  82. break;
  83. case "pdf":
  84. header("Content-Type: application/pdf");
  85. header('Content-Disposition: attachment; filename=' . $destFilename . '.pdf');
  86. break;
  87. default:
  88. die("unknown file extension.");
  89. }
  90. echo(file_get_contents($docPath));
  91. exit(0);
  92. } else {
  93. die("doc size over app limits.");
  94. }
  95. break;
  96. case "img":
  97. $avatar = filter_input(INPUT_GET, "av")??"";
  98. $avatar = strip_tags($avatar);
  99. $AVATAR_PATH = APP_DATA_PATH . DIRECTORY_SEPARATOR . $avatar;
  100. $GALLERY_PATH = $AVATAR_PATH . DIRECTORY_SEPARATOR . "gallery";
  101. $pic = filter_input(INPUT_GET, "pic")??"";
  102. $pic = strip_tags($pic);
  103. $originalFilename = pathinfo($pic, PATHINFO_FILENAME);
  104. $originalFileExt = pathinfo($pic, PATHINFO_EXTENSION);
  105. $fileExt = strtolower(pathinfo($pic, PATHINFO_EXTENSION));
  106. if ($pic === APP_DEF_PROFILE_PIC) {
  107. $picPath = APP_PATH . DIRECTORY_SEPARATOR . "static" . $pic;
  108. } else {
  109. $picPath = $GALLERY_PATH . DIRECTORY_SEPARATOR . $pic;
  110. }
  111. if (filesize($picPath) <= APP_FILE_MAX_SIZE) {
  112. if ($fileExt === "jpg") {
  113. header("Content-Type: image/jpeg");
  114. } else {
  115. header("Content-Type: image/" . $fileExt);
  116. }
  117. echo(file_get_contents($picPath));
  118. exit(0);
  119. } else {
  120. die("picture size over app limits.");
  121. }
  122. break;
  123. case "imgj":
  124. $avatar = filter_input(INPUT_GET, "av")??"";
  125. $avatar = strip_tags($avatar);
  126. $jar = (int)substr(strip_tags(filter_input(INPUT_GET, "jar")??""),0,1);
  127. if ($jar >= 1 && $jar <= 3) {
  128. } else {
  129. die("jar parameter error.");
  130. }
  131. $AVATAR_PATH = APP_DATA_PATH . DIRECTORY_SEPARATOR . $avatar;
  132. $JAR_PATH = $AVATAR_PATH . DIRECTORY_SEPARATOR . "magicjar" . $jar;
  133. $fileName = filter_input(INPUT_GET, "fn")??"";
  134. $fileName = strip_tags($fileName);
  135. $originalFilename = pathinfo($fileName, PATHINFO_FILENAME);
  136. $orioriFilename = explode("|", $originalFilename)[1];
  137. $originalFileExt = pathinfo($fileName, PATHINFO_EXTENSION);
  138. $fileExt = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));
  139. $filePath = $JAR_PATH . DIRECTORY_SEPARATOR . $fileName;
  140. if (filesize($filePath) <= APP_FILE_MAX_SIZE) {
  141. if ($fileExt === "jpg") {
  142. header("Content-Type: image/jpeg");
  143. } else {
  144. header("Content-Type: image/" . $fileExt);
  145. }
  146. //header("Content-Disposition: attachment; filename=" . $orioriFilename . ".$fileExt");
  147. echo(file_get_contents($filePath));
  148. exit(0);
  149. } else {
  150. die("file size over app limits.");
  151. }
  152. break;
  153. case "file":
  154. $avatar = filter_input(INPUT_GET, "av")??"";
  155. $avatar = strip_tags($avatar);
  156. $jar = (int)substr(strip_tags(filter_input(INPUT_GET, "jar")??""),0,1);
  157. if ($jar >= 1 && $jar <= 3) {
  158. } else {
  159. die("jar parameter error.");
  160. }
  161. $AVATAR_PATH = APP_DATA_PATH . DIRECTORY_SEPARATOR . $avatar;
  162. $JAR_PATH = $AVATAR_PATH . DIRECTORY_SEPARATOR . "magicjar" . $jar;
  163. $fileName = filter_input(INPUT_GET, "fn")??"";
  164. $fileName = strip_tags($fileName);
  165. $originalFilename = pathinfo($fileName, PATHINFO_FILENAME);
  166. $orioriFilename = explode("|", $originalFilename)[1];
  167. $originalFileExt = pathinfo($fileName, PATHINFO_EXTENSION);
  168. $fileExt = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));
  169. $filePath = $JAR_PATH . DIRECTORY_SEPARATOR . $fileName;
  170. if (filesize($filePath) <= APP_FILE_MAX_SIZE) {
  171. header("Content-Type: avatarfree/bin");
  172. header("Content-Disposition: attachment; filename=" . $orioriFilename . ".$fileExt");
  173. echo(file_get_contents($filePath));
  174. exit(0);
  175. } else {
  176. die("file size over app limits.");
  177. }
  178. break;
  179. default:
  180. define("SCRIPT_NAME", "home");
  181. define("SCRIPT_FILENAME", "home.php");
  182. define("AVATAR_NAME", $url);
  183. break;
  184. }
  185. if (SCRIPT_NAME==="err-404") {
  186. header("HTTP/1.1 404 Not Found");
  187. }
  188. require $scriptPath . "/" . SCRIPT_FILENAME;