-
Notifications
You must be signed in to change notification settings - Fork 6
/
mavo-backend.php
157 lines (148 loc) · 4.11 KB
/
mavo-backend.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
<?php
@session_start();
$datas = file_get_contents('php://input');
$status = false;
$finalData = array();
$isLogged = false;
// Globally adding the logged state
if (isset($_SESSION['user']) && $_SESSION['user']['isLogged']) {
$isLogged = true;
}
// Function to know if local file exists, or if it can be created
function data_exists($filePath = '') {
if (trim($filePath) === '') {
return false;
}
if (file_exists($filePath)) {
$file = realpath($filePath);
return is_writable($file);
} else {
return touch($filePath);
}
}
// Defaults _GET
if (!isset($_GET['source'])) {
$_GET['source'] = '';
}
if (!isset($_GET['action'])) {
$_GET['action'] = 'login';
}
switch ($_GET['action']) {
case 'putFile': {
if ($isLogged && data_exists($_GET['source'])) {
// Upload a file
if (isset($_GET['file']) && !empty($_GET['file'])) {
// We got a filename
$filename = $_GET['file'];
} else {
// We have to make a random name
$filename = uniqid();
}
// Trying to sanitize filename with some light PHP
$filename_san = filter_var($filename, FILTER_SANITIZE_URL);
if ($filename_san !== false) {
$filename = $filename_san;
}
if (isset($_GET['path'])) {
// Path given, let's try to write to it
$path = explode(DIRECTORY_SEPARATOR, $_GET['path']);
array_pop($path);
$finalPath = implode(DIRECTORY_SEPARATOR, $path);
if (file_exists($finalPath) && is_dir($finalPath) && is_writeable($finalPath)) {
// File path exists, is a dir and is writeable. Almost perfect !
if (substr($finalPath, -1) === DIRECTORY_SEPARATOR) {
// Remove the trailing sla...DIRECTORY_SEPARATOR
$finalPath = substr($finalPath, 0, -1);
}
} else {
// By default, the current dir
$finalPath = __DIR__;
}
} else {
// By default, the current dir
$finalPath = __DIR__;
}
// Setting the final path
$filename = $finalPath . DIRECTORY_SEPARATOR . $filename;
// Find if file exists
if (file_exists($filename)) {
// Make a unique-ish name with a timestamp
$fileInfo = pathinfo($filename);
if (isset($fileInfo['extension'])) {
// If we got the extension, we only keep file name before adding path
$filename = $fileInfo['filename'];
} else {
// No extension ? Well, why not
$fileInfo['extension'] = '';
}
// Then add the time()
$filename = $filename . '-' . time() . '.' . $fileInfo['extension'];
// Then the add filepath, again
$filename = $finalPath . DIRECTORY_SEPARATOR . $filename;
}
// Write to server
$status = file_put_contents($filename, base64_decode($datas));
if ($status) {
//Send back some info about file
$fileInfo = stat($filename);
} else {
//Send empty info
$fileInfo = array(
'size' => 0,
'type' => ''
);
}
$finalData = array(
'file' => $filename,
// The truth is, I don't need it, but hum...you know, data, decisions, things...
'size' => $fileInfo['size']
);
}
}
break;
case 'putData': {
if ($isLogged && data_exists($_GET['source'])) {
$resWrite = file_put_contents($_GET['source'], $datas);
if ($resWrite !== false) {
$status = true;
}
} else {
$finalData['debug'] = array(
'isLogged' => $isLogged,
'data_exists' => data_exists($_GET['source']),
'source' => $_GET['source']
);
}
}
break;
case 'login': {
if ($isLogged) {
// If user logged, send user data
$finalData = $_SESSION['user'];
$status = true;
} else {
// Return login form
$finalData = array(
'loginUrl' => './login.php?ref=' . $_SERVER['HTTP_REFERER']
);
$status = false;
}
}
break;
case 'logout': {
if ($isLogged) {
unset($_SESSION['user']);
}
$status = (!isset($_SESSION['user']));
}
break;
default: {
$finalData = array('action' => $_GET['action']);
$status = false;
}
break;
}
echo json_encode(array(
'status' => $status,
'data' => $finalData
));