Skip to content
Snippets Groups Projects
Select Git revision
  • c943c9baa50578ceb94be2bbca8fcb5ec895a8d1
  • master default protected
  • update-appmonitor
3 results

index.php

Blame
  • user avatar
    Hahn Axel (hahn) authored
    c943c9ba
    History
    index.php 2.88 KiB
    <?php
    /* ======================================================================
     * 
     * A P I   F O R   C I   P A C K A G E   S E R V E R
     * 
     * GET  /packages/[phase]/[ID]/[filename]
     * 
     * ----------------------------------------------------------------------
     * 2021-03-31  v0.0  <axel.hahn@iml.unibe.ch>  init
     * ======================================================================
     */
    
        $bDebug=false;
        ini_set('display_errors', 1);
        ini_set('display_startup_errors', 1);
        error_reporting(E_ALL);
    
        require_once('../inc_functions.php');
        $aConfig=require_once("../inc_config.php");
        
        $lockfile=$aConfig['tmpdir'].'/used_hashes.txt';
        $iMaxAge=$aConfig['maxage'];
    
    
        // ----------------------------------------------------------------------
        // MAIN
        // ----------------------------------------------------------------------
    
        _wd('Start: '.date('Y-m-d H:i:s').'<style>body{background:#eee; color:#456;}
                .debug{background:#ddd; margin-bottom: 2px;}
             </style>');
    
        _wd('request uri is '.$_SERVER["REQUEST_URI"]); 
        _wd('<pre>GET: '.print_r($_GET, 1).'</pre>');
    
        // verify hashed secret
        $sMyHash=_checkAuth($aConfig['apikey'], $iMaxAge);
        // if I am here then authentication was successful.
    
        // limit to one time usage of a hash
        if($aConfig['onetimesecret']){
            if(_checkIfHashWasUsedAlready($lockfile, $sMyHash)) {
                _quit('Access denied. The hashed was used already.', 403);
            }
            _cleanupLockdata($lockfile, $aConfig['maxlockfilesize'], $iMaxAge);
            
            // first item must be unix ts followed by "-" char ... see 
            // _cleanupLockdata() to detect outdated data lines
            file_put_contents($lockfile, date('U').'-'.date('Y-m-d__H:i:s').'-'.$sMyHash."\n", FILE_APPEND);
        }
        
        // ---------- SPLIT URL
        
        $sRelfile=preg_replace('#^/packages#', '', $_SERVER["REQUEST_URI"]);
        _wd('$sRelfile: '.$sRelfile);  
    
        // prevent going up a directory
        if (strstr($sRelfile, '..')){
            _quit('Bad request. Invalid access to [..].', 400);
        }
        
        $sMyFile=$aConfig['packagedir'].$sRelfile;
        _wd('full path of file: '.$sMyFile);
        
        // handle a requested directory
        if (is_dir($sMyFile)){
            if(!$aConfig['showdircontent']){
                _quit('Filelisting is denied by config.', 403);
            } else {
                foreach( array_diff(scandir($sMyFile), array('.', '..')) as $sEntry){
                    echo filetype($sMyFile.'/'.$sEntry).':'.str_replace($aConfig['packagedir'], '_', $sEntry).PHP_EOL;
                }
                die();
            }
        }
    
        if (!file_exists($sMyFile)){
            _quit('File not found.', 404);
        }
        
        // let the webserver deliver a given file 
        header('X-Sendfile: ' . $sMyFile);
    
    // ======================================================================