index.php 7.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234
  1. <?php
  2. /**
  3. * Copyright (c) 2016, 2024, 5 Mode
  4. *
  5. * This file is part of Puzzleu.
  6. *
  7. * Puzzleu is free software: you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation, either version 3 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * Puzzleu is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with Puzzleu. If not, see <https://www.gnu.org/licenses/>.
  19. *
  20. * index.php
  21. *
  22. * Puzzleu index file.
  23. *
  24. * @author Daniele Bonini <my25mb@aol.com>
  25. * @copyrights (c) 2016, 2024, 5 Mode
  26. */
  27. require "../Private/core/init.inc";
  28. // FUNCTION AND VARIABLE DECLARATIONS
  29. $scriptPath = APP_SCRIPT_PATH;
  30. // PARAMETERS VALIDATION
  31. $url = filter_input(INPUT_GET, "url")??"";
  32. $url = strip_tags($url);
  33. $url = strtolower(trim(substr($url, 0, 300), "/"));
  34. switch ($url) {
  35. case "action":
  36. $scriptPath = APP_AJAX_PATH;
  37. define("SCRIPT_NAME", "action");
  38. define("SCRIPT_FILENAME", "action.php");
  39. break;
  40. case "err-404":
  41. $scriptPath = APP_ERROR_PATH;
  42. define("SCRIPT_NAME", "err-404");
  43. define("SCRIPT_FILENAME", "err-404.php");
  44. break;
  45. case "":
  46. case "home":
  47. if (defined("APP_HOME_PATH") && (APP_HOME_PATH !== PHP_STR) && is_readable(APP_HOME_PATH)) {
  48. define("SCRIPT_NAME", "homeproxy");
  49. define("SCRIPT_FILENAME", "homeproxy.php");
  50. } else {
  51. define("SCRIPT_NAME", "home");
  52. define("SCRIPT_FILENAME", "home.php");
  53. $pattern = APP_DATA_PATH . DIRECTORY_SEPARATOR . "*";
  54. $aAvatarPaths = glob($pattern, GLOB_ONLYDIR);
  55. if (empty($aAvatarPaths)) {
  56. die("<br>&nbsp;No avatar exists yet: type in the url with your avatar name like http://" . $_SERVER['HTTP_HOST']. "/&lt;your avatar&gt;.<br>&nbsp;Login with the password and drag-n-drop here all the resources you want to associate to it. <br><br>&nbsp;Links by text and first dropped picture will be your avatar image.");
  57. } else {
  58. define("AVATAR_NAME", basename($aAvatarPaths[0]));
  59. }
  60. }
  61. break;
  62. case "doc":
  63. $avatar = filter_input(INPUT_GET, "av")??"";
  64. $avatar = strip_tags($avatar);
  65. $AVATAR_PATH = APP_DATA_PATH . DIRECTORY_SEPARATOR . $avatar;
  66. $repo = filter_input(INPUT_GET, "re")??"";
  67. $repo = strip_tags($repo);
  68. switch ($repo) {
  69. case "cv":
  70. $REPO_PATH = $AVATAR_PATH . DIRECTORY_SEPARATOR . "cv";
  71. break;
  72. default:
  73. die("unknown parma value:".$repo);
  74. }
  75. $doc = filter_input(INPUT_GET, "doc")??"";
  76. $doc = strip_tags($doc);
  77. $originalFilename = pathinfo($doc, PATHINFO_FILENAME);
  78. $destFilename = explode("|",$originalFilename)[1];
  79. $originalFileExt = pathinfo($doc, PATHINFO_EXTENSION);
  80. $fileExt = strtolower(pathinfo($doc, PATHINFO_EXTENSION));
  81. $docPath = $REPO_PATH . DIRECTORY_SEPARATOR . $doc;
  82. if (filesize($docPath) <= APP_FILE_MAX_SIZE) {
  83. switch ($fileExt) {
  84. case "doc":
  85. header("Content-Type: application/msword");
  86. header('Content-Disposition: attachment; filename=' . $destFilename . '.doc');
  87. break;
  88. case "pdf":
  89. header("Content-Type: application/pdf");
  90. header('Content-Disposition: attachment; filename=' . $destFilename . '.pdf');
  91. break;
  92. default:
  93. die("unknown file extension.");
  94. }
  95. echo(file_get_contents($docPath));
  96. exit(0);
  97. } else {
  98. die("doc size over app limits.");
  99. }
  100. break;
  101. case "img":
  102. $avatar = filter_input(INPUT_GET, "av")??"";
  103. $avatar = strip_tags($avatar);
  104. $AVATAR_PATH = APP_DATA_PATH . DIRECTORY_SEPARATOR . $avatar;
  105. $BLOG_PATH = $AVATAR_PATH . DIRECTORY_SEPARATOR . "blog";
  106. $pic = filter_input(INPUT_GET, "pic")??"";
  107. $pic = strip_tags($pic);
  108. $originalFilename = pathinfo($pic, PATHINFO_FILENAME);
  109. $originalFileExt = pathinfo($pic, PATHINFO_EXTENSION);
  110. $fileExt = strtolower(pathinfo($pic, PATHINFO_EXTENSION));
  111. if ($pic === APP_DEF_PROFILE_PIC) {
  112. $picPath = APP_PATH . DIRECTORY_SEPARATOR . "static" . $pic;
  113. } else {
  114. $picPath = $BLOG_PATH . DIRECTORY_SEPARATOR . $pic;
  115. }
  116. if (filesize($picPath) <= APP_FILE_MAX_SIZE) {
  117. if ($fileExt === "jpg") {
  118. header("Content-Type: image/jpeg");
  119. } else {
  120. header("Content-Type: image/" . $fileExt);
  121. }
  122. echo(file_get_contents($picPath));
  123. exit(0);
  124. } else {
  125. die("picture size over app limits.");
  126. }
  127. break;
  128. case "imgj":
  129. $avatar = filter_input(INPUT_GET, "av")??"";
  130. $avatar = strip_tags($avatar);
  131. $jar = (int)substr(strip_tags(filter_input(INPUT_GET, "jar")??""),0,1);
  132. if ($jar >= 1 && $jar <= 3) {
  133. } else {
  134. die("jar parameter error.");
  135. }
  136. $AVATAR_PATH = APP_DATA_PATH . DIRECTORY_SEPARATOR . $avatar;
  137. $JAR_PATH = $AVATAR_PATH . DIRECTORY_SEPARATOR . "magicjar" . $jar;
  138. $fileName = filter_input(INPUT_GET, "fn")??"";
  139. $fileName = strip_tags($fileName);
  140. $originalFilename = pathinfo($fileName, PATHINFO_FILENAME);
  141. $orioriFilename = explode("|", $originalFilename)[1];
  142. $originalFileExt = pathinfo($fileName, PATHINFO_EXTENSION);
  143. $fileExt = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));
  144. $filePath = $JAR_PATH . DIRECTORY_SEPARATOR . $fileName;
  145. if (filesize($filePath) <= APP_FILE_MAX_SIZE) {
  146. if ($fileExt === "jpg") {
  147. header("Content-Type: image/jpeg");
  148. } else {
  149. header("Content-Type: image/" . $fileExt);
  150. }
  151. //header("Content-Disposition: attachment; filename=" . $orioriFilename . ".$fileExt");
  152. echo(file_get_contents($filePath));
  153. exit(0);
  154. } else {
  155. die("file size over app limits.");
  156. }
  157. break;
  158. case "file":
  159. $avatar = filter_input(INPUT_GET, "av")??"";
  160. $avatar = strip_tags($avatar);
  161. $jar = (int)substr(strip_tags(filter_input(INPUT_GET, "jar")??""),0,1);
  162. if ($jar >= 1 && $jar <= 3) {
  163. } else {
  164. die("jar parameter error.");
  165. }
  166. $AVATAR_PATH = APP_DATA_PATH . DIRECTORY_SEPARATOR . $avatar;
  167. $JAR_PATH = $AVATAR_PATH . DIRECTORY_SEPARATOR . "magicjar" . $jar;
  168. $fileName = filter_input(INPUT_GET, "fn")??"";
  169. $fileName = strip_tags($fileName);
  170. $originalFilename = pathinfo($fileName, PATHINFO_FILENAME);
  171. $orioriFilename = explode("|", $originalFilename)[1];
  172. $originalFileExt = pathinfo($fileName, PATHINFO_EXTENSION);
  173. $fileExt = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));
  174. $filePath = $JAR_PATH . DIRECTORY_SEPARATOR . $fileName;
  175. if (filesize($filePath) <= APP_FILE_MAX_SIZE) {
  176. header("Content-Type: avatarfree/bin");
  177. header("Content-Disposition: attachment; filename=" . $orioriFilename . ".$fileExt");
  178. echo(file_get_contents($filePath));
  179. exit(0);
  180. } else {
  181. die("file size over app limits.");
  182. }
  183. break;
  184. default:
  185. define("SCRIPT_NAME", "home");
  186. define("SCRIPT_FILENAME", "home.php");
  187. define("AVATAR_NAME", $url);
  188. break;
  189. }
  190. if (SCRIPT_NAME==="err-404") {
  191. header("HTTP/1.1 404 Not Found");
  192. }
  193. require $scriptPath . "/" . SCRIPT_FILENAME;