public.php
3.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<?php
/**
* ownCloud
*
* @author Thomas Müller
* @copyright 2013 Thomas Müller deepdiver@owncloud.com
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
\OCP\JSON::checkAppEnabled('gallery');
OCP\Util::addStyle('gallery', 'styles');
if (isset($_GET['t'])) {
$token = $_GET['t'];
$linkItem = \OCP\Share::getShareByToken($token);
if (is_array($linkItem) && isset($linkItem['uid_owner'])) {
// seems to be a valid share
$type = $linkItem['item_type'];
$fileSource = $linkItem['file_source'];
$shareOwner = $linkItem['uid_owner'];
$path = null;
$rootLinkItem = \OCP\Share::resolveReShare($linkItem);
$fileOwner = $rootLinkItem['uid_owner'];
$albumName = trim($linkItem['file_target'], '//');
$ownerDisplayName = \OC_User::getDisplayName($fileOwner);
// stupid copy and paste job
if (isset($linkItem['share_with'])) {
// Authenticate share_with
$url = OCP\Util::linkToPublic('gallery') . '&t=' . $token;
if (isset($_GET['file'])) {
$url .= '&file=' . urlencode($_GET['file']);
} else {
if (isset($_GET['dir'])) {
$url .= '&dir=' . urlencode($_GET['dir']);
}
}
if (isset($_POST['password'])) {
$password = $_POST['password'];
if ($linkItem['share_type'] == OCP\Share::SHARE_TYPE_LINK) {
// Check Password
$forcePortable = (CRYPT_BLOWFISH != 1);
$hasher = new PasswordHash(8, $forcePortable);
if (!($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''),
$linkItem['share_with']))) {
OCP\Util::addStyle('files_sharing', 'authenticate');
$tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');
$tmpl->assign('URL', $url);
$tmpl->assign('wrongpw', true);
$tmpl->printPage();
exit();
} else {
// Save item id in session for future requests
\OC::$session->set('public_link_authenticated', $linkItem['id']);
}
} else {
OCP\Util::writeLog('share', 'Unknown share type '.$linkItem['share_type']
.' for share id '.$linkItem['id'], \OCP\Util::ERROR);
header('HTTP/1.0 404 Not Found');
$tmpl = new OCP\Template('', '404', 'guest');
$tmpl->printPage();
exit();
}
} else {
// Check if item id is set in session
if ( ! \OC::$session->exists('public_link_authenticated')
|| \OC::$session->get('public_link_authenticated') !== $linkItem['id']
) {
// Prompt for password
OCP\Util::addStyle('files_sharing', 'authenticate');
$tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');
$tmpl->assign('URL', $url);
$tmpl->printPage();
exit();
}
}
}
// render template
$tmpl = new \OCP\Template('gallery', 'public', 'base');
OCP\Util::addScript('gallery', 'gallery');
OCP\Util::addScript('gallery', 'thumbnail');
OCP\Util::addStyle('gallery', 'public');
$tmpl->assign('token', $token);
$tmpl->assign('displayName', $ownerDisplayName);
$tmpl->assign('albumName', $albumName);
$tmpl->printPage();
exit;
}
}
$tmpl = new OCP\Template('', '404', 'guest');
$tmpl->printPage();